issues
search
code-423n4
/
2022-07-fractional-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Uninitialized implementation for Vault can be destroyed
#603
code423n4
closed
2 years ago
1
Native ETH transfer should use `call()` instead of `transfer()`
#602
code423n4
closed
2 years ago
2
ERC721 Transfers aren't "safe"
#601
code423n4
closed
2 years ago
2
buyoutPrice precision is lost in Buyout's start and Migration's commit
#600
code423n4
closed
2 years ago
3
ERC20 RETURN VALUES NOT CHECKED
#599
code423n4
opened
2 years ago
3
It's not possible to withdraw accidentally sent funds from the Vault contract.
#598
code423n4
opened
2 years ago
2
Buyout griefing can block almost all functionalities
#597
code423n4
closed
2 years ago
2
Gas Optimizations
#596
code423n4
opened
2 years ago
0
Gas Optimizations
#595
code423n4
closed
2 years ago
2
QA Report
#594
code423n4
opened
2 years ago
0
Usage of deprecated transfer to send ETH
#593
code423n4
closed
2 years ago
2
Gas Optimizations
#592
code423n4
opened
2 years ago
0
It is possible to burn someone's vault tokens
#591
code423n4
closed
2 years ago
2
QA Report
#590
code423n4
opened
2 years ago
0
call() should be used instead of transfer() on address payable
#589
code423n4
closed
2 years ago
2
merkleRoot can be set by delegatecall(), violate setMerkelRoot()
#588
code423n4
closed
2 years ago
2
Migration's leave and withdrawContribution use payable.transfer calls with an arbitrary receiver
#587
code423n4
closed
2 years ago
2
delegatecall() modify merkleRoot, vault may lose all
#586
code423n4
closed
2 years ago
2
Vault implementation can be selfdestructed due to lack of initialization
#585
code423n4
closed
2 years ago
1
Migration Module: The assets can be taken by a failed proposal
#584
code423n4
closed
2 years ago
2
Gas Optimizations
#583
code423n4
opened
2 years ago
0
Migration Module: After successful migration, ERC20 assets can be thrown away by anyone
#582
code423n4
closed
2 years ago
2
QA Report
#581
code423n4
opened
2 years ago
0
dont use transfer ,instead use call
#580
code423n4
closed
2 years ago
2
Migration Module: Usage of `withdrawContribution` instead of `leave` before buyout
#579
code423n4
closed
2 years ago
1
Gas Optimizations
#578
code423n4
opened
2 years ago
0
Implementation doesn't matches with description in comments
#577
code423n4
closed
2 years ago
2
Migration Module: Re-enter `commit` using custom token
#576
code423n4
opened
2 years ago
1
Lack of return value check can lead to unexpected results with no-revert-on-transfer ERC20 tokens
#575
code423n4
closed
2 years ago
2
Buyout Module: `redeem`ing before the update of totalSupply will make buyout's current state success
#574
code423n4
opened
2 years ago
2
function mint() in FERC1155 don't follow check-effect-interact pattern, it's possible to call protocol contracts after tokens minted and before totalSupply updated
#573
code423n4
closed
2 years ago
1
# an attacker can block stuff from the users from being able to do a buyout or sell fractoins or just main functions ,causing grief of users money and time
#572
code423n4
closed
2 years ago
2
BaseVault: hard-coded array length for hashes will limit the number of modules
#571
code423n4
closed
2 years ago
2
Migration Module: Disable to join, leave, commit by starting a buyout
#570
code423n4
closed
2 years ago
2
QA Report
#569
code423n4
opened
2 years ago
1
Plugins can be abused, custom FERC1155 Token can be abused
#568
code423n4
closed
2 years ago
2
percsion error that causes buyoutprice to be very low causing the fractionPrice very low or very high
#567
code423n4
closed
2 years ago
2
Buyout Module: `ethBalance` is not properly updated
#566
code423n4
closed
2 years ago
1
QA Report
#565
code423n4
opened
2 years ago
1
`div by 0` if user got all the fractions
#564
code423n4
closed
2 years ago
1
Any token approved for the base vault can be stolen
#563
code423n4
closed
2 years ago
1
After migration, the caller can claim his/her fractional tokens again and again by calling the function migrateFractions
#562
code423n4
closed
2 years ago
2
Gas Optimizations
#561
code423n4
opened
2 years ago
0
Use of deprecated `transfer` function to send ETH
#560
code423n4
closed
2 years ago
2
Due a low precision scalar there could be rounding errors
#559
code423n4
closed
2 years ago
1
deployFor() in VaultFactory uses tx.origin to create vault, so it's possible to redirect someone transaction to deployFor() and become the owner of their vault
#558
code423n4
opened
2 years ago
3
QA Report
#557
code423n4
opened
2 years ago
0
Gas Optimizations
#556
code423n4
opened
2 years ago
0
Gas Optimizations
#555
code423n4
opened
2 years ago
0
QA Report
#554
code423n4
opened
2 years ago
1
Previous
Next