code-423n4 2021-12-amun-findings issues

code-423n4 / 2021-12-amun-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

There is a payable receive function in SingleNativeTokenExit.sol with no logic to recover sent eth

#297 code423n4 closed 2 years ago
1
Users can be frontrunned with higher fees

#296 code423n4 opened 2 years ago
0
Missing zero address validation on setRebalanceManager function

#295 code423n4 opened 2 years ago
2
token.approve() doesn’t check return value

#294 code423n4 opened 2 years ago
1
rounding error not in favor of the system

#293 code423n4 opened 2 years ago
0
Validate diamond implementation is not empty

#292 code423n4 opened 2 years ago
1
_swapsV3 after the _swapsV2

#291 code423n4 opened 2 years ago
0
Owner can lock any of basket tokens

#290 code423n4 closed 2 years ago
2
_maxApprove user input

#289 code423n4 opened 2 years ago
1
An array's length should be cached to save gas in for-loops

#288 code423n4 closed 2 years ago
1
It might not be possible to withdraw tokens from the basket

#287 code423n4 opened 2 years ago
1
uniSwapLikeRouter or swap.exchange

#286 code423n4 opened 2 years ago
0
Owner of the BasketFacet can cause DoS for `exitPool(...)` function

#285 code423n4 closed 2 years ago
2
Frontrunning attack via swap token functionality

#284 code423n4 closed 2 years ago
3
`totalSupply` may exceed `LibBasketStorage.basketStorage().maxCap`

#283 code423n4 opened 2 years ago
0
Lock time is dependent on the average block time

#282 code423n4 closed 2 years ago
2
Assigning keccak operations to constant variables results in extra gas costs

#281 code423n4 opened 2 years ago
0
Annualized fee APY dependence on the frequency of executing a function

#280 code423n4 opened 2 years ago
1
Recalculation of the variables inside the loop

#279 code423n4 closed 2 years ago
1
Owner can add more tokens than `MAX_TOKENS` in `BasketFacet`

#278 code423n4 opened 2 years ago
1
emit Transfer on withdraw

#277 code423n4 opened 2 years ago
0
It is possible to "uninitialize" `ERC20Facet` contract

#276 code423n4 opened 2 years ago
0
mint and burn of PolygonERC20Wrapper

#275 code423n4 opened 2 years ago
1
Multiplying the result of division

#274 code423n4 closed 2 years ago
1
Incorrect revert reason in `CallFacet::addCaller(...)`

#273 code423n4 opened 2 years ago
1
Division by `10 ** 18`

#272 code423n4 opened 2 years ago
0
Redundant rewriting to memory

#271 code423n4 opened 2 years ago
0
Call function internally instead of externally

#270 code423n4 opened 2 years ago
0
Approve 0 first

#269 code423n4 opened 2 years ago
0
Use id to manage itarable addresses

#268 code423n4 opened 2 years ago
0
Open TODOs

#267 code423n4 opened 2 years ago
1
Add `contractOwner` to `canCall` in `CallFacet`

#266 code423n4 opened 2 years ago
0
Tokens can be sent directly

#265 code423n4 closed 2 years ago
1
Assigning local variables to unchanging storage variables

#264 code423n4 opened 2 years ago
0
.transfer is used for transferring native asset

#263 code423n4 closed 2 years ago
1
10**18 = HUNDRED_PERCENT

#262 code423n4 opened 2 years ago
0
TODOs

#261 code423n4 closed 2 years ago
1
Pack structs tightly

#260 code423n4 opened 2 years ago
0
Assigned operations to constant variables

#259 code423n4 closed 2 years ago
1
_referral is meaningless

#258 code423n4 closed 2 years ago
2
Not used variables

#257 code423n4 opened 2 years ago
1
setLock may overwrite any currently active lockBlock

#256 code423n4 closed 2 years ago
1
Missing zero address check in setRebalanceManager

#255 code423n4 opened 2 years ago
1
Creator of pie can mint any amount of _initialSupply, and drain underlying tokens via exitPool

#254 code423n4 closed 2 years ago
2
ETH that is accidentally sent to a receive() function cannot be withdrawn

#253 code423n4 opened 2 years ago
0
`callFacet` is based on unprotected calls

#252 code423n4 closed 2 years ago
2
User created baskets are owned by defaultController

#251 code423n4 closed 2 years ago
1
With `protectedCall` permission funds of other users can be stolen

#250 code423n4 closed 2 years ago
1
Loops can be implemented more efficiently

#249 code423n4 opened 2 years ago
0
At `CallFacet.sol#removeCaller` use delete rather than setting false

#248 code423n4 closed 2 years ago
1