Skip to content

Issues: code-423n4/2021-10-defiprotocol-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

71 Open 20 Closed
71 Open 20 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Set initial value for lastFee bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#91 opened Oct 10, 2021 by code423n4
1
Cache factory.ownerSplit() bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#89 opened Oct 10, 2021 by code423n4
1
Cache basketAsERC20.totalSupply() bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#88 opened Oct 10, 2021 by code423n4
2
There may be no bounties or user is not interested in any of them bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#87 opened Oct 10, 2021 by code423n4
1
How much to approve before calling mintTo 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#86 opened Oct 10, 2021 by code423n4
1
createBasket re-entrancy 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#85 opened Oct 10, 2021 by code423n4
1
Validations 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#84 opened Oct 10, 2021 by code423n4
1
Missing events for owner only functions that change critical parameters 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#82 opened Oct 10, 2021 by code423n4
3
Missing events for basket only functions that change critical parameters 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#81 opened Oct 10, 2021 by code423n4
2
Sensitive variables should not be able to be changed easily 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#80 opened Oct 10, 2021 by code423n4
1
Fee on transfer tokens do not work within the protocol 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#78 opened Oct 10, 2021 by code423n4
1
Lack of Documentation on key functions 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#77 opened Oct 10, 2021 by code423n4
1
Input Validation on Factory.sol 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#75 opened Oct 10, 2021 by code423n4
1
Increase optimizer runs bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#74 opened Oct 10, 2021 by code423n4
1
Remove hardhat import 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#73 opened Oct 10, 2021 by code423n4
1
uint256 can be lowered to unitX with X < 256 in some cases bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#72 opened Oct 10, 2021 by code423n4
1
Unchecked modifiers should be used when over/under-flow isnt an issue to save gas bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#71 opened Oct 10, 2021 by code423n4
1
Uninitialized variables are automatically set to 0 bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#70 opened Oct 10, 2021 by code423n4
1
Basket.sol should use the Upgradeable variant of OpenZeppelin Contracts 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#68 opened Oct 10, 2021 by code423n4
1
Basket.sol#changePublisher() Remove redundant assertion can save gas bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#64 opened Oct 10, 2021 by code423n4
1
Basket: No need for initialized variable bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#63 opened Oct 10, 2021 by code423n4
1
Basket.sol#changeLicenseFee() Remove redundant check can save gas bug Warden finding G (Gas Optimization) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#62 opened Oct 10, 2021 by code423n4
1
Basket.sol#changePublisher() Insufficient input validation 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#61 opened Oct 10, 2021 by code423n4
1
Basket.sol should have methods to cancel pending changes 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#60 opened Oct 10, 2021 by code423n4
1
Basket.sol#mint() Malfunction due to extra nonReentrant modifier 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#59 opened Oct 10, 2021 by code423n4
1
ProTip! Find all open issues with in progress development work with linked:pr.