issues
search
code-423n4
/
2022-04-jpegd-findings
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
`Controller.setStrategy` tries to withdraw `JPEG` token with incorrect function `strategy.withdraw(address)`, leading to certain revert and renders `setStrategy` unuseable
#136
code423n4
closed
2 years ago
1
`YVault` does not tie `deposit` together with `earn`, thus allowing griefing attacks to prevent normal users from earning `token` yields
#135
code423n4
closed
2 years ago
2
`transfer` function will fail due to EIP-1884
#134
code423n4
closed
2 years ago
2
NFTVault uses compound interest instead of simple interest
#133
code423n4
closed
2 years ago
2
Collect interest and fees before be repaid will cause inflation of stablecoin
#132
code423n4
closed
2 years ago
2
Use `latestRoundData` instead `latestAnswer` of Chainlink aggregators
#131
code423n4
closed
2 years ago
1
`JPEGLock` does not require NFT value proposal finalizers to truly stake `JPEG` tokens, creating a nothing at stake scenario where NFT holders profit and stablecoin holders suffer
#130
code423n4
closed
2 years ago
2
`JPEGLock.lockFor` can relock for specific nft, which overwrites previous lock and cause `JPEG` loss of the locker
#129
code423n4
closed
2 years ago
1
`!_account.isContract()` can be bypassed
#128
code423n4
closed
2 years ago
1
Gas Optimizations
#127
code423n4
opened
2 years ago
0
QA Report
#126
code423n4
opened
2 years ago
0
unhandled return value form transfer() and transferFrom() in JpegStaking.sol
#125
code423n4
closed
2 years ago
2
use of deprecated chainlink oracle method
#124
code423n4
closed
2 years ago
1
use of Transfer() instead of call() to send eth
#123
code423n4
closed
2 years ago
2
lack of checks for approved strategy in Controller.earn()
#122
code423n4
closed
2 years ago
2
Gas Optimizations
#121
code423n4
opened
2 years ago
2
QA Report
#120
code423n4
opened
2 years ago
0
setDebtInterestApr() doesn't accrue interest before changing it
#119
code423n4
closed
2 years ago
1
old strategy approval is not set to false
#118
code423n4
closed
2 years ago
2
Wrong calculation for yVault price per share if decimals != 18
#117
code423n4
opened
2 years ago
2
Initial `yVault` deposit with `amount=1 wei` causes very expensive share price leading to precision errors and loss of funds
#116
code423n4
closed
2 years ago
1
Use of deprecated Chainlink oracle aggregator function `latestAnswer`
#115
code423n4
closed
2 years ago
1
Use `safeTransfer()`/`safeTransferFrom()` consistently instead of `transfer()`/`transferFrom()`
#114
code423n4
closed
2 years ago
2
Use of Solidity's `transfer()` function might render ETH impossible to withdraw
#113
code423n4
closed
2 years ago
2
QA Report
#112
code423n4
opened
2 years ago
0
Gas Optimizations
#111
code423n4
opened
2 years ago
0
Gas Optimizations
#110
code423n4
opened
2 years ago
0
Debt interest rate updates effect the interest rate of the existing loans as well.
#109
code423n4
closed
2 years ago
2
Oracle Prices Used Could Be Stale Or Manipulated due to latestAnswer() call
#108
code423n4
closed
2 years ago
1
Liquidation Limit Rate updates effect the liquidation limit of the current loans as well.
#107
code423n4
closed
2 years ago
2
Critical updates executed by privileged users should have a timelock.
#106
code423n4
closed
2 years ago
2
insuraceRepurchaseTimeLimit Missing Setter and validation
#105
code423n4
closed
2 years ago
2
Tokens with fee on transfer are not supported
#104
code423n4
closed
2 years ago
1
Owner of LPFarming.sol can DOS rewards by stopping epoch at any time
#103
code423n4
closed
2 years ago
2
Gas Optimizations
#102
code423n4
opened
2 years ago
0
`finalizePendingNFTValue()` May Lock an NFT Value Twice Overwriting The Previous Call
#101
code423n4
closed
2 years ago
1
Gas Optimizations
#100
code423n4
opened
2 years ago
0
Reentrancy Issue Due to Lack of Reentrancy Guard on `closePosition()`
#99
code423n4
closed
2 years ago
2
QA Report
#98
code423n4
opened
2 years ago
3
Division before Multiplication May Result In No Interest Being Accrued
#97
code423n4
opened
2 years ago
2
Usage of deprecated Chainlink's latestAnswer function
#96
code423n4
closed
2 years ago
1
Use of deprecated API for chainlink aggregator
#95
code423n4
closed
2 years ago
1
QA Report
#94
code423n4
opened
2 years ago
3
For any (sufficiently regular) smart contract, there exists a smart contract that bypasses `noContract` modifier and still has the same functionality
#93
code423n4
closed
2 years ago
1
Usage of deprecated Chainlink's latestAnswer function
#92
code423n4
closed
2 years ago
1
Gas Optimizations
#91
code423n4
opened
2 years ago
0
QA Report
#90
code423n4
opened
2 years ago
1
Wrong lockFor can lost tokens
#89
code423n4
closed
2 years ago
1
Possible Token lost in Flash Escrow
#88
code423n4
closed
2 years ago
2
JPEG minting to the different address
#87
code423n4
closed
2 years ago
1
Previous
Next