Skip to content

Issues: code-423n4/2021-10-pooltogether-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

41 Open 23 Closed
41 Open 23 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Inaccurate Revert Message 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#63 opened Oct 14, 2021 by code423n4
@aodhgan
1
PrizePool.awardExternalERC721() Erroneously Emits Events 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#62 opened Oct 14, 2021 by code423n4
@aodhgan
2
Lack of Pause Mechanism 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#61 opened Oct 14, 2021 by code423n4
2
Comment Typos 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#59 opened Oct 14, 2021 by code423n4
@aodhgan
2
YieldSourcePrizePool._canAwardExternal() Does Not Prevent the Deposit Token From Being Withdrawn 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#58 opened Oct 14, 2021 by code423n4
@asselstine
3
Unnecessary decrement (DrawCalculator.sol) bug Warden finding G (Gas Optimization)
#57 opened Oct 13, 2021 by code423n4
@aodhgan
2
Miners Can Re-Roll the VRF Output to Game the Protocol 3 (High Risk) Assets can be stolen/lost/compromised directly bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#56 opened Oct 13, 2021 by code423n4
@asselstine
3
Style issues 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#52 opened Oct 13, 2021 by code423n4
@asselstine
3
unchecked arithmetics bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#51 opened Oct 13, 2021 by code423n4
@asselstine
2
Unnecessary imports 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Warden finding disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#50 opened Oct 13, 2021 by code423n4
@asselstine
4
Less than 256 uints are not efficient bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#49 opened Oct 13, 2021 by code423n4
@aodhgan
2
function _getPrizeSplitAmount can be refactored bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#48 opened Oct 13, 2021 by code423n4
@asselstine
2
Immutable variables bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#47 opened Oct 13, 2021 by code423n4
@asselstine
2
staticcall may return true for an invalid _yieldSource 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#45 opened Oct 13, 2021 by code423n4
@asselstine
2
calculateNextBeaconPeriodStartTime casts timestamp to uint64 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#44 opened Oct 13, 2021 by code423n4
@aodhgan
2
Unnecessary Addition In Loop (PrizeDistributionBuffer.sol) bug Warden finding G (Gas Optimization) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#43 opened Oct 13, 2021 by code423n4
@asselstine
2
PrizeDistributor.sol#claim() Remove redundant check can save gas bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix)
#41 opened Oct 13, 2021 by code423n4
@asselstine
2
PrizeSplit.sol#_totalPrizeSplitPercentageAmount() Avoid unnecessary copy from storage to memory can save gas bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#40 opened Oct 13, 2021 by code423n4
@asselstine
2
Adding unchecked directive can save gas bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#38 opened Oct 13, 2021 by code423n4
@asselstine
2
PrizePool.sol#_canDeposit() Remove redundant code can make the code simpler and save some gas bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#37 opened Oct 13, 2021 by code423n4
@asselstine
2
PrizePool.sol#setTicket() Remove unnecessary variable can make the code simpler and save some gas bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#36 opened Oct 13, 2021 by code423n4
@asselstine
2
PrizeSplit.sol#distribute() The value of the event parameter is wrong 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#35 opened Oct 13, 2021 by code423n4
@aodhgan
3
The formula of number of prizes for a degree is wrong 3 (High Risk) Assets can be stolen/lost/compromised directly bug Warden finding resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#33 opened Oct 13, 2021 by code423n4
@aodhgan
2
Deposits don't work with fee-on transfer tokens 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Warden finding sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#30 opened Oct 13, 2021 by code423n4
@asselstine
2
Gas: PrizePool.captureAwardBalance computation can be simplified bug Warden finding G (Gas Optimization) resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#29 opened Oct 13, 2021 by code423n4
@PierrickGT
2
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.