code-423n4 2021-12-pooltogether-findings issues

code-423n4 / 2021-12-pooltogether-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

No restriction on epocsDuration can lead to attacker gaining extra money

#149 code423n4 closed 2 years ago
2
TwabRewards: cancelPromotion() can revert if a promotion tokens applies fee on transfer

#148 code423n4 closed 2 years ago
1
Suggestion : To add explicit check for no of epochs to be 255 in createPromotion and extendPromotion

#147 code423n4 closed 2 years ago
1
_promotionEndTimestamp > 0

#146 code423n4 closed 2 years ago
1
>0 -> !=0

#145 code423n4 closed 2 years ago
1
Inline functions _updateClaimedEpoch and _isClaimedEpoch

#144 code423n4 opened 2 years ago
1
loops: skip initialization, do prefix increments

#143 code423n4 closed 2 years ago
1
Creator can run with extended funds

#142 code423n4 closed 2 years ago
1
TwabRewards: fee on transfer token as promotion token will block at least one epoch reward claim

#141 code423n4 closed 2 years ago
1
Support of deflationary / rebasing tokens

#140 code423n4 closed 2 years ago
1
Validations

#139 code423n4 closed 2 years ago
1
A malicious ticket can drain the tokens

#138 code423n4 closed 2 years ago
1
Transfer amounts not checked for > 0

#137 code423n4 opened 2 years ago
1
Long Revert Strings

#136 code423n4 closed 2 years ago
1
"> 0" is less efficient than "!= 0" for unsigned integers

#135 code423n4 closed 2 years ago
1
Implement _calculateRewardAmount more efficiently

#134 code423n4 opened 2 years ago
0
`_nextPromotionId/_latestPromotionId` calculation can be done more efficiently

#133 code423n4 opened 2 years ago
2
extendPromotion is callable by anyone without protecting extending users

#132 code423n4 closed 2 years ago
2
Rewards not worth to claim will accumulate in the contract

#131 code423n4 closed 2 years ago
1
After a promotion is cancelled, not claimed rewards are stuck

#130 code423n4 closed 2 years ago
1
Loops can be implemented more efficiently

#129 code423n4 closed 2 years ago
1
For uint `> 0` can be replaced with ` != 0` for gas optimization

#128 code423n4 closed 2 years ago
1
event PromotionCancelled should also emit the _to address

#127 code423n4 opened 2 years ago
0
extendPromotion function should be access controlled by using onlyPromotionCreator

#126 code423n4 opened 2 years ago
3
If a promoter cancels a promotion, unclaimed rewards of ticket holders are lost

#125 code423n4 closed 2 years ago
1
safeTransferFrom call inconsistency

#124 code423n4 closed 2 years ago
2
Unsafe uint64 casting may overflow

#123 code423n4 opened 2 years ago
2
Large _epochId value impacts rewards calculation

#122 code423n4 closed 2 years ago
2
Change sequence of extendPromotion operations

#121 code423n4 closed 2 years ago
2
Placement of require statements

#120 code423n4 closed 2 years ago
1
unsafe casts

#119 code423n4 closed 2 years ago
1
getCurrentEpochId might behave unexpectedly

#118 code423n4 closed 2 years ago
1
getRemainingRewards might fail unexpectedly

#117 code423n4 closed 2 years ago
2
cancelPromotion will revert if the promotion is not started yet

#116 code423n4 closed 2 years ago
1
_requirePromotionActive allows actions before the promotion is active

#115 code423n4 opened 2 years ago
1
Long revert strings

#114 code423n4 closed 2 years ago
1
Gas Optimization: Redundant > 0 check

#113 code423n4 closed 2 years ago
1
Gas Optimization: Struct layout

#112 code423n4 closed 2 years ago
1
Adding unchecked directive can save gas

#111 code423n4 opened 2 years ago
0
Reward can be cancel during a epoch

#110 code423n4 closed 2 years ago
2
`getCurrentEpochId()` Malfunction for ended promotions

#109 code423n4 opened 2 years ago
0
`getRemainingRewards()` Malfunction for ended promotions

#108 code423n4 closed 2 years ago
2
Drain the award pool by feeding outrange epoch into function claimRewards

#107 code423n4 closed 2 years ago
1
`createPromotion()` Lack of input validation for `_epochDuration` can potentially freeze promotion creator's funds

#106 code423n4 opened 2 years ago
2
Reward stuck if promotion cancel before all past reward claimed

#105 code423n4 closed 2 years ago
1
Inline `onlyPromotionCreator` can save gas

#104 code423n4 closed 2 years ago
1
`_requirePromotionActive()` Remove redundant check can save gas

#103 code423n4 closed 2 years ago
1
`getRemainingRewards()` Malfunction for unstarted promotions

#102 code423n4 closed 2 years ago
1
`cancelPromotion()` Unable to cancel unstarted promotions

#101 code423n4 opened 2 years ago
0
TwabRewards: fee on transfer token as promotion token can make claimRewards() & cancelPromotion() fail

#100 code423n4 closed 2 years ago
1