code-423n4 2022-05-rubicon-findings issues

code-423n4 / 2022-05-rubicon-findings

5 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas Optimizations

#418 code423n4 opened 2 years ago
0
Reentrancy attack

#417 code423n4 closed 2 years ago
3
QA Report

#416 code423n4 opened 2 years ago
0
DOS by Frontrunning BathHouse's initialize() Function

#415 code423n4 closed 2 years ago
3
QA Report

#414 code423n4 opened 2 years ago
0
QA Report

#413 code423n4 opened 2 years ago
0
First pool depositor can break minting of shares

#412 code423n4 closed 2 years ago
1
Unbounded Fee can be set higher than 100%

#411 code423n4 closed 2 years ago
1
Share Withdrawal Re-Entrancy

#410 code423n4 closed 2 years ago
1
QA Report

#409 code423n4 opened 2 years ago
1
QA Report

#408 code423n4 closed 2 years ago
1
All eth can be stolen from the rubiconRouter

#407 code423n4 closed 2 years ago
2
Gas Optimizations

#406 code423n4 opened 2 years ago
0
ERC20 transfers does not work on non-standard compliant tokens like USDT

#405 code423n4 closed 2 years ago
1
Gas Optimizations

#404 code423n4 opened 2 years ago
0
Improper Integration of EIP-20 Standard for Non-Compliant Tokens (i.e. USDT)

#403 code423n4 closed 2 years ago
1
Amount of underlyingToken can be inflated leading to slightly higher amounts being withdrawn to a user

#402 code423n4 closed 2 years ago
3
Swap in router uses pay_amt to swap but allows msg.value to be larger

#401 code423n4 closed 2 years ago
2
Incorrect Usage of Safe Arithmetics Library

#400 code423n4 closed 2 years ago
2
Fee can be set arbitrarily high at BathToken

#399 code423n4 closed 2 years ago
2
Strategists can drain all tokens in liquidity pools

#398 code423n4 closed 2 years ago
1
First depositor can break minting of shares

#397 code423n4 opened 2 years ago
4
QA Report

#396 code423n4 opened 2 years ago
0
No check for return value in many transfer calls.

#395 code423n4 closed 2 years ago
1
Gas Optimizations

#394 code423n4 opened 2 years ago
0
Using an uninitialized variable (`name`) in `initialize` on the `bathToken.sol` contract

#393 code423n4 closed 2 years ago
1
QA Report

#392 code423n4 opened 2 years ago
0
QA Report

#391 code423n4 opened 2 years ago
0
Initialization methods can be front-run

#390 code423n4 closed 2 years ago
2
No implementation of `decrease/increase allowance` are a risk to fronton attacks

#389 code423n4 closed 2 years ago
5
Deprecated `transfer` might not work with `msg.sender`

#388 code423n4 closed 2 years ago
1
`BathToken` does not conform to EIP4626 implementation or specification

#387 code423n4 opened 2 years ago
3
Gas Optimizations

#386 code423n4 opened 2 years ago
0
Owner rug vector in `adminWriteBathToken()`

#385 code423n4 closed 2 years ago
3
Mistake in `previewWithdraw` causes revert of `withdraw` transactions.

#384 code423n4 closed 2 years ago
1
Result of transfer not checked

#383 code423n4 closed 2 years ago
2
Owner can steal or DoS all withdrawals by setting high `feeBPS`

#382 code423n4 closed 2 years ago
2
BathToken uninitialized rewardsVestingWallet leading to loss of funds

#381 code423n4 closed 2 years ago
1
QA Report

#380 code423n4 opened 2 years ago
0
Gas Optimizations

#379 code423n4 opened 2 years ago
0
Lack of Address(0) checks in crucial mint/deposit/withdraw functions

#378 code423n4 closed 2 years ago
2
`maxBuyAllAmount` and `maxSellAllAmount` doesn't require user to transfer token to router to buy/sell (RubiconRouter.sol)

#377 code423n4 closed 2 years ago
2
RubiconRouter maxSellAllAmount does not trasnfer user's fund into its address, causing calls to always revert

#376 code423n4 opened 2 years ago
2
Use of `transfer()` instead of `safeTransfer()` can lead to loss of funds

#375 code423n4 closed 2 years ago
1
The RubiconRouter function maxBuyAllAmount does not transfer user's fund into its address, causing the function to always revert

#374 code423n4 closed 2 years ago
1
instead of call() , transfer() is used to withdraw the ether

#373 code423n4 closed 2 years ago
1
Arbitrarily set `rubiconMarketAddress` opens rug vector for admin or attacker with compromised keys

#372 code423n4 closed 2 years ago
2
Wrong fee calculation between Router & Market

#371 code423n4 closed 2 years ago
1
Return values are not checked for `transferFrom`, `transfer`, and `approve` calls to external tokens

#370 code423n4 closed 2 years ago
2
Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

#369 code423n4 closed 2 years ago
1

Previous Next