code-423n4 2021-05-visorfinance-findings issues

code-423n4 / 2021-05-visorfinance-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Unbounded loop in `_removeNft` could lead to a griefing/DOS attack

#80 code423n4 opened 3 years ago
5
Double-spend allowance is possible in the function `approveTransferERC20`

#79 code423n4 closed 3 years ago
2
Deflationary tokens are not considered in time-locked ERC20 functions

#78 code423n4 opened 3 years ago
1
Should reset `timelockERC721s` after calling `transferERC721`

#77 code423n4 closed 3 years ago
2
Owner or approved users could not transfer time-locked NFTs using `transferERC721`

#76 code423n4 closed 3 years ago
2
Lack of non-zero check in function `timeLockERC20` and `timeLockERC721` could cause funds being locked

#75 code423n4 closed 3 years ago
2
A user could transfer the approved NFT several times

#74 code423n4 closed 3 years ago
2
Functions `getTimeLockCount` and `getTimeLockERC721Count` should not count on unlocked tokens

#73 code423n4 closed 3 years ago
1
Unbounded loop in function `transferERC721`

#72 code423n4 closed 3 years ago
2
Unused imported interface `IVisorService`

#71 code423n4 opened 3 years ago
3
Events are not indexed

#70 code423n4 opened 3 years ago
3
Unchecked return value of `transferFrom` in function `timeLockERC20`

#69 code423n4 closed 3 years ago
2
It is expected that some functions may require either Owner or Delegate as callers. Now only three access options are available: onlyOwner, onlyDelegate, anyone.

#68 code423n4 closed 3 years ago
2
The function onERC721Received () allows writing duplicates in the array "nfts". Another functions dealing with this array do not expect duplicates met.

#67 code423n4 opened 3 years ago
2
Anyone can call onERC721Received() function and spam the array "nfts"

#66 code423n4 closed 3 years ago
2
timelockERC721Keys could exceed the block size limit

#65 code423n4 opened 3 years ago
3
Getting NFT could exceed block size limit

#64 code423n4 closed 3 years ago
2
Internal GetBalanceLocked call can exceed block size limit

#63 code423n4 opened 3 years ago
2
Removing NFT could exceed block size limit

#62 code423n4 closed 3 years ago
2
Locking the same funds twice in lock() on line 269 of Visor.sol

#61 code423n4 opened 3 years ago
2
Locking the same funds twice in lock() on line 269 of Visor.sol

#60 code423n4 closed 3 years ago
2
delegatedTransferERC20() on line 442 of Visor.sol, able to get locked erc20 tokens

#59 code423n4 closed 3 years ago
2
timeUnlockERC20() on line 619 of Visor.sol, able to unlock locked erc20 tokens

#58 code423n4 closed 3 years ago
2
getBalanceLocked on line 202 of Visor.sol doesn't return the total balance, just the highest balance

#57 code423n4 closed 3 years ago
2
Possible wrong calculations

#56 code423n4 closed 3 years ago
2
Gas optimizations - calculation getBalanceLocked

#55 code423n4 opened 3 years ago
2
Possible wrong calculation of locked balance

#54 code423n4 closed 3 years ago
2
Gas optimizations - storage over memory

#53 code423n4 opened 3 years ago
2
Gas optimization storage NFTs

#52 code423n4 opened 3 years ago
2
Gas optimizations by using external over public

#51 code423n4 opened 3 years ago
2
Hypervisor.stake does not transfer tokens

#50 code423n4 closed 3 years ago
2
Can lock more tokens than in contract

#49 code423n4 closed 3 years ago
2
Approval for NFT transfers is not removed after transfer

#48 code423n4 opened 3 years ago
2
Delegated transfer of owner fails

#47 code423n4 closed 3 years ago
2
Unbounded iteration

#46 code423n4 closed 3 years ago
2
Wrong TimeLockERC20 event emitted

#45 code423n4 opened 3 years ago
3
Missing events

#44 code423n4 opened 3 years ago
3
Vault factory owner can frontrun vault creators

#43 code423n4 closed 3 years ago
2
Missing parameter validation

#42 code423n4 closed 3 years ago
2
lock/unlock signatures may be replayed on a different contract/chain

#41 code423n4 closed 3 years ago
2
Incorrect and unnecessary logic in delegatedTransferERC20()

#40 code423n4 closed 3 years ago
3
Unhandled return value of transferFrom in timeLockERC20() could lead to fund loss for recipients

#39 code423n4 opened 3 years ago
3
Lack of address input validation will lock tokens in contract

#38 code423n4 closed 3 years ago
2
Timelock keys are never removed after unlocks

#37 code423n4 opened 3 years ago
2
Incorrect event emitted

#36 code423n4 closed 3 years ago
3
A previously timelocked NFT token becomes permanently stuck in vault if it’s ever moved back into the vault

#35 code423n4 opened 3 years ago
2
NFT transfer approvals are not removed and cannot be revoked thus leading to loss of NFT tokens

#34 code423n4 opened 3 years ago
3
Transaction-Order-Dependence race condition for approveTransferERC20()

#33 code423n4 closed 3 years ago
1
Breaking out of loop can save gas

#32 code423n4 opened 3 years ago
2
Use a temporary variable to cache repetitive storage reads

#31 code423n4 opened 3 years ago
2