code-423n4 2021-04-basedloans-findings issues

code-423n4 / 2021-04-basedloans-findings

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Incorrect constant comparison in `UniswapConfig.sol`.

#43 code423n4 closed 3 years ago
3
Potential reentrancy caused by the `doTransferIn` function of the `CErc20` contract.

#42 code423n4 closed 3 years ago
2
Potential reentrancy caused by the `doTransferOut` function of the `CEther` contract.

#41 code423n4 closed 3 years ago
2
Lack of a non-zero address check in the function `doTransferOut` can cause loss of funds.

#40 code423n4 closed 3 years ago
3
Requires a non-zero address check when deploying `CErc20` tokens and `CEther`.

#39 code423n4 opened 3 years ago
2
`UniswapAnchoredView`'s `PriceUpdated` event is never fired

#38 code423n4 opened 3 years ago
2
UniswapConfig getters return wrong token config if token config does not exist

#37 code423n4 opened 3 years ago
2
`UniswapConfig._addTokensInternal` allows duplicates

#36 code423n4 closed 3 years ago
2
Privileged roles

#35 code423n4 opened 3 years ago
2
`refreshCompSpeedsInternal` should only update `isComped`

#34 code423n4 closed 3 years ago
2
Reward rates can be changed through flash borrows

#33 code423n4 opened 3 years ago
1
Unbounded iteration on `refreshCompSpeedsInternal`

#32 code423n4 opened 3 years ago
2
Usage of `address.transfer`

#31 code423n4 opened 3 years ago
1
Unused comptroller verify functions

#30 code423n4 closed 3 years ago
2
[Info] functions 'getUnderlyingPriceView' and 'price' are too similar

#29 code423n4 opened 3 years ago
1
Allow borrowCap to be filled fully

#28 code423n4 opened 3 years ago
1
Use 'interface' keyword for interfaces

#27 code423n4 opened 3 years ago
1
function getUnderlyingPrice compares against "cETH"

#26 code423n4 opened 3 years ago
1
Use 'receive' when expecting eth and empty call data

#25 code423n4 opened 3 years ago
1
uint(-1) index for not found

#24 code423n4 opened 3 years ago
1
event PriceUpdated is never emitted

#23 code423n4 closed 3 years ago
2
Missed NatSpec @param for newly introduced parameter distributeAll

#22 code423n4 opened 3 years ago
1
Missing zero/threshold check for maxAssets

#21 code423n4 opened 3 years ago
2
Missing input validation may set COMP token to zero-address in Comptroller.sol

#20 code423n4 opened 3 years ago
1
Floating pragma used in Uniswap*.sol 

#19 code423n4 opened 3 years ago
1
All except one Comptroller verify functions do not verify anything in Comptroller.sol/CToken.sol 

#18 code423n4 opened 3 years ago
1
sweepToken() function removed in CErc20.sol from original Compound code

#17 code423n4 opened 3 years ago
1
No account existence check for low-level call in CEther.sol

#16 code423n4 opened 3 years ago
1
Outdated Compiler

#15 code423n4 opened 3 years ago
2
Missing validation for _setCompAddress

#14 code423n4 opened 3 years ago
1
Missing event visbility in _setCompAddress() function

#13 code423n4 opened 3 years ago
1
uint[] memory parameter is tricky

#12 code423n4 opened 3 years ago
1
CErc20.sol missing sweepToken?

#11 code423n4 closed 3 years ago
4
now is still used

#10 code423n4 opened 3 years ago
1
seizeInternal isn't nonReentrant, unlike the rest of the Internal functions

#9 code423n4 closed 3 years ago
2
More readable constants

#8 code423n4 opened 3 years ago
1
uint(-1)

#7 code423n4 opened 3 years ago
1
CarefulMath / safe math not allways used

#6 code423n4 opened 3 years ago
2
requireNoError not used in a consistent way

#5 code423n4 opened 3 years ago
1
requireNoError can be optimized

#4 code423n4 opened 3 years ago
1
Alphabetical order not complied with (contrary to the comments)

#3 code423n4 opened 3 years ago
1
Reliance on the fact that NO_ERROR = 0

#2 code423n4 opened 3 years ago
1
Multiple error enums with overlapping values

#1 code423n4 opened 3 years ago
1