issues
search
code-423n4
/
2021-09-yaxis-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Lack of Documentation in Swaps.sol
#164
code423n4
closed
2 years ago
1
Anyone can call harvestNextStrategy with a very low amount of _estimated tokens
#163
code423n4
closed
2 years ago
2
Normalize decimals doesn't work for >18 decimals
#162
code423n4
closed
2 years ago
2
Carefully add tokens to the list that the protocol uses
#161
code423n4
closed
2 years ago
2
Use mutex lock on VaultHelper.sol
#160
code423n4
closed
2 years ago
1
_harvest and _swap
#159
code423n4
closed
2 years ago
2
Adding assymetric liquidity in _addLiquidity results in fewer LP tokens minted than what should be wanted
#158
code423n4
opened
2 years ago
2
_addLiquidity will lose user funds due to frontrunning.
#157
code423n4
closed
2 years ago
2
getMostPremium() does not necessarily return the best asset to trade for.
#156
code423n4
opened
2 years ago
1
Consider adding a pause modifier.
#155
code423n4
closed
2 years ago
2
Certain view functions should never be used in code, only UI. They are easily manipulated.
#154
code423n4
closed
2 years ago
4
Be aware that transactions can be frontrun to exactly the estimated amount.
#153
code423n4
opened
2 years ago
1
Consider using a solidity version >= 0.8.0
#152
code423n4
closed
2 years ago
2
Uninitialized variables are automatically set to 0
#151
code423n4
closed
2 years ago
3
Add non-zero address checks.
#150
code423n4
closed
2 years ago
2
Earn and Harvest work when halted
#149
code423n4
closed
2 years ago
4
Missing zero-address check in `setGovernance`
#148
code423n4
closed
2 years ago
2
Issue in balance update in `setCap`
#147
code423n4
closed
2 years ago
2
`harvestNextStrategy` can be optimized
#146
code423n4
opened
2 years ago
2
`maxStrategies` can be lower than existing strategies
#145
code423n4
opened
2 years ago
2
Missing check in `reorderStrategies`
#144
code423n4
opened
2 years ago
2
`tokens[i]` can be memorized
#143
code423n4
opened
2 years ago
3
Unsafe 'safeApprove'
#142
code423n4
closed
2 years ago
2
Unnecessary `balanceOfWant() > 0`
#141
code423n4
opened
2 years ago
1
Harvest can be frontrun
#140
code423n4
opened
2 years ago
2
`getMostPremium()` can be wrong
#139
code423n4
opened
2 years ago
5
Earn process emits two events that can be arranged into one
#138
code423n4
opened
2 years ago
1
`convert` fails for fee-on-transfer tokens
#137
code423n4
closed
2 years ago
4
Vault.withdraw can be unfair
#136
code423n4
closed
2 years ago
2
Unclear `totalDepositCap`
#135
code423n4
opened
2 years ago
1
`cap` isn't enforced
#134
code423n4
opened
2 years ago
4
No slippage checks can lead to sandwich attacks
#133
code423n4
opened
2 years ago
2
`Vault.balance()` mixes normalized and standard amounts
#132
code423n4
opened
2 years ago
1
`Vault.withdraw` mixes normalized and standard amounts
#131
code423n4
opened
2 years ago
1
`Controller.inCaseStrategyGetStuck` does not update balance
#130
code423n4
opened
2 years ago
1
`Controller.withdrawAll` sets wrong vault balance
#129
code423n4
closed
2 years ago
2
`Controller.setCap` sets wrong vault balance
#128
code423n4
opened
2 years ago
2
VaultHelper deposits don't work with fee-on transfer tokens
#127
code423n4
opened
2 years ago
2
token -> vault mapping can be overwritten
#126
code423n4
opened
2 years ago
1
Gas: Timestamp in router swap can be hardcoded
#125
code423n4
opened
2 years ago
2
Gas: Loop in `StablesConverter.expected` can be avoided
#124
code423n4
opened
2 years ago
1
Gas: Loop in `StablesConverter.convert` can be avoided
#123
code423n4
opened
2 years ago
1
Withdraw event uses wrong parameter
#122
code423n4
opened
2 years ago
1
`Vault.withdraw` sometimes burns too many shares
#121
code423n4
opened
2 years ago
2
`Vault.balanceOfThis` values all tokens equally
#120
code423n4
closed
2 years ago
2
Gas: Same modifiers are repeatedly computed in `Vault.depositMultiple`
#119
code423n4
closed
2 years ago
2
Gas: Unnecessary addition in `Vault.deposit`
#118
code423n4
opened
2 years ago
2
Gas: `removeStrategy` iteration over all strategies can be avoided
#117
code423n4
opened
2 years ago
1
Gas: `removeToken` iteration over all tokens can be avoided
#116
code423n4
opened
2 years ago
2
Pending strategist timelock works on next block
#115
code423n4
closed
2 years ago
3
Next