code-423n4 2022-08-olympus-findings issues

code-423n4 / 2022-08-olympus-findings

5 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Heart: the frequency is not really ensured

#405 code423n4 closed 2 years ago
3
Operator: if WallSpread is 10000, `operate` and `beat` will revert and price information cannot be updated anymore

#404 code423n4 opened 2 years ago
2
TRSRY: reenter from OlympusTreasury::repayLoan to Operator::swap

#403 code423n4 opened 2 years ago
2
QA Report

#402 code423n4 closed 2 years ago
1
Gas Optimizations

#401 code423n4 opened 2 years ago
0
QA Report

#400 code423n4 opened 2 years ago
0
Possible re-entrancy in OlympusGovernance.executeProposal()

#399 code423n4 closed 2 years ago
1
Gas Optimizations

#398 code423n4 opened 2 years ago
0
Inconsistent percentage to set the SUBMISSION_REQUIREMENT and ENDORSEMENT_THRESHOLD, EXECUTION_THRESHOLD

#397 code423n4 closed 2 years ago
2
QA Report

#396 code423n4 opened 2 years ago
0
Gas Optimizations

#395 code423n4 closed 2 years ago
1
System is too centralised

#394 code423n4 closed 2 years ago
2
Proposals can be submitted and executed sucessfully when VOTES totalySupply is 0.

#393 code423n4 closed 2 years ago
2
Anyone can pass any proposal alone before first `VOTES` are minted

#392 code423n4 opened 2 years ago
2
Inconsistency in staleness checks between OHM and reserve token oracles

#391 code423n4 opened 2 years ago
1
Heartbeat fails if rewardToken balance of Heart.sol ever falls below the reward amount

#390 code423n4 closed 2 years ago
3
TRSRY:getLoan() is permissioned, but no policy has permission to call it

#389 code423n4 opened 2 years ago
2
Chainlink oracle data feeds are not sufficiently validated and can return stale answers

#388 code423n4 closed 2 years ago
1
QA Report

#387 code423n4 opened 2 years ago
0
User with 33% votes held can execute self-endorsed Proposal

#386 code423n4 closed 2 years ago
2
Gas Optimizations

#385 code423n4 opened 2 years ago
0
QA Report

#384 code423n4 opened 2 years ago
0
`Operator.swap()` doesn't support fee-on-transfer tokens.

#383 code423n4 closed 2 years ago
2
Not being able to vote again may cause voter mistakes

#382 code423n4 closed 2 years ago
2
`Heart.withdrawUnspentRewards()` might withdraw current `rewardToken' by fault.

#381 code423n4 closed 2 years ago
3
No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

#380 code423n4 opened 2 years ago
2
Inconsistant parameter requirements between `constructor()` and `Set() functions` in `RANGE.sol` and `Operator.sol`.

#379 code423n4 opened 2 years ago
2
Heart will stop if all rewards are swept

#378 code423n4 opened 2 years ago
1
Gas Optimizations

#377 code423n4 opened 2 years ago
0
In `Governance.sol`, it might be impossible to activate a new proposal forever after failed to execute the previous active proposal.

#376 code423n4 opened 2 years ago
3
The governance system can be held hostage by a malicious user

#375 code423n4 opened 2 years ago
2
QA Report

#374 code423n4 opened 2 years ago
0
QA Report

#373 code423n4 opened 2 years ago
0
QA Report

#372 code423n4 opened 2 years ago
0
Gas Optimizations

#371 code423n4 closed 2 years ago
1
Missed heart beat negates TWAP effectiveness and drains reward token balance

#370 code423n4 closed 2 years ago
2
Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)

#369 code423n4 closed 2 years ago
3
Missing checks in `Kernel._deactivatePolicy`

#368 code423n4 opened 2 years ago
4
Integer overflow by unsafe casting in `Operator`

#367 code423n4 closed 2 years ago
2
Can register duplicate policy in Kernel

#366 code423n4 closed 2 years ago
3
QA Report

#365 code423n4 opened 2 years ago
0
Unrestricted access for configureDependencies in all the policies. Anyone can call the configureDependencies

#364 code423n4 opened 2 years ago
3
QA Report

#363 code423n4 opened 2 years ago
0
Olympus votes can be locked in OlympusGovernance contract

#362 code423n4 closed 2 years ago
2
Gas Optimizations

#361 code423n4 opened 2 years ago
0
QA Report

#360 code423n4 opened 2 years ago
0
Gas Optimizations

#359 code423n4 opened 2 years ago
0
Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

#358 code423n4 closed 2 years ago
2
QA Report

#357 code423n4 opened 2 years ago
0
QA Report

#356 code423n4 opened 2 years ago
0

Previous Next