-
Notifications
You must be signed in to change notification settings - Fork 4
Issues: code-423n4/2022-12-tigris-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-07
grade-b
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#663
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-b
Q-12
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#662
opened Dec 16, 2022 by
code423n4
Not enough margin pulled or burned from user when adding to a position
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-11
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#659
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-b
Q-11
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#658
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-a
Q-10
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#657
opened Dec 16, 2022 by
code423n4
Chainlink price feed is not sufficiently validated and can return stale price
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-24
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#655
opened Dec 16, 2022 by
code423n4
Governance NFT holder, whose NFT was minted before Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
downgraded by judge
Judge downgraded the risk level of this issue
M-23
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Trading._handleOpenFees
function is called, can lose deserved rewards after Trading._handleOpenFees
function is called
2 (Med Risk)
#649
opened Dec 16, 2022 by
code423n4
Unreleased locks cause the reward distribution to be flawed in BondNFT
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-22
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#630
opened Dec 16, 2022 by
code423n4
User can abuse tight stop losses and high leverage to make risk free trades
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-10
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#622
opened Dec 16, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-06
grade-a
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#617
opened Dec 16, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-05
grade-a
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#608
opened Dec 16, 2022 by
code423n4
executeLimitOrder()
modifies open-interest with a wrong position value
2 (Med Risk)
#576
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-b
Q-09
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#572
opened Dec 16, 2022 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-04
grade-a
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#550
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-b
Q-08
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#543
opened Dec 16, 2022 by
code423n4
Trading#initiateMarketOrder allows to open a position with more margin than expected due to _handleOpenFees wrong calculation when a trade is referred
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-20
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#542
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-b
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#535
opened Dec 16, 2022 by
code423n4
_handleDeposit
and _handleWithdraw
do not account for tokens with decimals higher than 18
2 (Med Risk)
#533
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-a
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#517
opened Dec 16, 2022 by
code423n4
StopLoss/TakeProfit should be validated again for the new price in Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-18
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Trading.executeLimitOrder()
2 (Med Risk)
#512
opened Dec 16, 2022 by
code423n4
Users can bypass the Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
H-09
judge review requested
Judge should review this issue
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
maxWinPercent
limit using a partially closing
3 (High Risk)
#507
opened Dec 16, 2022 by
code423n4
User can close an order via Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
judge review requested
Judge should review this issue
M-17
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
limitClose()
, and take bot fees to themselves
2 (Med Risk)
#468
opened Dec 16, 2022 by
code423n4
Incorrect Assumption of Stablecoin Market Stability
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-08
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#462
opened Dec 16, 2022 by
code423n4
QA Report
bug
Something isn't working
grade-a
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#445
opened Dec 16, 2022 by
code423n4
distribute() won't update epoch[tigAsset] when totalShares[tigAsset]==0 which can cause later created bond for this tigAsset to have wrong mint epoch
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-16
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#436
opened Dec 16, 2022 by
code423n4
Previous Next
ProTip!
no:milestone will show everything without a milestone.