code-423n4 2022-01-timeswap-findings issues

code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Can I submit this after the time is up?

#188 code423n4 closed 2 years ago
0
Manipulation of the Y State Results in Interest Rate Manipulation

#187 code423n4 opened 2 years ago
1
Gas Optimization: Reuse code

#186 code423n4 closed 2 years ago
1
MsNik

#185 code423n4 closed 2 years ago
0
MsNik

#184 code423n4 closed 2 years ago
0
Adding Unchecked Directive will Save Gas for BurnMath.sol#getAsset and BurnMath.sol#getCollateral functions

#183 code423n4 opened 2 years ago
1
Asset and Collateral Should Not Be Same

#182 code423n4 closed 2 years ago
2
LendMath.sol(this contract is not in scope but will affect TimeswapPair.lend() )

#181 code423n4 closed 2 years ago
2
Immutable variable `TimeswapConvenience:weth` should be 0 address checked

#180 code423n4 closed 2 years ago
1
Immutable variable `TimeswapConvenience:factory` should be 0 address checked

#179 code423n4 closed 2 years ago
1
No slippage control causes sandwich attack

#178 code423n4 closed 2 years ago
2
`10 ** 9` can be changed to `1e9` and save some gas

#177 code423n4 opened 2 years ago
1
`SquareRoot#sqrtUp()` Wrong implementation

#176 code423n4 opened 2 years ago
1
Loops can be implemented more efficiently

#175 code423n4 closed 2 years ago
1
Simplify `SquareRoot#sqrt()` can save gas

#174 code423n4 opened 2 years ago
1
`SafeCast.sol#toUint128()` Validation of input value can be done earlier to save gas

#173 code423n4 opened 2 years ago
1
For uint `> 0` can be replaced with ` != 0` for gas optimization

#172 code423n4 opened 2 years ago
1
Use short reason strings can save gas

#171 code423n4 opened 2 years ago
1
Unnecessary checked arithmetic in for loops

#170 code423n4 opened 2 years ago
1
`TimeswapConvenience.sol#borrowGivenDebt()` Attacker can increase `state.y` to an extremely large value with a dust amount of `assetOut`

#169 code423n4 opened 2 years ago
0
Race condition on ERC20 approval

#168 code423n4 opened 2 years ago
1
`TimeswapPair.sol#mint()` Lack of input validation allows attacker to set `pool.state.y` to an arbitrary target value

#167 code423n4 closed 2 years ago
1
`TimeswapPair.sol#borrow()` Attacker can increase `pool.state.y` to an arbitrary target value

#166 code423n4 closed 2 years ago
1
`TimeswapPair.sol#mint()` Malicious user/attacker can mint new liquidity with an extremely small amount of `yIncrease` and malfunction the pair with the maturity

#165 code423n4 opened 2 years ago
0
Caching arithmetic results can avoid redundant storage reads and save gas

#164 code423n4 closed 2 years ago
2
Inline unnecessary internal function can save gas

#163 code423n4 opened 2 years ago
1
`TimeswapPair.sol#borrow()` Improper implementation allows attacker to increase `pool.state.z` to a large value

#162 code423n4 opened 2 years ago
0
Remove unnecessary variables can save gas

#161 code423n4 opened 2 years ago
1
"> 0" is less efficient than "!= 0" for unsigned integers

#160 code423n4 closed 2 years ago
1
Unused imports

#159 code423n4 opened 2 years ago
1
`BurnMath.sol#getAsset()` Implementation can be simpler and save some gas

#158 code423n4 closed 2 years ago
1
`NFTTokenURIScaffold.sol#_isLtoStringTrimmedeapYear()` Check of `flag == 0` can be done earlier

#157 code423n4 opened 2 years ago
1
Adding unchecked directive can save gas

#156 code423n4 opened 2 years ago
1
`TimeswapPair.sol#mint()` Avoiding unnecessary code execution using checks can save gas

#155 code423n4 opened 2 years ago
1
`TimeswapPair.sol#mint()` Implementation can be simpler and save some gas

#154 code423n4 opened 2 years ago
1
Avoid unnecessary storage read can save gas

#153 code423n4 opened 2 years ago
1
`++i` is more efficient than `i++`

#152 code423n4 closed 2 years ago
1
Cache array length in for loops can save gas

#151 code423n4 opened 2 years ago
1
`TimeswapPair.sol#lock()` Switching between 1, 2 instead of 0, 1 is more gas efficient

#150 code423n4 closed 2 years ago
1
.length should be extracted into a variable

#149 code423n4 closed 2 years ago
1
TimeswapPair.mint() needs minor refactoring.

#148 code423n4 closed 2 years ago
1
Missing noreentrant check on mint function

#147 code423n4 closed 2 years ago
2
Liquidity Provider can optionally call pay(...) before burn(...)

#146 code423n4 closed 2 years ago
2
no contract check in function createPair

#145 code423n4 opened 2 years ago
1
can reduce gas in function createPair by replacing interface with address

#144 code423n4 opened 2 years ago
1
# Pending owner is not cleared

#143 code423n4 closed 2 years ago
1
Gas Optimization: Cache result of `BlockNumber.get()`

#142 code423n4 opened 2 years ago
2
using storage instead of memory to declare struct variable inside the function

#141 code423n4 opened 2 years ago
1
"> 0" is less efficient than "!= 0" for unsigned integers

#140 code423n4 closed 2 years ago
1
Save Gas With The Unchecked Keyword

#139 code423n4 closed 2 years ago
1