code-423n4 2021-12-amun-findings issues

code-423n4 / 2021-12-amun-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Basket join and exit swaps are partially vulnerable to sandwich attacks

#97 code423n4 closed 2 years ago
1
Token mint without transfer

#96 code423n4 closed 2 years ago
2
User funds could be stuck

#95 code423n4 closed 2 years ago
1
Contract can lose funds

#94 code423n4 closed 2 years ago
2
User can lose Funds

#93 code423n4 closed 2 years ago
2
Gas savings

#92 code423n4 opened 2 years ago
0
Add zero-address check in `setRebalanceManager()`

#91 code423n4 opened 2 years ago
1
In my opinion in the future, hopefully there will be improvements in ui/ux, for the features to be divided into several parts, for example home, swap, leverage and also stake/farm are separated so that it is convenient to use, and will be more detailed because of the separation. This feature is very meaningful to make it easier for users

#90 code423n4 opened 2 years ago
0
"> 0" is less efficient than "!= 0" for unsigned integers

#89 code423n4 closed 2 years ago
1
Unnecessary explicit returns (BaskerFacet)

#88 code423n4 opened 2 years ago
0
Removing redundant code can save gas (RebalanceManager V2 V3, BaskerFacet)

#87 code423n4 opened 2 years ago
0
Cache array length outside of loop

#86 code423n4 closed 2 years ago
1
Don't initialize variables with default value

#85 code423n4 opened 2 years ago
0
Use `!= 0` instead of `> 0` for unsigned integer comparisons

#84 code423n4 closed 2 years ago
1
Function `rebalance` in `RebalanceManager` (v1 and v2) overwrites lock

#83 code423n4 closed 2 years ago
1
Unused variable in `SingleTokenJoinV2.sol`

#82 code423n4 closed 2 years ago
1
Function `joinTokenSingle` in `SingleTokenJoin.sol` and `SingleTokenJoinV2.sol` can be made to fail

#81 code423n4 opened 2 years ago
0
Subtraction in `ERC20Facet::decreaseApproval` could be "unchecked"

#80 code423n4 opened 2 years ago
0
Incorrect comment in `LibBasketStorage.sol`

#79 code423n4 opened 2 years ago
0
Failed transfer with low level call could be overlooked

#78 code423n4 opened 2 years ago
0
dangerous recieve function

#77 code423n4 closed 2 years ago
1
dangerous recieve function

#76 code423n4 closed 2 years ago
2
high centralization

#75 code423n4 opened 2 years ago
1
no validation on max cap

#74 code423n4 opened 2 years ago
1
fees calculations are not accurate

#73 code423n4 opened 2 years ago
3
fees are not charge in the first time

#72 code423n4 closed 2 years ago
1
annualized fee may be overpriced

#71 code423n4 closed 2 years ago
1
No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation

#70 code423n4 closed 2 years ago
2
Unnecessary payable

#69 code423n4 closed 2 years ago
2
Unlimited approval in swaps

#68 code423n4 closed 2 years ago
1
receive function is redundant for SingleNativeTokenExit and SingleNativeTokenExitV2 contracts

#67 code423n4 closed 2 years ago
1
Bad practice to set 0 for minQty when calling swapExactTokensForTokens

#66 code423n4 closed 2 years ago
1
Approval bug for tokens that require allowance to be set to 0 first.

#65 code423n4 closed 2 years ago
1
BasketFacet.sol: Multiply before divide

#64 code423n4 closed 2 years ago
1
Setting allowance to uint256(-1) is bad practice

#63 code423n4 opened 2 years ago
1
SingleTokenJoin: Reduce number of operations for indexing into amountsOut

#62 code423n4 closed 2 years ago
1
Swap with no slippage check

#61 code423n4 closed 2 years ago
2
No reentrancy guards in core user functions

#60 code423n4 closed 2 years ago
1
No guards against duplicate addresses in constructor

#59 code423n4 closed 2 years ago
2
outputBasket address not checked in EthSingleTokenJoin.sol

#58 code423n4 closed 2 years ago
2
In SingleTokenJoinV2.sol, a user can provide malicious input

#57 code423n4 closed 2 years ago
2
SingleTokenJoinV2.sol constructor doesn't require that addresses must be different

#56 code423n4 closed 2 years ago
2
Two Steps Verification before Transferring Ownership

#55 code423n4 opened 2 years ago
1
JoinTokenSingle() function does not validate against evil struct inputs

#54 code423n4 closed 2 years ago
2
Potential DoS

#53 code423n4 closed 2 years ago
1
missing check on call return value

#52 code423n4 closed 2 years ago
1
SingleTokenJoin.sol constructor does not ensure that addresses are different

#51 code423n4 closed 2 years ago
2
wrong comment in line 228 of RebalanceManager.sol

#50 code423n4 opened 2 years ago
1
gas

#49 code423n4 closed 2 years ago
1
RebalanceManagerV3 constructor doesn't check that addresses are different

#48 code423n4 closed 2 years ago
2

Previous Next