code-423n4 2021-10-pooltogether-findings issues

code-423n4 / 2021-10-pooltogether-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`PrizeSplitStrategy.distribute()` Potentially Distributes Prize and Emits Wrong Event

#64 code423n4 closed 3 years ago
4
Inaccurate Revert Message

#63 code423n4 opened 3 years ago
1
`PrizePool.awardExternalERC721()` Erroneously Emits Events

#62 code423n4 opened 3 years ago
2
Lack of Pause Mechanism

#61 code423n4 opened 3 years ago
2
Unnecessary `SLOAD` Operations

#60 code423n4 closed 3 years ago
2
Comment Typos

#59 code423n4 opened 3 years ago
2
`YieldSourcePrizePool._canAwardExternal()` Does Not Prevent the Deposit Token From Being Withdrawn

#58 code423n4 opened 3 years ago
3
Unnecessary decrement (DrawCalculator.sol)

#57 code423n4 opened 3 years ago
2
Miners Can Re-Roll the VRF Output to Game the Protocol

#56 code423n4 opened 3 years ago
3
Summarize your findings for the bug or vulnerability

#55 code423n4 closed 3 years ago
0
Unnecessary If Before Require (PrizeDistributor.sol)

#54 code423n4 closed 3 years ago
2
Summarize your findings for the bug or vulnerability.

#53 code423n4 closed 3 years ago
0
Style issues

#52 code423n4 opened 3 years ago
3
unchecked arithmetics

#51 code423n4 opened 3 years ago
2
Unnecessary imports

#50 code423n4 opened 3 years ago
4
Less than 256 uints are not efficient

#49 code423n4 opened 3 years ago
2
function _getPrizeSplitAmount can be refactored

#48 code423n4 opened 3 years ago
2
Immutable variables

#47 code423n4 opened 3 years ago
2
Cache values

#46 code423n4 closed 3 years ago
2
staticcall may return true for an invalid _yieldSource

#45 code423n4 opened 3 years ago
2
calculateNextBeaconPeriodStartTime casts timestamp to uint64

#44 code423n4 opened 3 years ago
2
Unnecessary Addition In Loop (PrizeDistributionBuffer.sol)

#43 code423n4 opened 3 years ago
2
Cache array length in for loops can save gas

#42 code423n4 closed 3 years ago
3
`PrizeDistributor.sol#claim()` Remove redundant check can save gas

#41 code423n4 opened 3 years ago
2
`PrizeSplit.sol#_totalPrizeSplitPercentageAmount()` Avoid unnecessary copy from storage to memory can save gas

#40 code423n4 opened 3 years ago
2
`ControlledToken.sol` Unnecessary storage variable

#39 code423n4 closed 3 years ago
2
Adding unchecked directive can save gas

#38 code423n4 opened 3 years ago
2
`PrizePool.sol#_canDeposit()` Remove redundant code can make the code simpler and save some gas

#37 code423n4 opened 3 years ago
2
`PrizePool.sol#setTicket()` Remove unnecessary variable can make the code simpler and save some gas

#36 code423n4 opened 3 years ago
2
`PrizeSplit.sol#distribute()` The value of the event parameter is wrong

#35 code423n4 opened 3 years ago
3
`PrizeSplit.sol#_distributePrizeSplits()` The return value is wrong

#34 code423n4 closed 3 years ago
2
The formula of number of prizes for a degree is wrong

#33 code423n4 opened 3 years ago
2
Gas: `PrizePool.setPrizeSplits` can be simplified

#32 code423n4 closed 3 years ago
2
`PrizeSplit._distributePrizeSplits` returns wrong value

#31 code423n4 closed 3 years ago
2
Deposits don't work with fee-on transfer tokens

#30 code423n4 opened 3 years ago
2
Gas: `PrizePool.captureAwardBalance` computation can be simplified

#29 code423n4 opened 3 years ago
2
`PrizePool` uses `ERC20` for `ERC721`

#28 code423n4 opened 3 years ago
2
`RingBufferLib.newestIndex` returns wrong value when no entries

#27 code423n4 closed 3 years ago
2
Reserve does not correctly implement RingBuffer

#26 code423n4 opened 3 years ago
2
Anyone can claim prizes on behalf of someone

#25 code423n4 opened 3 years ago
2
Unbounded iteration over picks when `claim`ing draws

#24 code423n4 opened 3 years ago
2
Number of prizes math is wrong

#23 code423n4 closed 3 years ago
2
Wrong comment regarding decimal precision of `_calculatePrizeTierFraction`

#22 code423n4 opened 3 years ago
2
Gas: Bitmasks creation can be simplified

#21 code423n4 opened 3 years ago
2
Gas: Default case of `_calculateTierIndex` can return `0`

#20 code423n4 opened 3 years ago
2
Should `safeApprove(0)` first

#19 code423n4 opened 3 years ago
3
Usage of deprecated `safeApprove`

#18 code423n4 opened 3 years ago
2
PrizeSplit uint8 limits

#17 code423n4 opened 3 years ago
2
Gas improvement _transferTwab

#16 code423n4 opened 3 years ago
3
Unnecessary Multiple Return Statements (PrizePool.sol)

#15 code423n4 opened 3 years ago
2