code-423n4 2022-01-yield-findings issues

code-423n4 / 2022-01-yield-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`ConvexYieldWrapper` Does Not Check If A Vault Is Undercollateralised In `_getDepositedBalance`

#139 code423n4 closed 2 years ago
2
Chainlink oracles might return stale data

#138 code423n4 closed 2 years ago
2
Miscalculation of rewards due to removal of vaults

#137 code423n4 closed 2 years ago
1
Oracle data feed is insufficiently validated.

#136 code423n4 opened 2 years ago
1
ConvexYieldWrapper griefing attack is possible that removes all the vaults from any user

#135 code423n4 closed 2 years ago
2
ConvexYieldWrapper wrap can be front-run

#134 code423n4 closed 2 years ago
3
Costly reentrance modifier

#133 code423n4 closed 2 years ago
2
Cvx3CrvOracle can report stale prices

#132 code423n4 closed 2 years ago
2
Remove unused variables

#131 code423n4 closed 2 years ago
2
Some variables can be set immutable

#130 code423n4 closed 2 years ago
1
Assigning default value costs unnecessary gas

#129 code423n4 closed 2 years ago
2
Cvx3CrvOracle.setSource doesn't check provided core configuration values

#128 code423n4 closed 2 years ago
3
Function `ConvexYieldWrapper.removeVault()` can be rewritten

#127 code423n4 closed 2 years ago
1
Using pre-increment (++i) instead of post-increment (i++) can save gas

#126 code423n4 closed 2 years ago
1
Use '!= 0' rather than '> 0' for unsigned integers

#125 code423n4 closed 2 years ago
2
can save gas using `immutable`

#124 code423n4 closed 2 years ago
2
Missing isShutdown on _checkpointAndClaim()

#123 code423n4 closed 2 years ago
4
calldata is cheaper than memory

#122 code423n4 opened 2 years ago
2
double update on storage pointer

#121 code423n4 closed 2 years ago
1
Use immutable variables if values don't change after the constructor

#120 code423n4 closed 2 years ago
1
Cvx3CrvOracle.sol _peek() returns wrong units

#119 code423n4 closed 2 years ago
3
`ConvexStakingWrapper.sol#earned()` Implementation can be simpler and save some gas

#118 code423n4 closed 2 years ago
2
Redundant `return` for named returns

#117 code423n4 closed 2 years ago
2
Rewards distribution can be disrupted by a early user

#116 code423n4 opened 2 years ago
2
latestRoundData data may be stale

#115 code423n4 closed 2 years ago
1
Attacker can steal part of the rewards if one of the `extraRewards` is rewarded with Convex Token

#114 code423n4 closed 2 years ago
2
Comment missing function parameter

#113 code423n4 opened 2 years ago
1
Unsafe uint128 casting may overflow

#112 code423n4 opened 2 years ago
2
`ConvexYieldWrapper#removeVault()` `found` is redundant

#111 code423n4 opened 2 years ago
1
Missing approve(0) for CVX

#110 code423n4 closed 2 years ago
1
removeVault function can be external

#109 code423n4 closed 2 years ago
1
Remove duplicate address variables

#108 code423n4 closed 2 years ago
2
`ConvexYieldWrapper.sol` Redundant code

#107 code423n4 opened 2 years ago
1
Perform math inside code branch

#106 code423n4 opened 2 years ago
1
Adding unchecked directive can save gas

#105 code423n4 opened 2 years ago
3
Chainlink's `latestRoundData` might return stale results

#104 code423n4 closed 2 years ago
1
Using immutable variable can save gas

#103 code423n4 closed 2 years ago
2
`ConvexStakingWrapper.sol#` Switching between 1, 2 instead of 0, 1 is more gas efficient

#102 code423n4 opened 2 years ago
1
Avoid unnecessary arithmetic operations and storage reads can save gas

#101 code423n4 opened 2 years ago
1
stop execution when extraRewardsLength on convexpool is zero

#100 code423n4 closed 2 years ago
2
Arbitrary call

#99 code423n4 closed 2 years ago
2
MINTING to collateralVault could inflating totalsupply, without giving the balance to anyone

#98 code423n4 closed 2 years ago
2
Prefix (++i), rather than postfix (i++), increment/decrement operators should be used in for-loop

#97 code423n4 closed 2 years ago
1
Reentrancy modifier is suboptimal

#96 code423n4 closed 2 years ago
2
Cvx3CrvOracle earned function calculates cvx wrongly if pool claimed indirectly

#95 code423n4 opened 2 years ago
1
Cvx3CrvOracle misses sanity checks for Chainlink responses

#94 code423n4 closed 2 years ago
1
Cvx3CrvOracle returns 0 for small baseAmount

#93 code423n4 opened 2 years ago
2
Cvx3CrvOracle missing natspec param baseAmount for peek, _peek, _get

#92 code423n4 closed 2 years ago
1
`setSource` Does Not Validate That The Chainlink Price Feeds Are `18` Decimals

#91 code423n4 closed 2 years ago
2
Improper Validation Of Chainlink's `latestRoundData` Function

#90 code423n4 closed 2 years ago
1