code-423n4 2021-09-wildcredit-findings issues

code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Race condition on ERC20 approval

#120 code423n4 opened 2 years ago
0
Use constructors instead of init functions

#119 code423n4 closed 2 years ago
2
Add nonReentrant modifiers to uniswap position methods + Check effects pattern

#118 code423n4 opened 2 years ago
2
Incorrect implementation of chainlink oracle

#117 code423n4 closed 2 years ago
2
Oracle should call latestRoundData instead.

#116 code423n4 opened 2 years ago
1
Improper File Imports

#115 code423n4 opened 2 years ago
2
UniswapV3Oracle.setUniPriceConverter is not checking for valid address

#114 code423n4 closed 2 years ago
3
Lack of checks for address in `UniswapV3Oracle.constructor`

#113 code423n4 closed 2 years ago
3
Lack of check for address(0) in `LendingPair.depositUniPosition`

#112 code423n4 opened 2 years ago
2
Lack of checks for addresses in `LendingPair.initialize`

#111 code423n4 closed 2 years ago
2
LPTokenMaster.initialize is not checking for addresses not being 0

#110 code423n4 closed 2 years ago
2
`InterestRateModel` Constructor doesn't have checks for _minRate, _lowRate and _highRate, while setters do

#109 code423n4 closed 2 years ago
1
Style issues

#108 code423n4 opened 2 years ago
0
Unused imports

#107 code423n4 opened 2 years ago
1
Reading from the storage multiple times

#106 code423n4 closed 2 years ago
2
Ensure targetUtilization > 0

#105 code423n4 opened 2 years ago
2
Reduce the number of divisions in _timeRateToBlockRateit

#104 code423n4 closed 2 years ago
1
Only accept ETH from WETH contract

#103 code423n4 opened 2 years ago
2
Misleading message and inclusive check in function setTargetUtilization

#102 code423n4 closed 2 years ago
2
Oracle response assumes 8 decimals

#101 code423n4 opened 2 years ago
1
Emit events when setting the initial values in the constructor

#100 code423n4 opened 2 years ago
0
TridentRouter.addLiquidity() Add liquidity to IndexPool through TridentRouter may casue loss of a small portion of users funds

#99 code423n4 closed 2 years ago
1
`IndexPool.mint` The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss

#98 code423n4 closed 2 years ago
1
`HybridPool._updateReserves` Wrong implementation

#97 code423n4 closed 2 years ago
1
`IndexPool.mint()` Unchecked arithmetic can overflow that allows stealing of almost all the funds in the pool

#96 code423n4 closed 2 years ago
1
IndexPool.INIT_POOL_SUPPLY is too large, which may cause a significant amount of fund loos to the first liquidity provider

#95 code423n4 closed 2 years ago
1
TridentRouter.isWhiteListed(...) Misleading name

#94 code423n4 closed 2 years ago
1
Use unchecked{} primitive to save gas where possible

#93 code423n4 closed 2 years ago
2
Converting state variables to immutable will save storage slots and gas

#92 code423n4 closed 2 years ago
1
Reordering state variable declarations to prevent incorrect packing can save slots/gas

#91 code423n4 opened 2 years ago
0
Avoiding unnecessary SSTORE can save gas

#90 code423n4 opened 2 years ago
0
`setLowRate()` Misleading error message

#89 code423n4 closed 2 years ago
3
Using msg.sender or cached locals in emits instead of state variables saves gas

#88 code423n4 opened 2 years ago
0
Unused parameter removal can save gas

#87 code423n4 opened 2 years ago
0
`setTargetUtilization()` Misleading error message

#86 code423n4 opened 2 years ago
0
Moving checks before other logic can save gas

#85 code423n4 opened 2 years ago
0
Use unchecked{} primitive to save gas where possible

#84 code423n4 opened 2 years ago
0
`setHighRate()` Insufficient input validation

#83 code423n4 closed 2 years ago
2
Input validation on amount > 0 will save gas

#82 code423n4 opened 2 years ago
0
Input validation on positionID not being 0 will save gas

#81 code423n4 opened 2 years ago
0
Redundant zero-address checks

#80 code423n4 opened 2 years ago
0
Caching state variables in local/memory variables avoids SLOADs to save gas

#79 code423n4 opened 2 years ago
0
`repayAllETH()` The check if amount is valid can be done earlier

#78 code423n4 closed 2 years ago
2
Clone-and-own approach used for OZ libraries is susceptible to errors and missing upstream bug fixes

#77 code423n4 opened 2 years ago
2
Lack of guarded launch approach may be risky

#76 code423n4 opened 2 years ago
2
Token address should not be PairFactory address

#75 code423n4 closed 2 years ago
2
Missing event for this critical onlyOperator function where the operator can arbitrarily change name+symbol

#74 code423n4 opened 2 years ago
2
Cache and check decimals before write storage can save gas

#73 code423n4 opened 2 years ago
0
Missing timelock for critical contract setters of privileged roles

#72 code423n4 closed 2 years ago
2
Renouncing ownership is not allowed

#71 code423n4 opened 2 years ago
2