issues
search
code-423n4
/
2022-03-lifinance-findings
6
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
`AnyswapFacet` can be exploited to approve arbitrary tokens.
#117
code423n4
opened
2 years ago
2
QA Report
#116
code423n4
opened
2 years ago
1
Gas Optimizations
#115
code423n4
opened
2 years ago
2
QA Report
#114
code423n4
opened
2 years ago
0
No slippage protection during swaps
#113
code423n4
closed
2 years ago
2
Swap including native asset don't behaved as specified
#112
code423n4
closed
2 years ago
4
QA Report
#111
code423n4
opened
2 years ago
3
Behaviour of swapper can be erratic and lead to loss of user funds
#110
code423n4
closed
2 years ago
4
Swap functions are Reenterable
#109
code423n4
opened
2 years ago
3
Whitelisting should be by function signature and not only on contract address
#108
code423n4
closed
2 years ago
3
QA Report
#107
code423n4
opened
2 years ago
2
Swaps don't properly support fee-on-transfer tokens
#106
code423n4
closed
2 years ago
1
QA Report
#105
code423n4
opened
2 years ago
4
Swaps can be sandwiched as total receivable can't be user controlled
#104
code423n4
closed
2 years ago
2
User loses funds if they execute swap with "exact output" method
#103
code423n4
closed
2 years ago
1
Missing require can lead to funds lost
#102
code423n4
closed
2 years ago
2
Failed transfer with low level call won't revert
#101
code423n4
opened
2 years ago
1
Gas Optimizations
#100
code423n4
opened
2 years ago
4
Gas Optimizations
#99
code423n4
opened
2 years ago
5
A swap with a token amount received of zero does not fail
#98
code423n4
closed
2 years ago
2
Caller can lose ETH while bridging
#97
code423n4
closed
2 years ago
1
Caller can lose ETH using the `CBridgeFacet`
#96
code423n4
closed
2 years ago
2
Tokens held in contract can be stolen
#95
code423n4
closed
2 years ago
1
There is a potential reentrancy attack in the AnyswapFacet contract.
#94
code423n4
closed
2 years ago
2
Gas Optimizations
#93
code423n4
opened
2 years ago
1
Any ERC20 token from the Diamond balance can be stolen
#92
code423n4
closed
2 years ago
1
Potential reentrancy vulnerability in AnyswapFacet
#91
code423n4
closed
2 years ago
2
`LibSwap.swap()` will transfer `fromAmount` if there is insufficient balance in the contract allowing an attacker to claim unused funds or forcing a user to transfer excess funds.
#90
code423n4
closed
2 years ago
1
Centralisation Risk: Owner May Set Facets To Their Choosing Allowing Any Delegate Call To Be Made
#89
code423n4
closed
2 years ago
2
`swap()` May Call `callTo` With any Arbitrary Data
#88
code423n4
closed
2 years ago
2
`LibSwap.sol` Will Send `msg.value` Even If The `fromAssetId` is Not the Native Token
#87
code423n4
closed
2 years ago
2
`msg.value` is Sent Multipletimes When Performing a Swap
#86
code423n4
opened
2 years ago
3
`DexManagerFacet.batchRemoveDex` not working as expected
#85
code423n4
closed
2 years ago
2
Missing input validation could lead to loss of fund
#84
code423n4
closed
2 years ago
5
Gas Optimizations
#83
code423n4
opened
2 years ago
12
QA Report
#82
code423n4
opened
2 years ago
4
QA Report
#81
code423n4
opened
2 years ago
3
Compromised governance can potentially steal user fund
#80
code423n4
closed
2 years ago
1
QA Report
#79
code423n4
opened
2 years ago
3
Transfer is bad practice
#78
code423n4
closed
2 years ago
1
Gas Optimizations
#77
code423n4
opened
2 years ago
2
All swapping functions lack checks for returned tokens
#76
code423n4
opened
2 years ago
2
Reliance on lifiData.receivingAssetId can cause loss of funds
#75
code423n4
opened
2 years ago
2
OnlyOwner functions that make critical changes should have a timelock.
#74
code423n4
closed
2 years ago
2
batchRemoveDex() will only remove a single dex
#73
code423n4
closed
2 years ago
2
QA Report
#72
code423n4
opened
2 years ago
1
QA Report
#71
code423n4
opened
2 years ago
5
Gas Optimizations
#70
code423n4
opened
2 years ago
5
Gas Optimizations
#69
code423n4
opened
2 years ago
2
QA Report
#68
code423n4
opened
2 years ago
7
Previous
Next