issues
search
code-423n4
/
2021-09-yaxis-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Max approvals are risky if contract is malicious/compromised
#64
code423n4
opened
2 years ago
1
safeApprove may revert for non-zero to non-zero approvals
#63
code423n4
opened
2 years ago
2
Missing support/documentation for use of deflationary tokens in protocol
#62
code423n4
opened
2 years ago
1
Removing the explicit return in favor of the used named return will save some gas
#61
code423n4
closed
2 years ago
2
onlyEnabledConverter modifier is not used in all functions
#60
code423n4
opened
2 years ago
1
Vault may not have enough tokens for withdraw
#59
code423n4
closed
2 years ago
2
Removing unused parameter and modifier can save gas
#58
code423n4
opened
2 years ago
3
No use of notHalted in LegacyController functions
#57
code423n4
opened
2 years ago
1
Caching state variables in local/memory variables avoids SLOADs to save gas
#56
code423n4
closed
2 years ago
4
Change public visibility to external
#55
code423n4
opened
2 years ago
2
Missing canHarvest() in harvest()
#54
code423n4
closed
2 years ago
3
100% is a very loose threshold for slippage
#53
code423n4
closed
2 years ago
2
Incorrect access control on Harvester add/remove strategy functions
#52
code423n4
closed
2 years ago
2
Missing notHalted modifier on inCaseStrategyGetStuck() and inCaseTokensGetStuck()
#51
code423n4
closed
2 years ago
3
manager.allowedVaults check missing for add/remove strategy
#50
code423n4
opened
2 years ago
2
Unused event may be unused code or indicative of missed emit/logic
#49
code423n4
opened
2 years ago
1
There is no corresponding setResume() for setHalted()
#48
code423n4
closed
2 years ago
3
Halting the protocol should be onlyGovernance and not onlyStrategist
#47
code423n4
opened
2 years ago
2
Removal of last token in the array can be optimized
#46
code423n4
opened
2 years ago
1
Missing check for duplicate token in addToken
#45
code423n4
closed
2 years ago
4
Single-step change of governance address is extremely risky
#44
code423n4
opened
2 years ago
2
Rearranging declaration of state variables will save storage slots because of packing
#43
code423n4
opened
2 years ago
3
Tokens with > 18 decimals will break logic
#42
code423n4
opened
2 years ago
1
User may receive less than the eligible amount per the shares being withdrawn
#41
code423n4
closed
2 years ago
4
Relying on setters for initialisation of critical parameters is risky
#40
code423n4
closed
2 years ago
2
Checking for non-zero amounts before payment functions saves gas
#39
code423n4
closed
2 years ago
2
Missing sanity/threshold check on totalDepositCap may cause DoS
#38
code423n4
opened
2 years ago
1
Missing timelock for critical contract setters of privileged roles
#37
code423n4
closed
2 years ago
1
Missing events for critical contract setters of privileged roles
#36
code423n4
closed
2 years ago
2
Missing zero-address checks
#35
code423n4
opened
2 years ago
1
Unbounded arrays may lead to OOG exception
#34
code423n4
closed
2 years ago
3
Checking array length match can save gas by preventing expensive external calls
#33
code423n4
closed
2 years ago
3
Lack of vault address input validation may lead to loss of funds
#32
code423n4
closed
2 years ago
3
Checking allowed tokens can save gas by preventing expensive external calls
#31
code423n4
closed
2 years ago
2
Checking for zero amounts can save gas by preventing expensive external calls
#30
code423n4
opened
2 years ago
2
Old Solidity compiler version
#29
code423n4
closed
2 years ago
2
Controller does not raise an error when there's insufficient liquidity
#28
code423n4
opened
2 years ago
1
Vault does not normalize decimal on withdrawing
#27
code423n4
closed
2 years ago
2
hijack the vault by pumping vault price.
#26
code423n4
opened
2 years ago
1
vault cap's at totalSupply would behave unexpectedly
#25
code423n4
opened
2 years ago
2
Strategy is not cap at strategy's cap
#24
code423n4
closed
2 years ago
2
missing safety check in addStrategy
#23
code423n4
opened
2 years ago
2
Reordering of strategies on Controller does not reorder strategies in Harvester
#22
code423n4
closed
2 years ago
2
Possibility to Stake Twice
#21
code423n4
closed
2 years ago
3
extra array length check in depositMultipleVault
#20
code423n4
opened
2 years ago
2
Possible division by 0 in withdraw of Vault.sol
#19
code423n4
closed
2 years ago
3
Save a step in withdraw of Vault.sol
#18
code423n4
opened
2 years ago
1
shadowing of strategies
#17
code423n4
opened
2 years ago
3
harvestNextStrategy never executes because lastCalled is 0 and stays 0
#16
code423n4
closed
2 years ago
2
Inefficient algo to find if a strategy exists
#15
code423n4
closed
2 years ago
2
Previous
Next