code-423n4 2021-06-pooltogether-findings issues

code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas optimization on `redeemToken` of `ATokenYieldSource`

#123 code423n4 opened 3 years ago
1
Gas optimization on `_depositToAave`

#122 code423n4 opened 3 years ago
1
User could lose underlying tokens when redeeming from the `IdleYieldSource`

#121 code423n4 closed 3 years ago
2
User could lose underlying tokens when redeeming from the `IdleYieldSource`

#120 code423n4 opened 3 years ago
1
Lack of `nonReentrant` modifier in yield source contracts

#119 code423n4 opened 3 years ago
1
`onERC721Received` not implemented in `PrizePool`

#118 code423n4 opened 3 years ago
1
No event emitted in `compLikeDelegate` function

#117 code423n4 closed 3 years ago
2
Using `transferFrom` on ERC721 tokens

#116 code423n4 closed 3 years ago
2
Using `transferFrom` on ERC721 tokens

#115 code423n4 opened 3 years ago
2
SafeMath not completely used in yield source contracts

#114 code423n4 opened 3 years ago
2
`BadgerYieldSource` and `SushiYieldSource` are not upgradeable

#113 code423n4 closed 3 years ago
2
Return values of ERC20 `transfer` and `transferFrom` are unchecked

#112 code423n4 opened 3 years ago
2
ERC20-related variables not initialized

#111 code423n4 closed 3 years ago
2
Inconsistent usage of ` _msgSender()` and `msg.sender`

#110 code423n4 closed 3 years ago
2
Unlocked pragma used in multiple contracts

#109 code423n4 opened 3 years ago
1
Gas optimization on `BadgerYieldSource`

#108 code423n4 closed 3 years ago
1
Declare functions as `external` to save gas

#107 code423n4 opened 3 years ago
1
Mantissa calculations assumes 18 decimals

#106 code423n4 closed 3 years ago
2
Manual deposits can manipulate share price

#105 code423n4 closed 3 years ago
2
Use ERC-165 instead of homebrew staticcall-based check

#104 code423n4 opened 3 years ago
1
IdleYieldSource doesn't use mantissa calculations

#103 code423n4 opened 3 years ago
1
Functions in SushiYieldSource can be external

#102 code423n4 closed 3 years ago
1
Gas savings on uninitialized variables.

#101 code423n4 opened 3 years ago
1
Use SafeTransfer/TransferHelper for BadgerYieldSource

#100 code423n4 closed 3 years ago
2
'immutable' greatly reduces gas costs

#99 code423n4 closed 3 years ago
3
Gas cache `badgerSett`

#98 code423n4 closed 3 years ago
1
CreditBurned event emitted even on zero tokens burned

#97 code423n4 opened 3 years ago
1
Credit accrual is done twice in `award`

#96 code423n4 opened 3 years ago
1
YearnV2YieldSource save gas with pre-approval

#95 code423n4 closed 3 years ago
3
SushiYieldSource save gas with pre-approval

#94 code423n4 opened 3 years ago
2
ATokenYieldSource save gas with pre-approval

#93 code423n4 opened 3 years ago
3
`YieldSourcePrizePool_canAwardExternal` does not work

#92 code423n4 opened 3 years ago
3
withdraw timelock can be circumvented

#91 code423n4 opened 3 years ago
1
`YearnV2YieldSource` wrong subtraction in withdraw

#90 code423n4 opened 3 years ago
1
`BadgerYieldSource` SafeMath not used

#89 code423n4 closed 3 years ago
2
`SushiYieldSource` ERC20 return values not checked

#88 code423n4 closed 3 years ago
2
`BadgerYieldSource` ERC20 return values not checked

#87 code423n4 closed 3 years ago
2
ATokenYieldSource mixes aTokens and underlying when redeeming

#86 code423n4 opened 3 years ago
2
Awarding takes reserve fee several times

#85 code423n4 closed 3 years ago
3
BadgerYieldSource balanceOfToken share calculation seems wrong

#84 code423n4 opened 3 years ago
0
`YieldSourcePrizePool` should use EIP-165 to detect valid yield sources

#83 code423n4 closed 3 years ago
2
`initialize` functions cam be frontrun

#82 code423n4 closed 3 years ago
2
Missing parameter validation

#81 code423n4 opened 3 years ago
8
_depositToAave always returns 0

#80 code423n4 opened 3 years ago
1
lack of input validation

#79 code423n4 closed 3 years ago
2
Uneven use of events

#78 code423n4 opened 3 years ago
0
Various gas optimizations

#77 code423n4 opened 3 years ago
1
Unused return value from Transfer()/ TransferFrom()

#76 code423n4 closed 3 years ago
2
Using memory[] parameter without checking its length

#75 code423n4 opened 3 years ago
1
Floating Pragma

#74 code423n4 closed 3 years ago
2