code-423n4 2021-07-spartan-findings issues

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Missing onlyPool modifier for burnSynth()

#139 code423n4 closed 3 years ago
1
Unused/Incorrect onlyDAO modifier could be an indication of missing access control

#138 code423n4 closed 3 years ago
2
Missing check for already curated pool being re-curated

#137 code423n4 opened 3 years ago
1
Missing check for token type/decimals in createPool

#136 code423n4 opened 3 years ago
2
Incorrect event parameter logs zero address instead of WBNB

#135 code423n4 opened 3 years ago
1
Number of curated pools can only be 10 at any point

#134 code423n4 opened 3 years ago
0
Members lose SPARTA tokens in removeLiquiditySingle()

#133 code423n4 opened 3 years ago
1
Potential reentrancy may lead to unexpected behavior

#132 code423n4 opened 3 years ago
2
Lack of require() allows control flow to proceed leading to undefined behavior

#131 code423n4 opened 3 years ago
2
Missing isListedPool checks may lead to lock/loss of user funds

#130 code423n4 opened 3 years ago
1
Unnecessary redundant check for basisPoints

#129 code423n4 opened 3 years ago
0
Unused _token potentially indicates missing logic or is dead code

#128 code423n4 opened 3 years ago
3
Missing check for toPool != fromPool

#127 code423n4 opened 3 years ago
1
receive() function in Router allows locking of accidentally sent user’s BNB

#126 code423n4 opened 3 years ago
2
Duplicated functionality in two functions is a maintainability risk

#125 code423n4 opened 3 years ago
3
Use safeTransfer/safeTransferFrom instead of transfer/transferFrom

#124 code423n4 closed 3 years ago
1
Misplaced logic leads to loss of member bondedLP funds

#123 code423n4 closed 3 years ago
2
isMember and arrayMembers are only added to but never removed from

#122 code423n4 opened 3 years ago
2
Broken access control leads to protocol functionality freeze

#121 code423n4 closed 3 years ago
1
Attacker can trigger pool sync leading to user fund loss

#120 code423n4 opened 3 years ago
3
Incorrect event parameter used in emit

#119 code423n4 opened 3 years ago
1
Unnecessary payable attribute may allow users to send/lock BNB accidentally

#118 code423n4 closed 3 years ago
1
Missing zero-address check on recipient address in transfer

#117 code423n4 opened 3 years ago
1
transferFrom does not check/reduce allowance if current allowance is type(uint256).max

#116 code423n4 closed 3 years ago
3
Decrease allowance attempt will fail silently if current allowance is type(uint256).max

#115 code423n4 closed 3 years ago
0
Return value not checked(bool) in Synth.sol

#114 code423n4 closed 3 years ago
2
Return value not checked(bool) in Pool.sol

#113 code423n4 closed 3 years ago
2
Return value not checked(bool) in Dao.sol

#112 code423n4 closed 3 years ago
2
Return value not checked(bool) in BondVault.sol

#111 code423n4 closed 3 years ago
1
withdraw() not defined (Router.sol#217)

#110 code423n4 opened 3 years ago
2
Deployer backdoors in DAOVault, Router and SynthVault contracts

#109 code423n4 closed 3 years ago
1
Unused threshold function indicates missing logic or dead code

#108 code423n4 closed 3 years ago
2
Old DAO continues to exist/function even after moving to a new DAO

#107 code423n4 opened 3 years ago
2
Vote removals for critical proposal types are not re-checked for hasMajority at execution

#106 code423n4 closed 3 years ago
2
Attackers can grief voting by removing votes just before finalization

#105 code423n4 opened 3 years ago
2
Event log poisoning by griefing attackers

#104 code423n4 opened 3 years ago
2
Lack of input validation in new proposals leads to loss of fee/gas and can block progress for 15 days

#103 code423n4 closed 3 years ago
1
DAO can be DoS’ed causing it to make no progress on valid proposals

#102 code423n4 closed 3 years ago
1
Deflationary assets are not handled uniformly across the protocol

#101 code423n4 opened 3 years ago
2
Max approvals are risky

#100 code423n4 opened 3 years ago
1
Unused membership logic

#99 code423n4 opened 3 years ago
2
Address confusion allows attacker to reset any user’s harvest rewards

#98 code423n4 closed 3 years ago
1
Address confusion causes incorrect accounting of user’s harvest rewards

#97 code423n4 opened 3 years ago
2
Purging DAO deployer immediately in a single-step is risky

#96 code423n4 opened 3 years ago
2
Type mismatch between parameters of setGenesisFactors() and state variables

#95 code423n4 opened 3 years ago
2
Missing event emit for MemberWithdraws

#94 code423n4 opened 3 years ago
2
Missing zero-address checks in constructors and setters

#93 code423n4 opened 3 years ago
0
Critical protocol parameter changes should have timelocked enforcement

#92 code423n4 closed 3 years ago
2
Critical protocol parameter changes should have sanity/threshold checks

#91 code423n4 opened 3 years ago
2
Critical protocol parameter changes should emit events

#90 code423n4 opened 3 years ago
2

Previous Next