code-423n4 2022-01-elasticswap-findings issues

code-423n4 / 2022-01-elasticswap-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Attacker can collect all positive rebase from the poll

#180 code423n4 closed 2 years ago
2
Exchange will become inoperable if internalBalances' quoteTokenReserveQty and K reach zero

#179 code423n4 closed 2 years ago
5
Repeated calls

#178 code423n4 opened 2 years ago
1
Unchecked maths

#177 code423n4 opened 2 years ago
1
quoteTokenQtyToReturn = internalBalances.quoteTokenReserveQty

#176 code423n4 opened 2 years ago
1
Inclusive conditions

#175 code423n4 opened 2 years ago
2
Enforce FEE_ON_TRANSFER_NOT_SUPPORTED

#174 code423n4 closed 2 years ago
2
Redundant code

#173 code423n4 opened 2 years ago
2
Revert when K >= 2^256

#172 code423n4 opened 2 years ago
2
saving gas by not returning the variables that was declared to be returned

#171 code423n4 opened 2 years ago
1
saving gas by calling a function once instead of calling it twice

#170 code423n4 closed 2 years ago
1
inlining a function to save gas

#169 code423n4 opened 2 years ago
2
Remove liquidity LP token quantity and address arguments aren’t checked

#168 code423n4 closed 2 years ago
3
Gas Optimization: float multiplication optimization

#167 code423n4 opened 2 years ago
2
Inconsistent sanity check

#166 code423n4 closed 2 years ago
2
Gas Optimization: Duplicated checks

#165 code423n4 closed 2 years ago
1
Gas Optimization: Unchecked for safe math

#164 code423n4 closed 2 years ago
1
Gas Optimization: Use deterministic contract address

#163 code423n4 opened 2 years ago
2
less gas using unchecked

#162 code423n4 closed 2 years ago
1
Gas Optimization: `> 0` is less efficient than `!= 0` for uint in require condition

#161 code423n4 opened 2 years ago
1
swapBaseTokenForQuoteToken and swapQuoteTokenForBaseToken do not check output quantities to be achievable

#160 code423n4 opened 2 years ago
2
Custom Errors

#159 code423n4 opened 2 years ago
1
Initialize to default state is redundant

#158 code423n4 opened 2 years ago
1
Remove unused code can save gas

#157 code423n4 opened 2 years ago
1
Cache and read storage variables from the stack can save gas

#156 code423n4 opened 2 years ago
1
Outdated versions of OpenZeppelin library

#155 code423n4 opened 2 years ago
1
Remove unnecessary storage parameter can make the code simpler and save gas

#154 code423n4 closed 2 years ago
3
Incorrect implementation of `_quoteTokenQtyMin`, `_baseTokenQtyMin`

#153 code423n4 opened 2 years ago
6
`Exchange.sol#swap*TokenFor*Token()` Redundant input validation of `*TokenQty`

#152 code423n4 closed 2 years ago
1
Redundant `return` for named returns

#151 code423n4 opened 2 years ago
2
Adding unchecked directive can save gas

#150 code423n4 closed 2 years ago
1
Use short reason strings can save gas

#149 code423n4 closed 2 years ago
1
"> 0" is less efficient than "!= 0" for unsigned integers

#148 code423n4 closed 2 years ago
1
Simplify `MathLib#sqrt()` can save gas

#147 code423n4 opened 2 years ago
1
[WP-H2] Transferring `quoteToken` to the exchange pool contract will cause future liquidity providers to lose funds

#146 code423n4 opened 2 years ago
2
[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

#145 code423n4 opened 2 years ago
2
[WP-H0] In the case of Single Asset Entry, new liquidity providers will suffer fund loss due to wrong formula of ΔRo

#144 code423n4 opened 2 years ago
5
Create Exchange Function Is Missing Access Control

#143 code423n4 closed 2 years ago
2
Gas optimization: Use != 0 instead of > 0 for uints

#142 code423n4 closed 2 years ago
1
Making the MathLib internal

#141 code423n4 opened 2 years ago
3
The amount of tokens received by the pool might be less than expected for feeOnTransfer tokens

#140 code423n4 closed 2 years ago
2
Lack of feeOnTransfer check for quoteTokens

#139 code423n4 closed 2 years ago
2
Pools may be created with weird names

#138 code423n4 closed 2 years ago
2
`Exchange.removeLiquidity()` call to `totalSupply()` can be cached

#137 code423n4 closed 2 years ago
1
Leftover tokens will be stuck in the contract with no ways to recover

#136 code423n4 opened 2 years ago
2
constant variables should not be public

#135 code423n4 closed 2 years ago
2
10 ** 18 can be changed to 1e18

#134 code423n4 opened 2 years ago
1
Cache state variables

#133 code423n4 closed 2 years ago
1
Both quote and base tokens should be tested to have no fee on transfer on pool creation

#132 code423n4 closed 2 years ago
2
> 0 can be replaced with != 0 for gas optimisation

#131 code423n4 closed 2 years ago
0