code-423n4 2022-05-vetoken-findings issues

code-423n4 / 2022-05-vetoken-findings

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

test

#279 ankushgoel27 closed 1 year ago
0
Upgraded Q -> M from 268 [1659038665057]

#277 code423n4 closed 2 years ago
1
Upgraded Q -> M from 264 [1659038303960]

#276 code423n4 closed 2 years ago
1
Upgraded Q -> M from 234 [1659038052827]

#275 code423n4 closed 2 years ago
1
Upgraded Q -> M from 232 [1659037895855]

#274 code423n4 closed 2 years ago
1
Upgraded Q -> M from 9 [1659036743700]

#273 code423n4 closed 2 years ago
1
Gas Optimizations

#272 code423n4 opened 2 years ago
1
Gas Optimizations

#271 code423n4 opened 2 years ago
1
in VeAssetDepositor and Booster contract don't set safeApprove() to 0 first and that token uses OpenZeppelin’s ERC20 implementation

#270 code423n4 closed 2 years ago
2
QA Report

#269 code423n4 opened 2 years ago
1
QA Report

#268 code423n4 opened 2 years ago
3
Since calling `_lockVeAsset()` `incentiveVeAsset` is always set to `0`

#267 code423n4 closed 2 years ago
2
infalting the price of tokens to your benfit and no reentracy gaurd you can make your own function for stakefor

#266 code423n4 closed 2 years ago
2
QA Report

#265 code423n4 closed 2 years ago
1
QA Report

#264 code423n4 opened 2 years ago
3
totalSupplyAtEpoch will revert

#263 code423n4 closed 2 years ago
2
totalSupply will revert

#262 code423n4 closed 2 years ago
2
QA Report

#261 code423n4 opened 2 years ago
1
Logic error in inversely traversed loops could lead to DoS

#260 code423n4 closed 2 years ago
2
QA Report

#259 code423n4 opened 2 years ago
2
pendingLockAtEpochOf will revert

#258 code423n4 closed 2 years ago
2
balanceAtEpochOf will revert

#257 code423n4 closed 2 years ago
2
you should always approve zero amount because some contracts need it to interact with it (ust)

#256 code423n4 closed 2 years ago
2
In VoterProxy the address veAsset is not added to protectedTokens[] list so it's possible to call withdraw() with veAsset address by stash protocol and withdraw veAsset Balance of VoterProxy

#255 code423n4 closed 2 years ago
2
QA Report

#254 code423n4 opened 2 years ago
2
safetransferfrom a user has to give allowance to make the function work

#253 code423n4 closed 2 years ago
2
If a new extra reward is added later, existing stakes will not be able to withdraw

#252 code423n4 closed 2 years ago
2
Gas Optimizations

#251 code423n4 opened 2 years ago
1
attacker can steal funds from staker contract and this contract)with decrease allownace frontrunning

#250 code423n4 closed 2 years ago
2
Gas Optimizations

#249 code423n4 closed 2 years ago
1
Gas Optimizations

#248 code423n4 opened 2 years ago
1
setOwner() function in VoterProxy allow new owner to be set as 0x0, so if owner call it by wrong value the contract will be in broken state and funds would be lost

#247 code423n4 closed 2 years ago
2
In VeAssetDepositor constructor if deployer set wrong value for maxTime or if maxTime in veAsset project changes then funds can be locked in VeAssetDepositor and contract will be in broken state

#246 code423n4 closed 2 years ago
2
Add a tme lock to `VoterProxy.sol` setter function

#245 code423n4 closed 2 years ago
2
user can pay alot of money with out getting his tokens

#244 code423n4 closed 2 years ago
2
QA Report

#243 code423n4 closed 2 years ago
1
Revert if too many rewardTokens in VE3DLocker

#242 code423n4 closed 2 years ago
2
QA Report

#241 code423n4 opened 2 years ago
1
Gas Optimizations

#240 code423n4 opened 2 years ago
1
Unable to updateReward if there are too many rewardTokens

#239 code423n4 closed 2 years ago
2
Unable to shutdown if there are too many pool

#238 code423n4 closed 2 years ago
2
user can mint anything he wants

#237 code423n4 closed 2 years ago
2
attacker or user can take advantage of percsion error and effect staking

#236 code423n4 closed 2 years ago
2
Bad use of safeApprove

#235 code423n4 closed 2 years ago
3
QA Report

#234 code423n4 opened 2 years ago
2
Governance can arbitrarily burn VeToken from any address

#233 code423n4 opened 2 years ago
2
QA Report

#232 code423n4 opened 2 years ago
3
lockVeAsset() in VeAssetDepositor don't follow the check-effect-interact pattern and it's vulnerable to reentrancy attack

#231 code423n4 opened 2 years ago
2
Gas Optimizations

#230 code423n4 opened 2 years ago
1
QA Report

#229 code423n4 opened 2 years ago
3