-
Nihavent
Medium
# `CuratedVaultSetters::_supplyPool()` does not consider the pool cap of the underlying pool, which may cause `deposit()` to revert or lead to an unintended reordering of `supplyQueu…
-
In the case your company shutdown in the future, for whatever reason, what happen to our inheritance? How can anyone can claim it if your service is down???
I apology if i missed this information i…
-
[G-01] Unnecessary Default Value Initialization
When variable is not initialized, it will have its default values.
Example: 0 for uint, false for bool and address(0) for address
I suggest removing d…
-
tallo
medium
# A malicious market owner/protocol owner can front-run calls to lenderAcceptBid and change the marketplace fee to steal lender funds
## Lines of Code
https://github.com/teller-protoco…
-
TLDR: We'd like to consider whether it would make sense for builders to bid unconditionally for their header to be selected by the proposer. This would imply the proposer gets paid regardless of wheth…
-
# Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatSanctionsSentinel.sol#L14
https://github.com/code-423n4/2023-10-wildcat/blob/c5d…
-
As discussed with @cde8 the timelock sync between chains occurs at the blockheight level, not the timestamp level.
Currently the `atomic_bridge.move`(counterparty) module uses timestamp, whereas t…
-
Perhaps it would be a nice idea to setup a bitmessage passthrough on a website (oracles.li?), available either with a user interface, or a REST API.
If we had this, a client could send messages to th…
-
IllIllI
high
# High risk checks can be bypassed with extra `calldata` padding
## Summary
Adding extra unused bytes to proposal calldata can trick the `_isHighRiskProposal()` function
## Vulnerab…
-
See the markdown file with the details of this report [here](https://github.com/code-423n4/2023-10-zksync-findings/blob/main/data/ustas-Q.md).