Issues: code-423n4/2023-03-mute-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-01
grade-b
#43
opened Apr 3, 2023 by
code423n4
Award is still distributed when there aren't any stakers, allowing users to get reward without staking
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
M-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#41
opened Apr 3, 2023 by
code423n4
A user can 'borrow' dMute balance for a single block to increase their amplifier APY
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#36
opened Apr 3, 2023 by
code423n4
MuteAmplifier.rescueTokens()
checks the wrong condition for muteToken
2 (Med Risk)
#32
opened Apr 3, 2023 by
code423n4
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-02
grade-a
selected for report
This submission will be included/highlighted in the audit report
#31
opened Apr 3, 2023 by
code423n4
Bond max-buyer might end up buying the max buy of the next epoch
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#25
opened Apr 3, 2023 by
code423n4
Attacker can front-run Bond buyer and make them buy it for a lower payout than expected
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#24
opened Apr 3, 2023 by
code423n4
An edge case in amplifier allows user to stake after end time, causing reward to be locked in the contract
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-04
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#23
opened Apr 3, 2023 by
code423n4
MuteBond is susceptible to DOS
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#22
opened Apr 3, 2023 by
code423n4
Amplifier users might not get all the LP fees they are entitled to
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-06
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#21
opened Apr 3, 2023 by
code423n4
MuteAmplifier.sol: multiplier calculation is incorrect which leads to loss of rewards for almost all stakers
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-07
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#19
opened Apr 2, 2023 by
code423n4
MuteAmplifier.sol: rescueTokens function does not prevent fee tokens from being transferred
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-08
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#18
opened Apr 1, 2023 by
code423n4
QA Report
bug
Something isn't working
edited-by-warden
grade-a
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
#17
opened Apr 1, 2023 by
code423n4
MuteBond.sol: When maxPayout is lowered the contract can end up DOSed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-09
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#14
opened Mar 31, 2023 by
code423n4
deposit() might fail to enforce the minimum Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-a
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
payout
constraint near the end of an epoch.
bug
#8
opened Mar 30, 2023 by
code423n4
dMute.sol: Attacker can push lock items to victim's array such that redemptions are forever blocked
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-03
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#6
opened Mar 30, 2023 by
code423n4
QA Report
bug
Something isn't working
edited-by-warden
grade-a
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#5
opened Mar 29, 2023 by
code423n4
Division-before-multiplication precision loss issue for update()
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-a
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#4
opened Mar 29, 2023 by
code423n4
Gas Optimizations
bug
Something isn't working
edited-by-warden
G (Gas Optimization)
G-03
grade-a
#2
opened Mar 28, 2023 by
code423n4
ProTip!
Add no:assignee to see everything that’s not assigned.