-
Notifications
You must be signed in to change notification settings - Fork 9
Issues: code-423n4/2024-05-predy-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
QA Report
1st place
bug
Something isn't working
edited-by-warden
grade-a
Q-02
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
#259
opened Jun 18, 2024 by
howlbot-integration
bot
QA Report
3rd place
bug
Something isn't working
edited-by-warden
grade-a
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#254
opened Jun 18, 2024 by
howlbot-integration
bot
QA Report
2nd place
bug
Something isn't working
grade-a
Q-03
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#253
opened Jun 18, 2024 by
howlbot-integration
bot
QA Report
bug
Something isn't working
edited-by-warden
grade-a
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sufficient quality report
This report is of sufficient quality
#252
opened Jun 18, 2024 by
howlbot-integration
bot
Reallocation depends on the slot0 price, which can be manipulated.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-01
primary issue
Highest quality submission among a set of duplicates
🤖_primary
AI based primary recommendation
🤖_93_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#209
opened Jun 17, 2024 by
howlbot-integration
bot
Liquidators can bypass remaining negative margin check and leave the loss to the protocol
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-02
primary issue
Highest quality submission among a set of duplicates
🤖_65_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
#189
opened Jun 17, 2024 by
howlbot-integration
bot
Liquidity manipulation is possible when trading
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
M-01
primary issue
Highest quality submission among a set of duplicates
🤖_05_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
#157
opened Jun 17, 2024 by
howlbot-integration
bot
updateIRMParams
does not call applyInterestForToken
before updating irmParams
which leads to incorrect calculation of interest rate for subsequent trades.
2 (Med Risk)
#134
opened Jun 17, 2024 by
howlbot-integration
bot
incorrect price for negative ticks due to lack of rounding down
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-03
primary issue
Highest quality submission among a set of duplicates
🤖_69_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
#115
opened Jun 17, 2024 by
howlbot-integration
bot
Chainlink's Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
M-04
primary issue
Highest quality submission among a set of duplicates
🤖_91_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
latestRoundData
might return stale or incorrect results
2 (Med Risk)
#69
opened Jun 17, 2024 by
howlbot-integration
bot
Possible DoS When calling Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-05
primary issue
Highest quality submission among a set of duplicates
🤖_68_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
GammaTradeMarket::_removePosition
will cause user position to not be able to get liquidated
2 (Med Risk)
#55
opened Jun 17, 2024 by
howlbot-integration
bot
One pair can steal another pair's Uniswap liquidity during Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-03
primary issue
Highest quality submission among a set of duplicates
🤖_132_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
reallocate()
call if both pairs operate on the same Uniswap pool and both have the same upper and lower tick during reallocation.
3 (High Risk)
#49
opened Jun 17, 2024 by
howlbot-integration
bot
Vaults can become immune from liquidation by setting Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-06
primary issue
Highest quality submission among a set of duplicates
🤖_27_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
vault.recipient
to a blacklisted quote token address
2 (Med Risk)
#42
opened Jun 14, 2024 by
c4-bot-2
Liquidation incorrectly tries to transfer token from Market instead of liquidator if remainingMargin is negative
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-04
insufficient quality report
This report is not of sufficient quality
🤖_primary
AI based primary recommendation
🤖_14_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#27
opened Jun 14, 2024 by
c4-bot-3
Reallocation incorrectly sends the exceed quoteTokens to Market contract instead of reallocator
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-07
🤖_primary
AI based primary recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#26
opened Jun 14, 2024 by
c4-bot-5
PriceFeed does not return to the correct price for quote pairs
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-08
primary issue
Highest quality submission among a set of duplicates
🤖_primary
AI based primary recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#22
opened Jun 13, 2024 by
c4-bot-7
ProTip!
Type g i on any issue or pull request to go back to the issue listing page.