code-423n4 2021-07-spartan-findings issues

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Router.removeLiquiditySingle(uint256,bool,address) has unchecked transfers

#189 code423n4 closed 3 years ago
2
Router.removeLiquidityExact(uint256,address) has unchecked transfers

#188 code423n4 closed 3 years ago
2
Router.zapLiquidity(uint256,address,address) has unchecked transfers

#187 code423n4 closed 3 years ago
2
Router.swapTo(uint256,address,address,address) is potentially reentrant

#186 code423n4 closed 3 years ago
3
Router has a payable re-entrancy

#185 code423n4 closed 3 years ago
2
Router has an arbitrary send

#184 code423n4 closed 3 years ago
2
[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds

#183 code423n4 closed 3 years ago
2
Dividend reward can be gamed

#182 code423n4 opened 3 years ago
2
No ERC20 safe* versions called

#181 code423n4 closed 3 years ago
1
ERC20 return values not checked

#180 code423n4 closed 3 years ago
2
Pool can be curated several times

#179 code423n4 closed 3 years ago
2
BondVault `BASE` incentive can be gamed

#178 code423n4 opened 3 years ago
2
Possible to deny proposal creations

#177 code423n4 closed 3 years ago
1
Vote weight can be manipulated

#176 code423n4 opened 3 years ago
2
BondVault fails if no SPARTA in DAO

#175 code423n4 opened 3 years ago
3
delisting bond assets does not remove from array

#174 code423n4 opened 3 years ago
2
DAO.setGenesisFactors sets wrong `erasToEarn`

#173 code423n4 opened 3 years ago
2
Missleading onlyDAO modifiers

#172 code423n4 opened 3 years ago
3
Missing slippage checks

#171 code423n4 closed 3 years ago
1
`calcAsymmetricValueToken` never used

#170 code423n4 opened 3 years ago
0
`MemberWithdraws` event not fired

#169 code423n4 closed 3 years ago
1
SynthVault withdraw forfeits rewards

#168 code423n4 opened 3 years ago
1
SynthVault deposit lockup bypass

#167 code423n4 opened 3 years ago
2
SynthVault rewards can be gamed

#166 code423n4 opened 3 years ago
1
Missing onlyPool modifier on burnSynth

#165 code423n4 closed 3 years ago
1
Unbounded iteration in DAO claimAllForMember

#164 code423n4 closed 3 years ago
1
Unbounded iteration in Synth Vault

#163 code423n4 opened 3 years ago
2
`removeLiquiditySingle` loses funds

#162 code423n4 closed 3 years ago
1
Can accidentally lose tokens when removing liquidity from pool 2

#161 code423n4 opened 3 years ago
2
Can accidentally lose tokens when removing liquidity from pool

#160 code423n4 closed 3 years ago
3
Synth: Can accidentally burn tokens by sending them to zero

#159 code423n4 opened 3 years ago
3
Pool: Can accidentally burn tokens by sending them to zero

#158 code423n4 opened 3 years ago
1
DAO approval amount too high for token

#157 code423n4 opened 3 years ago
2
DAO approval amount too high for BASE

#156 code423n4 opened 3 years ago
2
Synth: approveAndCall sets unnecessary approval

#155 code423n4 opened 3 years ago
0
Pool: approveAndCall sets unnecessary approval

#154 code423n4 opened 3 years ago
0
Synth: cannot change approval once set to max value

#153 code423n4 closed 3 years ago
2
Pool: cannot change approval once set to max value

#152 code423n4 closed 3 years ago
1
Pools can be created without initial liquidity

#151 code423n4 opened 3 years ago
1
Unbounded iteration in `curatedPoolCount`

#150 code423n4 closed 3 years ago
2
`createPool` does not check that token has 18 decimals

#149 code423n4 closed 3 years ago
2
`createPoolADD` does not work with BNB

#148 code423n4 closed 3 years ago
1
Missing parameter validation

#147 code423n4 opened 3 years ago
1
Variable one in Utils.sol can be set to constant

#146 code423n4 opened 3 years ago
0
Function purgeDeployer() should be declared external in BondVault.sol

#145 code423n4 opened 3 years ago
0
Missing zero address check on BondVault constructor

#144 code423n4 opened 3 years ago
0
Strict equality used in claimForMemeber()

#143 code423n4 opened 3 years ago
1
DaoVault/ BondVault/ SynthVault are vulnerable to price manipulation.

#142 code423n4 closed 3 years ago
2
Incorrect event parameter in MemberWithdraws

#141 code423n4 closed 3 years ago
2
Unnecessary/Incorrect onlyDAO modifier could be an indication of missing access control

#140 code423n4 closed 3 years ago
2

Previous Next