code-423n4 2022-04-backd-findings issues

code-423n4 / 2022-04-backd-findings

6 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Chainlink oracles are not returning any value

#225 SaadAhmed0 opened 11 months ago
0
test

#223 ankushgoel27 closed 1 year ago
0
Tokens having more than 18 decimals are not supported

#222 gzeoneth closed 2 years ago
1
decimalMultiplier assumes tokens have <= 18 decimals

#221 gzeoneth closed 2 years ago
1
ChainLink latestRoundData data may be stale

#220 gzeoneth closed 2 years ago
1
Avoid payable.transfer

#219 gzeoneth closed 2 years ago
1
transfer is used for transfering ether

#218 gzeoneth closed 2 years ago
0
Missing freshness validation in ETH price oracle

#217 gzeoneth closed 2 years ago
1
Forget to remove account out of _roleMembers[role]

#216 gzeoneth closed 2 years ago
1
The Contract Should approve(0) first

#215 gzeoneth closed 2 years ago
1
Deprecated safeApprove() function

#214 gzeoneth closed 2 years ago
1
Fee on transfer tokens aren't supported by StakerVault's stakeFor

#213 code423n4 closed 2 years ago
1
ChainlinkOracleProvider can provide zero and stale prices

#212 code423n4 closed 2 years ago
1
QA Report

#211 code423n4 opened 2 years ago
0
QA Report

#210 code423n4 closed 2 years ago
2
QA Report

#209 code423n4 opened 2 years ago
1
BkdEthCvx's _withdrawAll can be subject to sandwich attacks

#208 code423n4 closed 2 years ago
1
Gas Optimizations

#207 code423n4 opened 2 years ago
0
Function deposit can receive both ETH and tokens, but only compute tokens

#206 code423n4 closed 2 years ago
2
Error in _rebalance logic will result in limited funds in strategy to earn yield

#205 code423n4 closed 2 years ago
2
Gas Optimizations

#204 code423n4 opened 2 years ago
0
Missing validations for return value of oracle data feed.

#203 code423n4 closed 2 years ago
1
Gas Optimizations

#202 code423n4 opened 2 years ago
0
Griefer can force withdrawal to treasury in `CvxCrvRewardsLocker#processExpiredLocks`

#201 code423n4 closed 2 years ago
4
AmmGauge stake allows for reentrancy that can lead to stealing the contract balance

#200 code423n4 closed 2 years ago
2
QA Report

#199 code423n4 opened 2 years ago
1
QA Report

#198 code423n4 opened 2 years ago
0
StakerVault's unstakeFor allows for reentrancy that can lead to stealing the contract balance

#197 code423n4 closed 2 years ago
1
QA Report

#196 code423n4 opened 2 years ago
1
Staker is overcharged for gas/Keeper is reimbursed too much gas

#195 code423n4 closed 2 years ago
1
Malicious Stakers can grief Keepers

#194 code423n4 opened 2 years ago
0
ETHVault, BkdEthCvx and VaultReserve use payable.transfer for inter-system transfers

#193 code423n4 closed 2 years ago
1
Gas Optimizations

#192 code423n4 opened 2 years ago
0
QA Report

#191 code423n4 opened 2 years ago
1
EthPool use payable.transfer with an arbitrary receiver

#190 code423n4 closed 2 years ago
1
QA Report

#189 code423n4 opened 2 years ago
0
Gas Optimizations

#188 code423n4 opened 2 years ago
0
QA Report

#187 code423n4 opened 2 years ago
1
Reputation risk for not being able to rescue unnacounted transfer to pool

#186 code423n4 closed 2 years ago
1
QA Report

#185 code423n4 opened 2 years ago
1
Swapper3Crv's swapping path can be suboptimal

#184 code423n4 closed 2 years ago
1
Gas Optimizations

#183 code423n4 opened 2 years ago
0
QA Report

#182 code423n4 opened 2 years ago
4
Gas Optimizations

#181 code423n4 opened 2 years ago
3
Lack of `safeApprove(0)` prevents some registrations, and the changing of stakers and LP tokens

#180 code423n4 opened 2 years ago
2
Oracle data feeds are insufficiently validated

#179 code423n4 closed 2 years ago
1
Customers cannot be `topUp()`ed a second time

#178 code423n4 opened 2 years ago
1
Customers cannot `redeem()` LP tokens to non-EOA accounts

#177 code423n4 closed 2 years ago
1
Gas Optimizations

#176 code423n4 closed 2 years ago
1
Gas Optimizations

#175 code423n4 opened 2 years ago
0