code-423n4 2022-06-putty-findings issues

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Same order could be exercised multiple times if transferFrom fails

#367 code423n4 closed 2 years ago
1
Gas Optimizations

#366 code423n4 opened 2 years ago
0
Gas Optimizations

#365 code423n4 closed 2 years ago
1
Gas Optimizations

#364 code423n4 opened 2 years ago
0
Counter offer is not implemented correctly

#363 code423n4 closed 2 years ago
5
Missing check If the order is already exercised

#362 code423n4 closed 2 years ago
1
Gas Optimizations

#361 code423n4 closed 2 years ago
1
Weak `msg.value` checks in `fillOrder` can make users lose ETH

#360 code423n4 closed 2 years ago
2
Block values as time proxies

#359 code423n4 closed 2 years ago
3
QA Report

#358 code423n4 opened 2 years ago
1
msg.value inside a loop can cause to disruption on the orders

#357 code423n4 closed 2 years ago
3
Gas Optimizations

#356 code423n4 closed 2 years ago
1
Locked funds :has payable function, but no withdrawal functionality. Therefore, the funds will be locked in contract.

#355 code423n4 closed 2 years ago
2
Gas Optimizations

#354 code423n4 closed 2 years ago
1
[M-02] Cancel is allowed even after the order was filled

#353 code423n4 closed 2 years ago
2
The strike cover amount can be locked for very long time in the putty contract

#352 code423n4 closed 2 years ago
6
Gas Optimizations

#351 code423n4 opened 2 years ago
0
fund steal by crating a lot of bad long positions and then transferring NFT token of long position to all users and trick them(or by mistake) to click on exercise()

#350 code423n4 closed 2 years ago
3
withdraw of assets batch could be blocked with one asset with malicious code

#349 code423n4 closed 2 years ago
1
Use of Solidity version 0.8.13 which has two known issues applicable to PuttyV2

#348 code423n4 opened 2 years ago
3
[M-01] Fees can change during the order life-cycle

#347 code423n4 closed 2 years ago
1
Avoid transfer()/send() as reentrancy mitigations. | the gas repricing of opcodes may break deployed contracts |

#346 code423n4 closed 2 years ago
1
both order side positions don’t exist is not checked

#345 code423n4 closed 2 years ago
2
Gas Optimizations

#344 code423n4 opened 2 years ago
0
Gas Optimizations

#343 code423n4 opened 2 years ago
0
msg.value not handled in some paths of `exercise`

#342 code423n4 closed 2 years ago
2
msg.value not handled in some paths of `fillOrder`

#341 code423n4 closed 2 years ago
2
QA Report

#340 code423n4 opened 2 years ago
2
[H-02] Owner does not get any fee when call is expired

#339 code423n4 closed 2 years ago
3
Payable admin functions

#338 code423n4 opened 2 years ago
3
Gas Optimizations

#337 code423n4 opened 2 years ago
0
QA Report

#336 code423n4 closed 2 years ago
1
Gas Optimizations

#335 code423n4 opened 2 years ago
0
Gas Optimizations

#334 code423n4 opened 2 years ago
0
QA Report

#333 code423n4 closed 2 years ago
2
[H-01] Owner does not get any fee when exercising a put

#332 code423n4 closed 2 years ago
2
Gas Optimizations

#331 code423n4 opened 2 years ago
0
QA Report

#330 code423n4 opened 2 years ago
1
Gas Optimizations

#329 code423n4 opened 2 years ago
0
Underlying assets may be modified during execution

#328 code423n4 closed 2 years ago
2
Putty position tokens may be minted to non ERC721 receivers

#327 code423n4 opened 2 years ago
3
block.timestamp is used for expiration of orders and positions in fillOrder, exercise and withdraw which can create MEV and miners can cause griefing and DOS for other user's transactions by manipulating block.timestamp

#326 code423n4 closed 2 years ago
1
Unconventional design of option expiration time design and lack of validation making it possible for the taker to buy a long position that can not be exercised

#325 code423n4 closed 2 years ago
2
Native ETH can be sent with ERC20 orders

#324 code423n4 closed 2 years ago
2
Using SafeTransferLib as a transfer medium has a certain probability of causing problems

#323 code423n4 closed 2 years ago
3
withdraw() could be blocked if feeAmount would be 0 and baseAsset contract doesn’t allow for zero amount transfers

#322 code423n4 closed 2 years ago
1
return value of weth transfer is ignored and unchecked

#321 code423n4 closed 2 years ago
2
Gas Optimizations

#320 code423n4 opened 2 years ago
0
Gas Optimizations

#319 code423n4 closed 2 years ago
1
Problems with the access control of the fillOrder() function

#318 code423n4 closed 2 years ago
3

Previous Next