code-423n4 2021-08-yield-findings issues

code-423n4 / 2021-08-yield-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Rewards accumaulated can stay constant and oftern not increment

#65 code423n4 opened 3 years ago
2
Rewards squatting - setting rewards in different ERC20 tokens opens various economic attacks.

#64 code423n4 opened 3 years ago
2
Timelock.sol: Indexing targets array might not be useful

#63 code423n4 opened 3 years ago
3
Strategy.sol: startPool() can possibly be flashloaned

#62 code423n4 closed 3 years ago
2
Methods should be external instead of public

#61 code423n4 opened 3 years ago
3
ERC20Rewards.sol: Unnecessary return argument for _updateRewardsPerToken()

#60 code423n4 opened 3 years ago
2
ERC20Rewards.sol: Use TransferHelper for rewardsToken

#59 code423n4 closed 2 years ago
2
ERC20Rewards.sol: latest() is unused

#58 code423n4 opened 3 years ago
1
ERC20Rewards.sol: Have a method to calculate the latest rewardsPerToken accumulated value

#57 code423n4 opened 3 years ago
1
ERC20Rewards.sol: Consider making rewardsToken immutable

#56 code423n4 opened 3 years ago
2
Missing check for contract existence

#55 code423n4 opened 3 years ago
2
Unused cauldron_ parameter

#54 code423n4 opened 3 years ago
1
Multiple solc versions may be allowed

#53 code423n4 opened 3 years ago
2
Missing zero-address checks

#52 code423n4 opened 3 years ago
2
Missing emits for events

#51 code423n4 opened 3 years ago
1
Upgrading solc compiler version may help with bug fixes 

#50 code423n4 opened 3 years ago
2
Missing input validation to check that end > start

#49 code423n4 opened 3 years ago
2
Check made redundant by following check

#48 code423n4 opened 3 years ago
2
Redundant check 

#47 code423n4 opened 3 years ago
2
Two functions with same code can be replaced by a single one

#46 code423n4 opened 3 years ago
2
Not using memory data location specifier for external function parameters will save gas

#45 code423n4 opened 3 years ago
2
Using parameters or local variables instead of state variables in event emits can save gas

#44 code423n4 opened 3 years ago
2
Caching state variable in local variables for repeated reads saves gas by converting expensive SLOADs into much cheaper MLOADs

#43 code423n4 opened 3 years ago
2
Changing function visibility from public to external saves gas

#42 code423n4 opened 3 years ago
2
Storage slot packing impacts gas efficiency 

#41 code423n4 opened 3 years ago
2
lack of zero address validation in constructor

#40 code423n4 opened 3 years ago
2
Gas optimization on `_updateRewardsPerToken` of `ERC20Rewards`

#39 code423n4 opened 3 years ago
1
Exchange rates from Compound are assumed with 18 decimals

#38 code423n4 opened 3 years ago
2
Uninitialized `updateTime` variables in `CompositeMultiOracle`

#37 code423n4 opened 3 years ago
3
Use `safeTransfer` instead of `transfer`

#36 code423n4 opened 3 years ago
1
Using unlocked/floating pragmas

#35 code423n4 opened 3 years ago
2
Gas: `ERC20Rewards._updateRewardsPerToken` return value is not needed

#34 code423n4 opened 3 years ago
1
Gas: `TimeLock.setDelay` reads storage variable for event

#33 code423n4 opened 3 years ago
1
No slippage protection in Strategy

#32 code423n4 closed 3 years ago
2
No ERC20 safe* versions called

#31 code423n4 opened 3 years ago
2
ERC20Rewards claiming can fail if no reward tokens

#30 code423n4 opened 3 years ago
1
ERC20Rewards breaks when setting a different token

#29 code423n4 opened 3 years ago
2
ERC20Rewards returns wrong rewards if no tokens initially exist

#28 code423n4 opened 3 years ago
2
TimeLock cannot schedule the same calls multiple times

#27 code423n4 opened 3 years ago
2
CompositeMultiOracle returns wrong decimals for prices?

#26 code423n4 opened 3 years ago
3
The `Strategy.Divest` event is not fired

#25 code423n4 opened 3 years ago
1
The `Strategy.Invest` event is not fired

#24 code423n4 opened 3 years ago
1
`_peek` does not work for tokens with > 18 decimals

#23 code423n4 opened 3 years ago
1
Missing parameter validation

#22 code423n4 opened 3 years ago
2
EmergencyBrake.sol: Permissions cannot be re-planned after termination

#21 code423n4 opened 3 years ago
2
Unchecked return value from transfer()

#20 code423n4 opened 3 years ago
2
Incorrect type of uint parameter is used in event

#19 code423n4 opened 3 years ago
2
Different definition of beforeMaturity() and afterMaturity() modifier in different file

#18 code423n4 opened 3 years ago
3
Floating Pragma

#17 code423n4 opened 3 years ago
1
CompositeMultiOracle.sol - bases.length in setSources() and setPaths() can be stored in a variable

#16 code423n4 opened 3 years ago
1