code-423n4 2022-01-notional-findings issues

code-423n4 / 2022-01-notional-findings

1 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Users Can Game `sNOTE` Minting If Buybacks Occur Infrequently

#231 code423n4 opened 2 years ago
2
A Malicious Treasury Manager Can Burn Treasury Tokens By Setting `makerFee` To The Amount The Maker Receives

#230 code423n4 opened 2 years ago
2
`sNOTE` Holders Are Not Incetivized To Vote On Proposals To Call `extractTokensForCollateralShortfall`

#229 code423n4 opened 2 years ago
2
Prefix (`++i`), rather than postfix (`i++`), increment/decrement operators should be used in for-loops

#228 code423n4 opened 2 years ago
2
`extractTokensForCollateralShortfall` Can Be Frontrun By Non-Stakers

#227 code423n4 opened 2 years ago
2
Change to contest id

#226 joshuashort closed 2 years ago
0
Check is made twice

#225 code423n4 closed 2 years ago
3
TreasuryManager uses the eth balance for core functionalities but doesn't have any payable function

#224 code423n4 closed 2 years ago
2
Improper Contract Upgrades Can Lead To Loss Of Contract Ownership

#223 code423n4 opened 2 years ago
2
`getVotingPower` Truncates Result Leading To Inaccuracies In Voting Power

#222 code423n4 opened 2 years ago
1
call currencies.length from memory can save gas

#221 code423n4 closed 2 years ago
1
Approve won't work if using USDT as token

#220 code423n4 closed 2 years ago
2
Unnecessary wrapToWETH()

#219 code423n4 closed 2 years ago
2
!= 0 is cheaper than 0< for uint

#218 code423n4 closed 2 years ago
2
Missing zero checks at multiple places

#217 code423n4 closed 2 years ago
2
newOwner can be updated to zero address

#216 code423n4 closed 2 years ago
2
Missing check on newOwner and owner

#215 code423n4 closed 2 years ago
2
Double _requireAccountNotInCoolDown

#214 code423n4 opened 2 years ago
1
Optimization on _redeemAndTransfer

#213 code423n4 opened 2 years ago
1
Upgrade pragma to save gas

#212 code423n4 closed 2 years ago
2
_burn function has non-standard interpretation (gas savings, clarity)

#211 code423n4 closed 2 years ago
1
considered changing it to storage

#210 code423n4 opened 2 years ago
2
MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced

#209 code423n4 opened 2 years ago
1
using multiple require rather than &&

#208 code423n4 closed 2 years ago
2
gas optimisation on nonReentant() modifier

#207 code423n4 closed 2 years ago
2
Math in _getNOTESpotPrice could consume less gas

#206 code423n4 closed 2 years ago
2
Repeated calculations of the same values

#205 code423n4 closed 2 years ago
1
Unused state variables

#204 code423n4 opened 2 years ago
1
Slippage protection

#203 code423n4 closed 2 years ago
2
Inclusive conditions

#202 code423n4 opened 2 years ago
1
slippageLimit = SLIPPAGE_LIMIT_PRECISION

#201 code423n4 closed 2 years ago
2
latestAnswer doesn't check if the value is up to date

#200 code423n4 closed 2 years ago
2
Gas: `reserveInternal.subNoNeg(bufferInternal)` can be unchecked

#199 code423n4 opened 2 years ago
1
`makerPrice` assumes oracle price is always in 18 decimals

#198 code423n4 opened 2 years ago
1
Usage of deprecated ChainLink API in `EIP1271Wallet`

#197 code423n4 opened 2 years ago
3
`StorageId` enums may never be shuffled

#196 code423n4 opened 2 years ago
2
Missing parameter validation

#195 code423n4 opened 2 years ago
2
No `safeApprove`

#194 code423n4 closed 2 years ago
2
Cannot transfer to treasury if no reserve buffer defined

#193 code423n4 closed 2 years ago
2
Treasury cannot claim COMP tokens & COMP tokens are stuck

#192 code423n4 opened 2 years ago
2
`getVotingPower` division by zero

#191 code423n4 closed 2 years ago
2
BPT donations can be gamed

#190 code423n4 closed 2 years ago
1
redeem window is one second short of `REDEEM_WINDOW_SECONDS`

#189 code423n4 closed 2 years ago
2
`_mintFromAssets`: no slippage check

#188 code423n4 closed 2 years ago
2
Shortfall: Redeeming BPT without slippage check

#187 code423n4 closed 2 years ago
2
Overflow not handled

#186 code423n4 closed 2 years ago
2
Reentrant nature of setReservealance can lead to gas fee exhaustion

#185 code423n4 closed 2 years ago
2
Remove unused code

#184 code423n4 closed 2 years ago
3
Improper use of public

#183 code423n4 closed 2 years ago
2
No upper limit check on swap fee Percentage

#182 code423n4 opened 2 years ago
2