code-423n4 2021-12-vader-findings issues

code-423n4 / 2021-12-vader-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

No check that constructor addresses are unique in LiquidityBasedTWAP.sol

#89 code423n4 closed 2 years ago
0
mintSynth is vulnerable to price manipulation.

#88 code423n4 closed 2 years ago
1
wrong revert message

#87 code423n4 opened 2 years ago
1
missing check in getClaim

#86 code423n4 closed 2 years ago
1
missing check in getClaim

#85 code423n4 closed 2 years ago
1
inconsistent vesting duration

#84 code423n4 closed 2 years ago
1
Race condition in approve()

#83 code423n4 closed 2 years ago
1
`latestRoundData()` does not update the oracle

#82 code423n4 closed 2 years ago
1
Save gas with the unchecked keyword

#81 code423n4 closed 2 years ago
1
Cache `vader` state variable

#80 code423n4 closed 2 years ago
1
Avoid use of state variables in event emissions to save gas

#79 code423n4 closed 2 years ago
2
Long Revert Strings

#78 code423n4 closed 2 years ago
2
Modifier onlyUSDV() and function _onlyUSDV()

#77 code423n4 opened 2 years ago
1
If you don’t add Vader before you buy it on MetaMask it won’t show up your balance

#76 code423n4 closed 2 years ago
2
A single immature lock prevents a user from calling `USDV.claimAll`

#75 code423n4 closed 2 years ago
1
Unnecessary supportedToken checks on swaps on VaderPoolV2

#74 code423n4 opened 2 years ago
0
Storage of previous prices and total liquidity weights is suboptimal for gas costs

#73 code423n4 opened 2 years ago
0
VaderPoolV2 owner can steal all user assets which are approved VaderPoolV2

#72 code423n4 opened 2 years ago
0
Reserve does not properly apply prices of VADER and USDV tokens

#71 code423n4 opened 2 years ago
0
Oracle returns an improperly scaled USDV/VADER price

#70 code423n4 opened 2 years ago
0
Unnecessary checks on VADER token address in oracle.

#69 code423n4 opened 2 years ago
0
Delete locks before claim all finish execution

#68 code423n4 closed 2 years ago
1
_mint() function doesn't check if "from" and "to" are different addresses

#67 code423n4 closed 2 years ago
0
Returns not assigned value

#66 code423n4 closed 2 years ago
1
swap() function can be frontrun

#65 code423n4 closed 2 years ago
0
Consider making the second swap() function an internal function

#64 code423n4 closed 2 years ago
1
bytes calldata argument is not used in swap() function

#63 code423n4 closed 2 years ago
2
swap() function should make sure the "to" address is not the address(this)

#62 code423n4 closed 2 years ago
0
VaderMath:calculateSwapReverse require statement change to <= instead of <

#61 code423n4 opened 2 years ago
0
No check that native and foreign assets are equal in value in the mint() function

#60 code423n4 closed 2 years ago
0
mint() function can be frontfun after native/foreign amounts are sent to the pool

#59 code423n4 closed 2 years ago
1
Functions to calculate synth name/symbol should live in factory to reduce bytecode

#58 code423n4 opened 2 years ago
0
Store VaderPoolV2 address as immutable in LPWrapper

#57 code423n4 closed 2 years ago
1
Test submission please ignore

#56 code423n4 closed 2 years ago
0
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.

#55 code423n4 opened 2 years ago
0
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve

#54 code423n4 closed 2 years ago
0
Covered IL loss protection should linearly increase over 100 days and not one year

#53 code423n4 closed 2 years ago
0
No way to remove GasThrottle from VaderPool after deployment

#52 code423n4 opened 2 years ago
0
Minting and burning synths exposes users to unlimited slippage

#51 code423n4 closed 2 years ago
1
VaderRouterV2 exposes LPs to unlimited slippage on joins

#50 code423n4 closed 2 years ago
1
VaderRouter exposes LPs to unlimited slippage on joins

#49 code423n4 closed 2 years ago
1
Make use of a bitmap for claims to save gas in Converter.sol

#48 code423n4 opened 2 years ago
0
Should a Chainlink aggregator become stuck in a stale state then calls to update LiquidityBasedTWAP will revert

#47 code423n4 closed 2 years ago
1
USDV uses incorrect exchange rate for burning

#46 code423n4 closed 2 years ago
2
USDV minting limit is not applied if `cycleTimestamp <= block.timestamp`

#45 code423n4 opened 2 years ago
1
Council veto protection does not work

#44 code423n4 opened 2 years ago
0
VaderMath:calculateSlipAdjustment() wrong comments

#43 code423n4 opened 2 years ago
0
Oracle doesn't calculate USDV/VADER price correctly

#42 code423n4 opened 2 years ago
0
unsafe cast

#41 code423n4 opened 2 years ago
1
Oracle can be manipulted to consider only a single pair for pricing

#40 code423n4 opened 2 years ago
1

Previous Next