code-423n4 2021-07-spartan-findings issues

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Swap fees are not accounted for if users swap directly from the pools

#239 code423n4 closed 3 years ago
2
Flash loan manipulation on `getPoolShareWeight` of `Utils`

#238 code423n4 opened 3 years ago
2
Inconsistent slip adjustment calculation with the Thorchain model

#237 code423n4 closed 3 years ago
2
Possible DoS attack in creating new DAO proposals

#236 code423n4 closed 3 years ago
1
Improper access control of `claimAllForMember` allows anyone to reduce the weight of a member

#235 code423n4 opened 3 years ago
2
Unbounded loops in several contracts

#234 code423n4 closed 3 years ago
2
Return values of `BEP20.transfer` and `BEP20.transferFrom` are unchecked

#233 code423n4 closed 3 years ago
1
Possible divide by zero errors in `Utils`

#232 code423n4 opened 3 years ago
0
`Approval` event not emitted if the allowance is the maximum

#231 code423n4 closed 3 years ago
2
Allowance cannot be reset once it is set to the maximum

#230 code423n4 closed 3 years ago
1
Incorrect implementation of `_handleTransferIn` of `PoolFactory`

#229 code423n4 closed 3 years ago
1
Missing critical checks in the `createPool` function of `PoolFactory`

#228 code423n4 closed 3 years ago
1
Some critical parameters cannot be adjusted after deployment

#227 code423n4 closed 3 years ago
1
Assuming `BEP20.name` of a token is implemented

#226 code423n4 opened 3 years ago
2
Missing input validation in addLiquidityForMember()

#225 code423n4 opened 3 years ago
0
Loss of precision

#224 code423n4 opened 3 years ago
1
unbounded loop

#223 code423n4 closed 3 years ago
1
Missing input validation zapLiquidity()

#222 code423n4 opened 3 years ago
1
Missing synthReward

#221 code423n4 closed 3 years ago
2
Missing function setParams in Dao

#220 code423n4 opened 3 years ago
2
state variable that can be declared as constant

#219 code423n4 opened 3 years ago
0
Missing purgeDeployer function

#218 code423n4 closed 3 years ago
1
state variables that can be declared as immutable

#217 code423n4 opened 3 years ago
0
Missing input validation in realise()

#216 code423n4 opened 3 years ago
2
Lack of emission of event when changing dao fees

#215 code423n4 opened 3 years ago
1
Missing revert if denominator = 0

#214 code423n4 opened 3 years ago
1
lack of zero address validation for recipent in _transfer() of pool.sol, synth.sol

#213 code423n4 opened 3 years ago
2
No checking of recipient address validation during low-level call

#212 code423n4 opened 3 years ago
2
Missing input validation in createPool()

#211 code423n4 closed 3 years ago
2
Mismatch in event definition

#210 code423n4 opened 3 years ago
1
unchecked return value from Transfer()/TransferFrom

#209 code423n4 closed 3 years ago
1
Unchecked transfers found in 3 contracts

#208 code423n4 closed 3 years ago
1
[Pool] - Flash loan + Synth.realise allows anyone to extract value from LPs

#207 code423n4 closed 3 years ago
1
[Pool] - Anyone can remove liquidity from Pools, allowing them to alter the price

#206 code423n4 opened 3 years ago
2
Pool._addPoolMetrics(uint256) potentially subject to miner manipulation

#205 code423n4 closed 3 years ago
3
Pool.constructor(address,address) does not check for zero address

#204 code423n4 closed 3 years ago
3
Pool.burnSynth(address,address) is potentially reentrant

#203 code423n4 opened 3 years ago
2
Pool.swapTo(address token, address member) potentially locks funds

#202 code423n4 closed 3 years ago
4
Pool._addPoolMetrics(uint256) is subject to potential miner manipulation

#201 code423n4 opened 3 years ago
4
Pool has unchecked transfers

#200 code423n4 closed 3 years ago
1
DaoVault.withdraw(address,address) potentially subject to timestamp manipulation

#199 code423n4 closed 3 years ago
3
DaoVault.constructor(address) is missing a zero address check

#198 code423n4 opened 3 years ago
2
Dao.calcReward(address) has potential division before multiplication arithmetic errors

#197 code423n4 closed 3 years ago
2
Dao has unchecked transfers

#196 code423n4 closed 3 years ago
2
Dao.bond(address,uint256) is reentrant and payable

#195 code423n4 closed 3 years ago
3
Router.revenueDetails(uint256,address) potentially vulnerable to miner manipulation

#194 code423n4 opened 3 years ago
2
Router.addDividend(address,uint256) has potentially unsafe arithmetic

#193 code423n4 closed 3 years ago
2
Router.swapSynthToAsset(uint256,address,address) has unchecked transfer

#192 code423n4 closed 3 years ago
2
Router._handleTransferOut(address,uint256,address) has unchecked transfer

#191 code423n4 closed 3 years ago
2
Router._handleTransferIn(address,uint256,address) has unchecked transfers

#190 code423n4 closed 3 years ago
2