code-423n4 2022-05-backd-findings issues

code-423n4 / 2022-05-backd-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> M from 18 [1656705908645]

#182 code423n4 closed 2 years ago
1
Upgraded Q -> M from 18 [1656705895450]

#181 code423n4 closed 2 years ago
1
Usage of deprecated transfer to send ETH

#180 code423n4 opened 2 years ago
1
Function unstakeFor() and stakeFor() in AmmGauge is vulnerable to reentrancy attacfk

#179 code423n4 closed 2 years ago
2
Gas Optimizations

#178 code423n4 opened 2 years ago
2
call() should be used instead or transfer() on an address payable

#177 code423n4 closed 2 years ago
2
QA Report

#176 code423n4 opened 2 years ago
2
checkpointAllGauges may has gas explode error due to looping too many times

#175 code423n4 closed 2 years ago
2
QA Report

#174 code423n4 opened 2 years ago
1
QA Report

#173 code423n4 opened 2 years ago
1
Minus before addition -> underflow risk (But reverted due to solidity 0.8)

#172 code423n4 opened 2 years ago
2
QA Report

#171 code423n4 opened 2 years ago
1
Gas Optimizations

#170 code423n4 opened 2 years ago
1
BurnToTarget can be exploited to receive more LP tokens

#169 code423n4 closed 2 years ago
2
Gas Optimizations

#168 code423n4 opened 2 years ago
2
In BkdLocker codes uses safeTransferFrom() multiple times for reward tokens without considering deflationary tokens

#167 code423n4 closed 2 years ago
2
lockFor() in BkdLocker don't check that user is not 0x0 and if user by mistake call this function with value 0x0 s/he is going to lose his funds.

#166 code423n4 opened 2 years ago
2
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

#165 code423n4 closed 2 years ago
2
Gas Optimizations

#164 code423n4 opened 2 years ago
1
Approving from non-zero to non-zero allowance will revert with OZ's `safeApprove()`

#163 code423n4 closed 2 years ago
2
Any user can start inflation for Minter.sol

#162 code423n4 closed 2 years ago
2
unstakeFor method in AmmGauge.sol does not respect CEI standard.

#161 code423n4 closed 2 years ago
2
unstakeFor method in AmmConvexGauge.sol does not respect CEI standard.

#160 code423n4 closed 2 years ago
2
QA Report

#159 code423n4 opened 2 years ago
1
unstakeFor method in StakerVault.sol does not respect CEI standard.

#158 code423n4 closed 2 years ago
2
wrong reward distribution and user fund lose if migrate() is called with current rewardToken by mistake or intentionally

#157 code423n4 closed 2 years ago
2
Able to get LP tokens without spending any funds in ```FeeBurner.sol```

#156 code423n4 closed 2 years ago
2
QA Report

#155 code423n4 opened 2 years ago
2
Gas Optimizations

#154 code423n4 opened 2 years ago
1
QA Report

#153 code423n4 opened 2 years ago
1
Deposit doesn't initialize WithdrawalMeta

#152 code423n4 closed 2 years ago
2
Gas Optimizations

#151 code423n4 opened 2 years ago
1
Inconsistency in view functions can lead to users believing they’re due for more BKD rewards

#150 code423n4 opened 2 years ago
2
QA Report

#149 code423n4 opened 2 years ago
1
Gas Optimizations

#148 code423n4 opened 2 years ago
1
Staking functions should be disabled if pool “killed”

#147 code423n4 closed 2 years ago
1
QA Report

#146 code423n4 opened 2 years ago
1
QA Report

#145 code423n4 closed 2 years ago
1
Possible future risk of reentrancy for upgradeable token

#144 code423n4 closed 2 years ago
2
Governance Token limit can be massively increased due to uninitialised `lastEvent` variable

#143 code423n4 closed 2 years ago
2
QA Report

#142 code423n4 opened 2 years ago
1
Users can claim extremely large rewards or lock rewards from LpGauge due to uninitialised `poolLastUpdate` variable

#141 code423n4 opened 2 years ago
4
Gas Optimizations

#140 code423n4 opened 2 years ago
1
Users can unstake more AMM Token can their balance

#139 code423n4 closed 2 years ago
2
Gas Optimizations

#138 code423n4 opened 2 years ago
1
Call to safeApprove without checking previous allowance in burnFees could result in locked funds

#137 code423n4 closed 2 years ago
2
it's possible to initialize contract BkdLocker for multiple times by sending startBoost=0 and each time different values for other parameters

#136 code423n4 opened 2 years ago
1
Fees from delisted pool still in reward handler will become stuck after delisting

#135 code423n4 opened 2 years ago
1
QA Report

#134 code423n4 opened 2 years ago
1
Fee-on transfer tokens in `FeeBurner.burnToTarget` will revert transaction

#133 code423n4 opened 2 years ago
2