code-423n4 2021-09-swivel-findings issues

code-423n4 / 2021-09-swivel-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Math's operations order in Swivel's functions

#162 code423n4 opened 2 years ago
1
Better Math in `calculateReturn`

#161 code423n4 opened 2 years ago
1
Admin can abuse onlySwivel

#160 code423n4 closed 2 years ago
2
Creating the same market shouldn't be possible

#159 code423n4 closed 2 years ago
1
`setFee` input check (and event)

#158 code423n4 closed 2 years ago
1
balanceOf should be a _view_ function

#157 code423n4 opened 2 years ago
1
fee-on-transfer underlying can cause problems

#156 code423n4 opened 2 years ago
3
Unsafe handling of underlying tokens

#155 code423n4 opened 2 years ago
1
chainId shouldn't be considered constant

#154 code423n4 closed 2 years ago
0
Style issues

#153 code423n4 opened 2 years ago
2
matureVault can receive maturityRate cheapier

#152 code423n4 closed 2 years ago
2
'matured' can be replaced by 'maturityRate' > 0

#151 code423n4 opened 2 years ago
1
fixed-size array for fenominator

#150 code423n4 closed 2 years ago
0
Functions returning boolean

#149 code423n4 opened 2 years ago
0
'onlyAdmin' and 'onlySwivel' modifiers

#148 code423n4 opened 2 years ago
1
'mature' and 'maturityRate' do not need separate mappings

#147 code423n4 opened 2 years ago
3
Cache storage access

#146 code423n4 closed 2 years ago
0
Can cancel the same order again

#145 code423n4 opened 2 years ago
1
Override existing market

#144 code423n4 closed 2 years ago
1
Missing events/timelocks for owner/admin only functions that change critical parameters

#143 code423n4 closed 2 years ago
2
Underlying can be fetched from cToken

#142 code423n4 opened 2 years ago
3
Two-step change of a swivel address

#141 code423n4 closed 2 years ago
1
The 'domain' is not recalculated in case of a hard fork

#140 code423n4 closed 2 years ago
0
Order of params in event Mature

#139 code423n4 closed 2 years ago
2
Boundaries for fenominator

#138 code423n4 closed 2 years ago
1
Validations in setFee

#137 code423n4 opened 2 years ago
0
uToken ERC20 approve method missing return value check #L109

#136 code423n4 closed 2 years ago
1
Return value of transferNotionalFee

#135 code423n4 opened 2 years ago
1
Safe transfers of tokens

#134 code423n4 closed 2 years ago
1
Consider using ECDSA library for signature verifications

#133 code423n4 closed 2 years ago
1
immutable admin means you can't "burn your keys"

#132 code423n4 closed 2 years ago
2
Magic Number 1e26 would best replace by a constant in `VaultTracker`

#131 code423n4 opened 2 years ago
1
The requires used in `p2pVaultExchange` `transferVaultNotional` in Marketplace.sol are not necessary

#130 code423n4 opened 2 years ago
1
Redundant `require` in Swivel.sol

#129 code423n4 opened 2 years ago
1
require(mPlace.custodialExit) in Swivel.sol is redundant

#128 code423n4 opened 2 years ago
1
exitZcTokenFillingZcTokenInitiate in Swivel.sol, token transfer may fail without function reverting

#127 code423n4 closed 2 years ago
0
Swivel.sol transfer of tokens in `initiateZcTokenFillingZcTokenExit` and `initiateVaultFillingVaultExit` can fail without reverting causing account problems

#126 code423n4 closed 2 years ago
0
Swivel.sol - marketplace is an immutable address, yet is always casted to MarketPlace - store as MarketPlace to make code cleaner

#125 code423n4 opened 2 years ago
2
Swivel.sol constructor, lack of validation for address not being zero

#124 code423n4 closed 2 years ago
0
lack of zero address validation in constructor

#123 code423n4 closed 2 years ago
1
lack of event emission after sensitive action

#122 code423n4 closed 2 years ago
0
resubmission : No limitatiion on fees

#121 code423n4 closed 2 years ago
0
No limitatiion on fees

#120 code423n4 closed 2 years ago
0
swivel and marketPlace contract does not implement the mechanisim to renounce the role of admin

#119 code423n4 opened 2 years ago
1
lack of input validation of array in exit()

#118 code423n4 closed 2 years ago
0
lack of input validation of arrays

#117 code423n4 closed 2 years ago
0
Bounded array lengths or checking gasleft will save gas from OOGs

#116 code423n4 opened 2 years ago
1
Avoiding initialization of loop index can save a little gas

#115 code423n4 opened 2 years ago
1
Converting fenominator to a static array will save storage slots and gas

#114 code423n4 opened 2 years ago
1
+= can be replaced by =

#113 code423n4 opened 2 years ago
2