code-423n4 2021-05-yield-findings issues

code-423n4 / 2021-05-yield-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Users can avoid paying borrowing interest after the fyToken matures

#71 code423n4 opened 3 years ago
3
Possible DoS attack when creating `Joins` in `Wand`

#70 code423n4 opened 3 years ago
1
User can redeem more tokens by artificially increasing the chi accrual

#69 code423n4 opened 3 years ago
2
Using stale cToken exchange rate

#68 code423n4 opened 3 years ago
1
Unnecessary `unchecked` keyword is used in `FYToken`

#67 code423n4 opened 3 years ago
0
Add non-zero address check of recipients when transferring funds

#66 code423n4 closed 3 years ago
2
Unlock pragma used in multiple contracts

#65 code423n4 closed 3 years ago
2
Witch lock vault waiting for better price

#64 code423n4 closed 3 years ago
2
Reliance on undocumented quirk in RevertMsgExtractor

#63 code423n4 closed 3 years ago
2
Missing zero address validation in transfer method

#62 code423n4 closed 3 years ago
2
In method _update on Pool.sol - Divide before multiply

#61 code423n4 opened 3 years ago
0
Gas optimizations - using external over public

#60 code423n4 opened 3 years ago
0
function build could explicitly check that seriesId is not 0

#59 code423n4 opened 3 years ago
1
function redeem should return 'redeemed' amount

#58 code423n4 opened 3 years ago
0
external function transferToPool is pretty useless

#57 code423n4 opened 3 years ago
0
unnecessary store

#56 code423n4 opened 3 years ago
1
Anyone can create a fake pool to trick unauthorized front-ends

#55 code423n4 opened 3 years ago
1
Multiple compiler versions allowing a wide range from 0.5.0 to >=0.8.0

#54 code423n4 opened 3 years ago
1
flashFeeFactor is uninitialized at declaration leading to zero-fee flash loans enabled by default 

#53 code423n4 opened 3 years ago
1
Incompatibility With Rebasing/Deflationary/Inflationary tokens

#52 code423n4 opened 3 years ago
2
The account parameter in renounceRole() is unnecessary and may cause delays in emergencies 

#51 code423n4 closed 3 years ago
1
Prevent the use of LOCK in setRoleAdmin to instead force the use of lockRole

#50 code423n4 opened 3 years ago
0
Missing reentrancy guard and contract existence check for modules 

#49 code423n4 opened 3 years ago
2
Missing sender address check in receive() may lead to locked Ether

#48 code423n4 opened 3 years ago
0
borrowingFee is not initialized

#47 code423n4 closed 3 years ago
1
Return values of batch operations are ignored

#46 code423n4 opened 3 years ago
0
Violation of implicit constraints in batched operations may break protocol assumptions

#45 code423n4 opened 3 years ago
3
Uninitialized or Incorrectly set auctionInterval may lead to liquidation engine livelock

#44 code423n4 opened 3 years ago
2
Potential griefing with DoS by front-running vault creation with same vaultID

#43 code423n4 opened 3 years ago
2
Missing zero-address validations 

#42 code423n4 opened 3 years ago
1
Missing checks on debt max/min limits could cause pour to revert

#41 code423n4 opened 3 years ago
1
Mining

#40 code423n4 closed 3 years ago
0
buyFYToken and buyBase do not reimburse leftovers

#39 code423n4 closed 3 years ago
2
ERC20 approve is vulnerable to the front-running

#38 code423n4 opened 3 years ago
2
UniswapV3Oracle function _peek is public

#37 code423n4 opened 3 years ago
1
no need for transferToPool to be payable

#36 code423n4 opened 3 years ago
1
_burnInternal always returns 0 for fy tokens returned

#35 code423n4 opened 3 years ago
1
`FlashBorrower` uses non-safe ERC20 functions

#34 code423n4 closed 3 years ago
1
Unlocked Pragma

#33 code423n4 closed 3 years ago
2
Unsafe call to `.decimals`

#32 code423n4 opened 3 years ago
1
Vaults are in liquidation forever instead of just for auction length

#31 code423n4 closed 3 years ago
1
Undercollateralized vaults' owner can be overwritten

#30 code423n4 opened 3 years ago
1
`Cauldron.addSeries` does not check if fyToken is already in use

#29 code423n4 closed 3 years ago
2
FYTokens can be minted for free

#28 code423n4 closed 3 years ago
1
Flashloan griefing attack

#27 code423n4 closed 3 years ago
2
Uniswap Oracle uses wrong prices

#26 code423n4 opened 3 years ago
2
Inefficient Witch buy

#25 code423n4 opened 3 years ago
1
Implicit unsafe math

#24 code423n4 opened 3 years ago
2
maxFlashLoan has no effect on flashLoan

#23 code423n4 closed 3 years ago
1
setDebtLimits should check that max >= min

#22 code423n4 closed 3 years ago
3