issues
search
code-423n4
/
2021-06-pooltogether-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Unnecessary safeApprove
#73
code423n4
closed
3 years ago
3
Yearn vault withdrawals in redeems will always fail leading to lock/loss of user deposits
#72
code423n4
closed
3 years ago
2
safeApprove() for Yearn Vault may revert preventing deposits causing DoS
#71
code423n4
opened
3 years ago
1
Ignored return values may lead to undefined behavior
#70
code423n4
opened
3 years ago
2
Overly permissive threshold check allows high yield loss
#69
code423n4
opened
3 years ago
1
Lack of event emission after critical initialize() functions
#68
code423n4
opened
3 years ago
3
Initialization functions can be front-run with malicious values
#67
code423n4
closed
3 years ago
2
Test configuration carryover to production deployment limits pool users to 5
#66
code423n4
closed
3 years ago
2
Missing zero-address checks
#65
code423n4
opened
3 years ago
1
Different floating/fixed solc pragmas even across breaking versions used in project
#64
code423n4
closed
3 years ago
2
_getAddressesProviderId() returns 0 for Aave genesis market LendingPoolAddressesProvider’s ID
#63
code423n4
closed
3 years ago
2
Input validation on decimals is not sufficient
#62
code423n4
closed
3 years ago
2
Missing nonreentrant modifier on various yield source functions making external calls
#61
code423n4
closed
3 years ago
1
Missing calls to init functions of inherited contracts
#60
code423n4
opened
3 years ago
3
Actual yield source check on address will succeed for non-existent contract
#59
code423n4
opened
3 years ago
0
Unclear role of compLikeDelegate() function in Prize Pool
#58
code423n4
closed
3 years ago
2
Malicious pool creator/owner can arbitrarily/maliciously change prize strategy of an active pool
#57
code423n4
closed
3 years ago
3
Liquidity Cap changes for active pools affect winning odds unexpectedly
#56
code423n4
closed
3 years ago
2
Lack of input validation on onlyOwner critical parameters
#55
code423n4
closed
3 years ago
2
Missing modifier onlyControlledToken may result in undefined/exceptional behavior
#54
code423n4
opened
3 years ago
2
Named return values are never used in favor of explicit returns
#53
code423n4
opened
3 years ago
3
captureAwardBalance() may be called by anyone
#52
code423n4
closed
3 years ago
2
The assumption that operator == to (user) may not hold leading to failed timelock deposits
#51
code423n4
opened
3 years ago
2
Switch modifier order to consistently place the nonreentrant modifier as the first one
#50
code423n4
opened
3 years ago
1
Missing initialization checks and setters for critical parameters of maxExitFee and maxTimelockDuration
#49
code423n4
closed
3 years ago
2
Liquidity Cap is set to MAX at initialization
#48
code423n4
closed
3 years ago
2
Caching sushiAddr and sushiBar in local variables to save 200 gas in supplyTokenTo()
#47
code423n4
opened
3 years ago
1
maxLosses can be cached in a local variable to save 100 gas in _withdrawFromVault()
#46
code423n4
opened
3 years ago
1
token can be cached in a local variable to save 100 gas in _withdrawFromVault()
#45
code423n4
opened
3 years ago
1
token can be cached in a local variable to save 200 gas in _depositInVault()
#44
code423n4
opened
3 years ago
1
Using function parameter in initialize() instead of state variable saves 100 gas
#43
code423n4
opened
3 years ago
1
Zero-address check unnecessary due to the initializer modifier
#42
code423n4
opened
3 years ago
1
Unnecessary initialization given that default value is already 0
#41
code423n4
closed
3 years ago
2
Using decreaseAllowance() function may save gas
#40
code423n4
closed
3 years ago
2
Caching badger and badgerSett can save 400 gas in redeemToken()
#39
code423n4
closed
3 years ago
1
Caching badger and badgerSett can save 400 gas in supplyTokenTo()
#38
code423n4
opened
3 years ago
1
Remove unnecessary/unused return value
#37
code423n4
closed
3 years ago
1
Gas savings of (100*loop-iteration-count) by caching _tokens.end() in _tokenTotalSupply()
#36
code423n4
opened
3 years ago
1
Preventing zero-address controlled tokens from being added can avoid checks later
#35
code423n4
opened
3 years ago
1
Unnecessary indirection to access block.timestamp value
#34
code423n4
opened
3 years ago
1
Gas savings of 100 by caching maxTimelockDuration in _calculateTimelockDuration()
#33
code423n4
opened
3 years ago
1
Gas savings of 100 per user by caching _timelockBalances[user] in _sweepTimelockBalances()
#32
code423n4
opened
3 years ago
1
Using access lists can save gas due to EIP-2930 post-Berlin hard fork
#31
code423n4
opened
3 years ago
1
Setting a default prizeStrategy will save gas from avoiding zero-address checks
#30
code423n4
closed
3 years ago
2
Gas savings of 300 by caching _currentAwardBalance in captureAwardBalance()
#29
code423n4
opened
3 years ago
0
Evaluate security benefit vs gas usage trade-off for using nonreentrant modifier on different functions
#28
code423n4
closed
3 years ago
2
Simplifying extensible but expensive modifier may save gas
#27
code423n4
opened
3 years ago
1
Avoid use of state variables in event emissions to save gas
#26
code423n4
opened
3 years ago
0
Upgrading the solc compiler to >=0.8 may save gas
#25
code423n4
opened
3 years ago
2
Gas Optimization: PrizePool._calculateCreditBalance.creditBalance is incorrectly passed by reference rather than passed by value, causing unnecessary SLOADs instead of MLOADs
#24
code423n4
opened
3 years ago
0
Previous
Next