code-423n4 2022-03-lifinance-findings issues

code-423n4 / 2022-03-lifinance-findings

6 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas Optimizations

#167 code423n4 opened 2 years ago
6
Gas Optimizations

#166 code423n4 opened 2 years ago
2
QA Report

#165 code423n4 opened 2 years ago
1
[WP-M11] Wrong implementation of `DexManagerFacet.sol#batchRemoveDex()` will remove only the first item

#164 code423n4 closed 2 years ago
1
[WP-H10] `GenericSwapFacet.sol#swapTokensGeneric()` duplicated `.call{ value: msg.value }` makes it possible for the attacker to steal native tokens (ETH) from the contract

#163 code423n4 closed 2 years ago
1
[WP-M9] `sendNative` with CBridge will always revert

#162 code423n4 closed 2 years ago
1
[WP-H8] Admin of the upgradeable proxy contract (the diamond contract) can rug users

#161 code423n4 closed 2 years ago
2
[WP-H7] Infinite approval to an arbitrary address can be used to steal all the funds from the contract

#160 code423n4 opened 2 years ago
3
[WP-H6] Swapper can be used to steal all the funds from the contract

#159 code423n4 closed 2 years ago
1
[WP-H5] Refunds from failed bridging orders are not handled properly

#158 code423n4 closed 2 years ago
2
QA Report

#157 code423n4 opened 2 years ago
3
QA Report

#156 code423n4 closed 2 years ago
2
Improper Token Balance Check on swap()

#155 code423n4 closed 2 years ago
1
Gas Optimizations

#154 code423n4 closed 2 years ago
1
QA Report

#153 code423n4 opened 2 years ago
1
Gas Optimizations

#152 code423n4 closed 2 years ago
1
Gas Optimizations

#151 code423n4 closed 2 years ago
3
Gas Optimizations

#150 code423n4 closed 2 years ago
3
Gas Optimizations

#149 code423n4 opened 2 years ago
2
QA Report

#148 code423n4 opened 2 years ago
1
QA Report

#147 code423n4 opened 2 years ago
1
Gas Optimizations

#146 code423n4 opened 2 years ago
2
`if msg.value > amount` , then extra eth is not transfered back to user

#145 code423n4 closed 2 years ago
1
use of transfer() instead of call() to send eth

#144 code423n4 closed 2 years ago
1
Missing 2 step validation missing in `transferOwnership`

#143 code423n4 closed 2 years ago
3
Lack of chainID validation in all contracts

#142 code423n4 closed 2 years ago
2
Lack of validation in Deadline and destinationDeadline in swapData calldata

#141 code423n4 closed 2 years ago
2
Gas Optimizations

#140 code423n4 opened 2 years ago
1
QA Report

#139 code423n4 opened 2 years ago
3
GenericSwapFacet misuses _lifiData

#138 code423n4 closed 2 years ago
4
LiFi data disjoint from swapData and other data used in transaction logic

#137 code423n4 closed 2 years ago
3
NXTPFacet does not check whether _nxtpData.invariantData.sendingAssetId is benign, resulting in reentrancy problems

#136 code423n4 closed 2 years ago
2
HOPFacet does not explicitly check against non-existence hopBridges

#135 code423n4 closed 2 years ago
4
CBridgeFacet does not check whether `_cBridgeData.token` is benign, resulting in reentrancy problems

#134 code423n4 closed 2 years ago
1
CBridgeFacet does not handle native asset correctly

#133 code423n4 closed 2 years ago
2
AnyswapFacet does not check whether passed `_anyswapData.token` is benign, allowing attackers to utilize this and steal any asset held by `Diamond`

#132 code423n4 closed 2 years ago
2
AnyswapFacet does not check whether passed `_anyswapData.router` is benign, allowing attackers to utilize this and steal any asset held by `Diamond`

#131 code423n4 closed 2 years ago
2
LibAsset.approveERC20 approves MAX_INT instead of amount

#130 code423n4 closed 2 years ago
2
LibSwap.swap does not transfer from msg.sender to itself correctly

#129 code423n4 closed 2 years ago
1
LibSwap.swap misuses msg.value

#128 code423n4 closed 2 years ago
1
QA Report

#127 code423n4 opened 2 years ago
1
QA Report

#126 code423n4 opened 2 years ago
2
Gas Optimizations

#125 code423n4 opened 2 years ago
3
Double spend msg.value in Swapper.sol

#124 code423n4 closed 2 years ago
1
Anyone can use all token hold by Li.Fi contract

#123 code423n4 closed 2 years ago
1
Gas Optimizations

#122 code423n4 opened 2 years ago
9
QA Report

#121 code423n4 opened 2 years ago
6
approveERC20() uses unlimited approval

#120 code423n4 closed 2 years ago
2
Infinite token Approval amount bug

#119 code423n4 closed 2 years ago
2
Swap Functions Do Not Verify Final Token Matches The Swapped Token

#118 code423n4 closed 2 years ago
3

Previous Next