code-423n4 2022-02-anchor-findings issues

code-423n4 / 2022-02-anchor-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

QA Report

#78 code423n4 opened 2 years ago
0
Users Can Utilise Flashloans to Vote on Governance Proposals

#77 code423n4 closed 2 years ago
2
Negative distribution amounts if times are out of order

#76 code423n4 opened 2 years ago
2
Users will not be able to unbond due to error in calculation for historical time

#75 code423n4 closed 2 years ago
3
Gas Optimizations

#74 code423n4 opened 2 years ago
1
Users Can Frontrun Token Distributions Using Flashloans

#73 code423n4 closed 2 years ago
2
Missing checks on the provided native tokens in the market contract could cause loss of funds

#72 code423n4 closed 2 years ago
2
Potential lock of rewards in the custody contracts

#71 code423n4 opened 2 years ago
1
Inconsistency behavior between `bAsset` tokens and the standard cw20 tokens

#70 code423n4 closed 2 years ago
1
Missing allowlist checks on tokens in `CrossAnchorBridge` could cause loss of funds

#69 code423n4 closed 2 years ago
1
`CrossAnchorBridge` does not handle fee-on-transfer tokens correctly

#68 code423n4 opened 2 years ago
1
QA Report

#67 code423n4 opened 2 years ago
0
Whitelisting is Disabled in `CrossAnchorBridge.sol`

#66 code423n4 closed 2 years ago
1
`CrossAnchorBridge.sol` Does Not Support Fee-on-Transfer Tokens

#65 code423n4 closed 2 years ago
1
Governance Voting Dis-proportionally Favours Users Who Stake And Vote After A Poll Has Been Created And Had Its Snapshot Taken

#64 code423n4 opened 2 years ago
2
Any undelegation may be blocked due to condition in execute_unbond function

#63 code423n4 closed 2 years ago
1
Updating the hub’s token contract address may lead to incorrect undelegation amount

#62 code423n4 opened 2 years ago
1
Incompatibility With Rebasing/Deflationary/Inflationary tokens on the cross chain bridge

#61 code423n4 closed 2 years ago
1
Gas Optimizations

#60 code423n4 opened 2 years ago
1
QA Report

#59 code423n4 opened 2 years ago
1
Missing Access Control for FabricateMIRClaim and FabricateANCClaim

#58 code423n4 opened 2 years ago
1
Rewards distribution fails if no tokens are bonded for bLuna

#57 code423n4 closed 2 years ago
2
Timelock period in Governance Contract does not have minimum Threshold delay

#56 code423n4 closed 2 years ago
1
Incorrect use of update_config function for setting owner may lose control on contract/s

#55 code423n4 closed 2 years ago
2
QA Report

#54 code423n4 closed 2 years ago
1
Gas Optimizations

#53 code423n4 opened 2 years ago
1
Gas Optimizations

#52 code423n4 opened 2 years ago
1
QA Report

#51 code423n4 opened 2 years ago
1
[WP-M6] Using `safeApprove()` is unsafe

#50 code423n4 closed 2 years ago
1
[WP-M5] `liquidation_queue` Lack of input validation for `safe_ratio` can disrupt liquidation if misconfigured

#49 code423n4 closed 2 years ago
2
[WP-H4] `anchor_basset_reward` pending yields can be stolen

#48 code423n4 opened 2 years ago
2
[WP-H3] `money-market-contracts/oracle#feed_prices()` delayed transaction may disrupt price feeds

#47 code423n4 opened 2 years ago
3
[WP-H2] `money-market-contracts/contracts/market` `claim_rewards` may revert due to `spend_limit` set on `distributor`

#46 code423n4 opened 2 years ago
2
[WP-M1] `anchor-token-contracts/contracts/staking` Lack of input validation on `start_time` and `end_time`

#45 code423n4 closed 2 years ago
1
[WP-H0] When transferring tokens not in `whitelist` on Ethereum to Terra with `CrossAnchorBridge.depositStable()`, the funds may get frozen

#44 code423n4 opened 2 years ago
3
QA Report

#43 code423n4 opened 2 years ago
0
Extra funds are lost when depositing

#42 code423n4 closed 2 years ago
1
Simple interest calculation is not exact

#41 code423n4 opened 2 years ago
1
Hardcoded nonces

#40 code423n4 closed 2 years ago
1
Anchor staking reward schedules can never be deleted leading to DoS

#39 code423n4 closed 2 years ago
1
Anchor staking reward schedules might not be covered

#38 code423n4 closed 2 years ago
1
Staking tokens can be stolen

#37 code423n4 opened 2 years ago
1
Money markets: `register_contracts` can be frontrun

#36 code423n4 closed 2 years ago
2
Anchor gov: `register_contracts` can be frontrun

#35 code423n4 closed 2 years ago
1
Spend limit can be circumvented

#34 code423n4 closed 2 years ago
2
Sandwich attack on astroport sweep

#33 code423n4 opened 2 years ago
2
bETH rewards can be timed

#32 code423n4 closed 2 years ago
1
Updating config vars can break contracts

#31 code423n4 closed 2 years ago
2
Deployer can break bETH transfers and steal all bETH rewards

#30 code423n4 closed 2 years ago
2
Unbonding validator random selection can be predicted

#29 code423n4 opened 2 years ago
2