issues
search
code-423n4
/
2021-12-amun-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
There is a payable receive function in SingleNativeTokenExit.sol with no logic to recover sent eth
#297
code423n4
closed
2 years ago
1
Users can be frontrunned with higher fees
#296
code423n4
opened
2 years ago
0
Missing zero address validation on setRebalanceManager function
#295
code423n4
opened
2 years ago
2
token.approve() doesn’t check return value
#294
code423n4
opened
2 years ago
1
rounding error not in favor of the system
#293
code423n4
opened
2 years ago
0
Validate diamond implementation is not empty
#292
code423n4
opened
2 years ago
1
_swapsV3 after the _swapsV2
#291
code423n4
opened
2 years ago
0
Owner can lock any of basket tokens
#290
code423n4
closed
2 years ago
2
_maxApprove user input
#289
code423n4
opened
2 years ago
1
An array's length should be cached to save gas in for-loops
#288
code423n4
closed
2 years ago
1
It might not be possible to withdraw tokens from the basket
#287
code423n4
opened
2 years ago
1
uniSwapLikeRouter or swap.exchange
#286
code423n4
opened
2 years ago
0
Owner of the BasketFacet can cause DoS for `exitPool(...)` function
#285
code423n4
closed
2 years ago
2
Frontrunning attack via swap token functionality
#284
code423n4
closed
2 years ago
3
`totalSupply` may exceed `LibBasketStorage.basketStorage().maxCap`
#283
code423n4
opened
2 years ago
0
Lock time is dependent on the average block time
#282
code423n4
closed
2 years ago
2
Assigning keccak operations to constant variables results in extra gas costs
#281
code423n4
opened
2 years ago
0
Annualized fee APY dependence on the frequency of executing a function
#280
code423n4
opened
2 years ago
1
Recalculation of the variables inside the loop
#279
code423n4
closed
2 years ago
1
Owner can add more tokens than `MAX_TOKENS` in `BasketFacet`
#278
code423n4
opened
2 years ago
1
emit Transfer on withdraw
#277
code423n4
opened
2 years ago
0
It is possible to "uninitialize" `ERC20Facet` contract
#276
code423n4
opened
2 years ago
0
mint and burn of PolygonERC20Wrapper
#275
code423n4
opened
2 years ago
1
Multiplying the result of division
#274
code423n4
closed
2 years ago
1
Incorrect revert reason in `CallFacet::addCaller(...)`
#273
code423n4
opened
2 years ago
1
Division by `10 ** 18`
#272
code423n4
opened
2 years ago
0
Redundant rewriting to memory
#271
code423n4
opened
2 years ago
0
Call function internally instead of externally
#270
code423n4
opened
2 years ago
0
Approve 0 first
#269
code423n4
opened
2 years ago
0
Use id to manage itarable addresses
#268
code423n4
opened
2 years ago
0
Open TODOs
#267
code423n4
opened
2 years ago
1
Add `contractOwner` to `canCall` in `CallFacet`
#266
code423n4
opened
2 years ago
0
Tokens can be sent directly
#265
code423n4
closed
2 years ago
1
Assigning local variables to unchanging storage variables
#264
code423n4
opened
2 years ago
0
.transfer is used for transferring native asset
#263
code423n4
closed
2 years ago
1
10**18 = HUNDRED_PERCENT
#262
code423n4
opened
2 years ago
0
TODOs
#261
code423n4
closed
2 years ago
1
Pack structs tightly
#260
code423n4
opened
2 years ago
0
Assigned operations to constant variables
#259
code423n4
closed
2 years ago
1
_referral is meaningless
#258
code423n4
closed
2 years ago
2
Not used variables
#257
code423n4
opened
2 years ago
1
setLock may overwrite any currently active lockBlock
#256
code423n4
closed
2 years ago
1
Missing zero address check in setRebalanceManager
#255
code423n4
opened
2 years ago
1
Creator of pie can mint any amount of _initialSupply, and drain underlying tokens via exitPool
#254
code423n4
closed
2 years ago
2
ETH that is accidentally sent to a receive() function cannot be withdrawn
#253
code423n4
opened
2 years ago
0
`callFacet` is based on unprotected calls
#252
code423n4
closed
2 years ago
2
User created baskets are owned by defaultController
#251
code423n4
closed
2 years ago
1
With `protectedCall` permission funds of other users can be stolen
#250
code423n4
closed
2 years ago
1
Loops can be implemented more efficiently
#249
code423n4
opened
2 years ago
0
At `CallFacet.sol#removeCaller` use delete rather than setting false
#248
code423n4
closed
2 years ago
1
Next