issues
search
code-423n4
/
2021-05-yield-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Users can avoid paying borrowing interest after the fyToken matures
#71
code423n4
opened
3 years ago
3
Possible DoS attack when creating `Joins` in `Wand`
#70
code423n4
opened
3 years ago
1
User can redeem more tokens by artificially increasing the chi accrual
#69
code423n4
opened
3 years ago
2
Using stale cToken exchange rate
#68
code423n4
opened
3 years ago
1
Unnecessary `unchecked` keyword is used in `FYToken`
#67
code423n4
opened
3 years ago
0
Add non-zero address check of recipients when transferring funds
#66
code423n4
closed
3 years ago
2
Unlock pragma used in multiple contracts
#65
code423n4
closed
3 years ago
2
Witch lock vault waiting for better price
#64
code423n4
closed
3 years ago
2
Reliance on undocumented quirk in RevertMsgExtractor
#63
code423n4
closed
3 years ago
2
Missing zero address validation in transfer method
#62
code423n4
closed
3 years ago
2
In method _update on Pool.sol - Divide before multiply
#61
code423n4
opened
3 years ago
0
Gas optimizations - using external over public
#60
code423n4
opened
3 years ago
0
function build could explicitly check that seriesId is not 0
#59
code423n4
opened
3 years ago
1
function redeem should return 'redeemed' amount
#58
code423n4
opened
3 years ago
0
external function transferToPool is pretty useless
#57
code423n4
opened
3 years ago
0
unnecessary store
#56
code423n4
opened
3 years ago
1
Anyone can create a fake pool to trick unauthorized front-ends
#55
code423n4
opened
3 years ago
1
Multiple compiler versions allowing a wide range from 0.5.0 to >=0.8.0
#54
code423n4
opened
3 years ago
1
flashFeeFactor is uninitialized at declaration leading to zero-fee flash loans enabled by default
#53
code423n4
opened
3 years ago
1
Incompatibility With Rebasing/Deflationary/Inflationary tokens
#52
code423n4
opened
3 years ago
2
The account parameter in renounceRole() is unnecessary and may cause delays in emergencies
#51
code423n4
closed
3 years ago
1
Prevent the use of LOCK in setRoleAdmin to instead force the use of lockRole
#50
code423n4
opened
3 years ago
0
Missing reentrancy guard and contract existence check for modules
#49
code423n4
opened
3 years ago
2
Missing sender address check in receive() may lead to locked Ether
#48
code423n4
opened
3 years ago
0
borrowingFee is not initialized
#47
code423n4
closed
3 years ago
1
Return values of batch operations are ignored
#46
code423n4
opened
3 years ago
0
Violation of implicit constraints in batched operations may break protocol assumptions
#45
code423n4
opened
3 years ago
3
Uninitialized or Incorrectly set auctionInterval may lead to liquidation engine livelock
#44
code423n4
opened
3 years ago
2
Potential griefing with DoS by front-running vault creation with same vaultID
#43
code423n4
opened
3 years ago
2
Missing zero-address validations
#42
code423n4
opened
3 years ago
1
Missing checks on debt max/min limits could cause pour to revert
#41
code423n4
opened
3 years ago
1
Mining
#40
code423n4
closed
3 years ago
0
buyFYToken and buyBase do not reimburse leftovers
#39
code423n4
closed
3 years ago
2
ERC20 approve is vulnerable to the front-running
#38
code423n4
opened
3 years ago
2
UniswapV3Oracle function _peek is public
#37
code423n4
opened
3 years ago
1
no need for transferToPool to be payable
#36
code423n4
opened
3 years ago
1
_burnInternal always returns 0 for fy tokens returned
#35
code423n4
opened
3 years ago
1
`FlashBorrower` uses non-safe ERC20 functions
#34
code423n4
closed
3 years ago
1
Unlocked Pragma
#33
code423n4
closed
3 years ago
2
Unsafe call to `.decimals`
#32
code423n4
opened
3 years ago
1
Vaults are in liquidation forever instead of just for auction length
#31
code423n4
closed
3 years ago
1
Undercollateralized vaults' owner can be overwritten
#30
code423n4
opened
3 years ago
1
`Cauldron.addSeries` does not check if fyToken is already in use
#29
code423n4
closed
3 years ago
2
FYTokens can be minted for free
#28
code423n4
closed
3 years ago
1
Flashloan griefing attack
#27
code423n4
closed
3 years ago
2
Uniswap Oracle uses wrong prices
#26
code423n4
opened
3 years ago
2
Inefficient Witch buy
#25
code423n4
opened
3 years ago
1
Implicit unsafe math
#24
code423n4
opened
3 years ago
2
maxFlashLoan has no effect on flashLoan
#23
code423n4
closed
3 years ago
1
setDebtLimits should check that max >= min
#22
code423n4
closed
3 years ago
3
Next