code-423n4 2021-04-marginswap-findings issues

code-423n4 / 2021-04-marginswap-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Magic Numbers used in Admin._stake() When Constant Defined Above Can Be Used Instead

#71 code423n4 opened 3 years ago
0
Add a timelock to functions that set key variables

#70 code423n4 opened 3 years ago
2
Duplicated Code In Admin.viewCurrentMaintenanceStaker()

#69 code423n4 opened 3 years ago
0
Inconsistent Use of RoleCache in RoleAware.sol

#68 code423n4 closed 3 years ago
1
Users Can Drain Funds From MarginSwap By Making Undercollateralized Borrows If The Price Of A Token Has Moved More Than 10% Since The Last MarginSwap Borrow/Liquidation Involving Accounts Holding That Token.

#67 code423n4 opened 3 years ago
2
The First User To Borrow a Particular Token Can Drain Funds In MarginSwap by Making An Undercollateralized Borrow Using Flash Loans

#66 code423n4 opened 3 years ago
2
Impossible to call withdrawReward fails due to run out of gas

#65 code423n4 opened 3 years ago
1
Inconsistent usage of applyInterest

#64 code423n4 opened 3 years ago
1
Testing simpler form

#63 code423n4 closed 3 years ago
1
[Gas] Useless addition of 0

#62 code423n4 opened 3 years ago
0
Not emitting event for important state changes

#61 code423n4 opened 3 years ago
2
[Gas] Do not send value if holdingsValue is 0

#60 code423n4 opened 3 years ago
0
[Gas] Extract storage variable to a memory variable

#59 code423n4 opened 3 years ago
0
[Gas] Not used imports

#58 code423n4 opened 3 years ago
0
[Gas] only process value if amount is greater than 0

#57 code423n4 opened 3 years ago
0
[Gas] unused variables

#56 code423n4 opened 3 years ago
1
[Gas] same calculations are done twice

#55 code423n4 opened 3 years ago
0
[Gas] Error codes

#54 code423n4 opened 3 years ago
0
[INFO] liquidators may be a subject of front-running attacks

#53 code423n4 opened 3 years ago
1
[INFO] allTranches array is unbounded

#52 code423n4 opened 3 years ago
1
[INFO] Inaccurate revert message in function deactivateIssuer

#51 code423n4 opened 3 years ago
0
[INFO] Optimize the inheritance tree

#50 code423n4 opened 3 years ago
0
[INFO] setUpdateMaxPegAmount and setUpdateMinPegAmount do not check boundaries

#49 code423n4 opened 3 years ago
0
[INFO] Misleading revert messages

#48 code423n4 opened 3 years ago
0
[INFO] Code duplication in viewCurrentMaintenanceStaker

#47 code423n4 opened 3 years ago
0
[INFO] Variable is declared and initialized with different values

#46 code423n4 opened 3 years ago
0
[INFO] Useless overflow comments

#45 code423n4 opened 3 years ago
0
[INFO] Consistent function names

#44 code423n4 opened 3 years ago
0
[INFO] TODOs

#43 code423n4 opened 3 years ago
1
[INFO] All caps indicates that the value should be constant

#42 code423n4 opened 3 years ago
0
setLeveragePercent should check that new _leveragePercent >= 100

#41 code423n4 opened 3 years ago
1
Isolated margin contracts declare but do not set the value of liquidationThresholdPercent

#40 code423n4 opened 3 years ago
0
PriceAware uses prices from getAmountsOut

#39 code423n4 opened 3 years ago
0
function buyBond charges msg.sender twice

#38 code423n4 opened 3 years ago
0
diffMaxMinRuntime gets default value of 0

#37 code423n4 opened 3 years ago
0
runtime > 1 hours error message discrepancy

#36 code423n4 opened 3 years ago
0
function initTranche should check that the share parameter is > 0

#35 code423n4 opened 3 years ago
0
function crossWithdrawETH does not emit withdraw event

#34 code423n4 opened 3 years ago
1
An erroneous constructor's argument could block the withdrawReward

#33 code423n4 opened 3 years ago
0
Owner can initialize an already initialized tranche

#32 code423n4 closed 3 years ago
1
Unlocked Pragma

#31 code423n4 opened 3 years ago
1
`getReserves` does not check if tokens match

#30 code423n4 opened 3 years ago
0
Missing checks if pairs equal tokens

#29 code423n4 opened 3 years ago
0
No default `liquidationThresholdPercent`

#28 code423n4 opened 3 years ago
0
Events not indexed

#27 code423n4 opened 3 years ago
0
Rewards cannot be withdrawn

#26 code423n4 opened 3 years ago
0
`account.holdsToken` is never set

#25 code423n4 opened 3 years ago
0
Users are credited more tokens when paying back debt with `registerTradeAndBorrow`

#24 code423n4 opened 3 years ago
0
Wrong liquidation logic

#23 code423n4 opened 3 years ago
0
Liquidations can be sandwich attacked

#22 code423n4 opened 3 years ago
2