issues
search
code-423n4
/
2022-06-badger-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Missing zero address check for bribesProcessor
#158
jack-the-pug
closed
2 years ago
1
QA Report
#157
liveactionllama
opened
2 years ago
2
Gas Optimizations
#156
code423n4
opened
2 years ago
2
_harvest() performs market swaps without slippage control and is a subject to sandwich attacks
#155
code423n4
closed
2 years ago
2
harvest() can be frontrun, to make the AURABAL token stuck
#154
code423n4
closed
2 years ago
1
Gas Optimizations
#153
code423n4
opened
2 years ago
1
QA Report
#152
code423n4
opened
2 years ago
1
QA Report
#151
code423n4
opened
2 years ago
2
Gas Optimizations
#150
code423n4
opened
2 years ago
1
performUpkeep is not protected by `whenNotPaused` modifier
#149
code423n4
closed
2 years ago
1
prepareWithdrawAll should not be external
#148
code423n4
closed
2 years ago
1
Access control modifier can be bypassed
#147
code423n4
opened
2 years ago
1
Principal payout
#146
code423n4
closed
2 years ago
2
Gas Optimizations
#145
code423n4
opened
2 years ago
1
QA Report
#144
code423n4
opened
2 years ago
1
Vault can never fully be emptied
#143
code423n4
closed
2 years ago
1
If ```token == BADGER```, the ```_handleRewardTransfer``` function does not work
#142
code423n4
closed
2 years ago
2
Gas Optimizations
#141
code423n4
opened
2 years ago
1
It lacks slippage control when swapping tokens
#140
code423n4
closed
2 years ago
2
`_processExtraToken()` in `_sendBadgerToTree()` will transfer BADGER again
#139
code423n4
closed
2 years ago
1
The withdrawal safety check in `_withdrawSome()` seems unreasonable
#138
code423n4
closed
2 years ago
1
Should also check balanceOfRewards in `_withdrawAll()`
#137
code423n4
closed
2 years ago
2
`_sendTokenToBribesProcessor()` doesn't check `bribesProcessor`'s address. Could cause permanent loss of fund
#136
code423n4
closed
2 years ago
1
Gas Optimizations
#135
code423n4
opened
2 years ago
1
Malicious Governance can set malicious `bribesProcessor` to steal rewards that are not protected
#134
code423n4
opened
2 years ago
1
Gas Optimizations
#133
code423n4
closed
2 years ago
2
Gas Optimizations
#132
code423n4
closed
2 years ago
2
_harvest rewards can be stolen because it doesn't implement any slippage bounds
#131
code423n4
closed
2 years ago
1
Loss of yield can occur due to not specifying `minAmountsOut` when exiting `BAL/ETH pool`
#130
code423n4
closed
2 years ago
1
auraBAL can be stuck into the Strategy contract
#129
code423n4
opened
2 years ago
2
Low Value Definition On The Slippage
#128
code423n4
closed
2 years ago
2
QA Report
#127
code423n4
opened
2 years ago
1
VULNERABLE VERSION OF OPEN-ZEPPELIN CAN LEAD TO INITIALIZER() MALFUNCTION
#126
code423n4
closed
2 years ago
1
Yield can be lost due to not specifying `limit` when transferring `WETH` to `Aura`
#125
code423n4
closed
2 years ago
2
Frontrunning initialization of contract
#124
code423n4
closed
2 years ago
1
QA Report
#123
code423n4
opened
2 years ago
1
Yield can be lost due to not specifying `limit` when transferring `auraBAL` to `BAL/ETH BPT`
#122
code423n4
closed
2 years ago
1
Gas Optimizations
#121
code423n4
opened
2 years ago
1
TODO: Hardcode claim.account = address(this)?
#120
code423n4
closed
2 years ago
1
Attacker can steal money from the initializer function
#119
code423n4
closed
2 years ago
2
QA Report
#118
code423n4
opened
2 years ago
5
QA Report
#117
code423n4
closed
2 years ago
1
Gas Optimizations
#116
code423n4
opened
2 years ago
1
Gas Optimizations
#115
code423n4
opened
2 years ago
1
Gas Optimizations
#114
code423n4
opened
2 years ago
3
Inconsistency in paused functionalities
#113
code423n4
opened
2 years ago
1
Gas Optimizations
#112
code423n4
closed
2 years ago
3
Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes
#111
code423n4
opened
2 years ago
4
QA Report
#110
code423n4
closed
2 years ago
1
Gas Optimizations
#109
code423n4
opened
2 years ago
1
Next