code-423n4 2022-03-rolla-findings issues

code-423n4 / 2022-03-rolla-findings

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

test

#67 ankushgoel27 closed 1 year ago
0
Spreads can be minted with a deactivated oracle

#66 code423n4 opened 2 years ago
1
Arbitrary code can be run with Controller as msg.sender

#65 code423n4 opened 2 years ago
1
Gas Optimizations

#64 code423n4 closed 2 years ago
1
QA Report

#63 code423n4 opened 2 years ago
1
QA Report

#62 code423n4 opened 2 years ago
1
QA Report

#61 code423n4 opened 2 years ago
1
Missing non-zero address validation for `_oracle` parameter in `ProviderOracleManager.addAssetOracle()`

#60 code423n4 closed 2 years ago
3
Gas Optimizations

#59 code423n4 closed 2 years ago
1
QA Report

#58 code423n4 opened 2 years ago
1
ecrecover zero address check missing

#57 code423n4 closed 2 years ago
3
QA Report

#56 code423n4 opened 2 years ago
0
Gas Optimizations

#55 code423n4 closed 2 years ago
1
QA Report

#54 code423n4 opened 2 years ago
1
QA Report

#53 code423n4 closed 2 years ago
2
QA Report

#52 code423n4 opened 2 years ago
3
Low-level transfer via call() can fail silently

#51 code423n4 opened 2 years ago
1
Use of deprecated Chainlink function `latestAnswer`

#50 code423n4 closed 2 years ago
1
[WP-H7] `CollateralToken.sol`'s `COLLATERAL_BURNER_ROLE` and `COLLATERAL_MINTER_ROLE` can rug users

#49 code423n4 closed 2 years ago
2
[WP-H6] Admin of the upgradeable proxy contract of `Controller.sol` can rug users

#48 code423n4 opened 2 years ago
2
[WP-H4] Initializer of `QuantConfig.sol` can rug users

#47 code423n4 closed 2 years ago
2
[WP-M3] `OperateProxy.callFunction()` should check if the `callee` is a contract

#46 code423n4 opened 2 years ago
1
[WP-H2] `EIP712MetaTransaction.executeMetaTransaction()` failed txs are open to replay attacks

#45 code423n4 opened 2 years ago
1
[WP-H1] Timelock can be hijacked by a malicious/compromised deployer

#44 code423n4 closed 2 years ago
2
[WP-H0] Wrong implementation of `EIP712MetaTransaction`

#43 code423n4 opened 2 years ago
1
QA Report

#42 code423n4 opened 2 years ago
1
QA Report

#41 code423n4 opened 2 years ago
3
Gas Optimizations

#40 code423n4 closed 2 years ago
1
`TimelockController` locks ether forever

#39 code423n4 closed 2 years ago
2
QTokens with the same symbol will lead to mistakes

#38 code423n4 opened 2 years ago
1
QA Report

#37 code423n4 opened 2 years ago
1
QA Report

#36 code423n4 opened 2 years ago
1
admin can rug by setting a malicious oracle

#35 code423n4 closed 2 years ago
2
admin can rug by minting collateral tokens

#34 code423n4 closed 2 years ago
1
typos in assets cannot be fixed

#33 code423n4 closed 2 years ago
3
assets can be added twice

#32 code423n4 closed 2 years ago
4
Mint spread collateral-less and conjuring collateral claims out of thin air with implicit arithmetic rounding and flawed int to uint conversion

#31 code423n4 opened 2 years ago
1
QA Report

#30 code423n4 opened 2 years ago
1
Uninitialized tailing when roundDown is True in QuantMath.sol/toScaledUint

#29 code423n4 closed 2 years ago
2
Incorrect strike price displayed in name/symbol of qToken

#28 code423n4 opened 2 years ago
1
ConfigTimeLockController will put QuantConfig in a stalemate(rendering it unusable)

#27 code423n4 opened 2 years ago
1
QA Report

#26 code423n4 opened 2 years ago
1
QA Report

#25 code423n4 opened 2 years ago
1
Settlement price can be manipulated at relatively low cost

#24 code423n4 closed 2 years ago
2
QA Report

#23 code423n4 opened 2 years ago
3
QA Report

#22 code423n4 opened 2 years ago
1
TEST

#21 code423n4 closed 2 years ago
0
QA Report

#20 code423n4 opened 2 years ago
1
Gas Optimizations

#19 code423n4 closed 2 years ago
1
QA Report

#18 code423n4 opened 2 years ago
5