code-423n4 2022-09-frax-findings issues

code-423n4 / 2022-09-frax-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Duplicate or incorrect validators temporarily disable `depositEther`

#302 code423n4 opened 2 years ago
3
Gas Optimizations

#301 code423n4 opened 2 years ago
0
minter_burn_from is not used, there is no way to withdraw frxETHToken minted

#300 code423n4 closed 2 years ago
2
`frxETHToken` user was freeze into the contract and loss of user fund.

#299 code423n4 closed 2 years ago
2
QA Report

#298 code423n4 closed 2 years ago
0
Gas Optimizations

#297 code423n4 closed 2 years ago
0
recoverEther will cause currentWithheldETH to be wrong. Further deposits will lose a lot of ETH!

#296 code423n4 closed 2 years ago
2
Gas Optimizations

#295 code423n4 opened 2 years ago
0
QA Report

#294 code423n4 opened 2 years ago
0
Inconsistent use of the for loop increment

#293 code423n4 closed 2 years ago
2
Toggle can be actioned by owner and time_lock contract at the same time

#292 code423n4 closed 2 years ago
4
QA Report

#291 code423n4 closed 2 years ago
0
Gas Optimizations

#290 code423n4 opened 2 years ago
0
Function moveWithheldETH can send currentWithheldETH to an arbitrary address

#289 code423n4 closed 2 years ago
2
Gas Optimizations

#288 code423n4 opened 2 years ago
0
recoverERC20 does not work for non-standard ERC20 tokens in frxETHMinter.sol

#287 code423n4 closed 2 years ago
2
`currentWithheldETH` value can be manipulated

#286 code423n4 closed 2 years ago
4
recoverERC20 should use safeTransfer to transfer the token otherwise USDT can't be recovered

#285 code423n4 closed 2 years ago
2
Minting function "minter_mint" can be called by several allowed minters, but only frxETHMinter contract should be allowed

#284 code423n4 closed 2 years ago
2
`ERC20PermitPermissionedMint:constructor` and `OperatorRegistry:constructor` both don't check whether `_timelock_address` is a zero address.

#283 code423n4 closed 2 years ago
3
Missing zero approval

#282 code423n4 closed 2 years ago
2
QA Report

#281 code423n4 opened 2 years ago
0
Potential DoS in `removeMinter()` in `ERC20PermitPermissionedMint.sol`

#280 code423n4 closed 2 years ago
2
Owner can rug users by setting `withholdRatio` in `frxETHMinter.sol` to 100% and calling `moveWithheldETH()`

#279 code423n4 closed 2 years ago
3
Non-ERC20 compliant tokens (USDT) will be stuck in `frxETHMinter.sol`

#278 code423n4 closed 2 years ago
2
Owner can rug the submitted Ether in `frxETHMinter.sol`

#277 code423n4 closed 2 years ago
2
Gas Optimizations

#276 code423n4 opened 2 years ago
0
The user Can't swap their `frxETH` to `ETH`

#275 code423n4 closed 2 years ago
2
`withheld_amt` calculation is done after minting `frxETHToken` tokens

#274 code423n4 closed 2 years ago
3
rewardsCycle can not guarantee a linear continuous release of earnings

#273 code423n4 closed 2 years ago
2
Gas Optimizations

#272 code423n4 opened 2 years ago
0
No more new `activeValidators` but anyone can `submitAndDeposit()`

#271 code423n4 closed 2 years ago
4
No check if `rewardsCycleEnd` was there over a long time

#270 code423n4 closed 2 years ago
2
`Multisig Treasury Contract` could lock the rewards

#269 code423n4 closed 2 years ago
3
User earn rewards even if their `ETH` is not used on `activeValidators`

#268 code423n4 closed 2 years ago
2
Malicious users can steal the rewards from the vault

#267 code423n4 closed 2 years ago
2
QA Report

#266 code423n4 opened 2 years ago
0
Performing multiplication on results of division

#265 code423n4 closed 2 years ago
3
`frxETHMinter.moveWithheldETH()` should have a strict validation for the user's preference.

#264 code423n4 closed 2 years ago
3
QA Report

#263 code423n4 opened 2 years ago
0
Gas Optimizations

#262 code423n4 opened 2 years ago
0
Gas Optimizations

#261 code423n4 opened 2 years ago
0
Improper Array Deletion

#260 code423n4 closed 2 years ago
2
QA Report

#259 code423n4 opened 2 years ago
0
QA Report

#258 code423n4 opened 2 years ago
0
QA Report

#257 code423n4 opened 2 years ago
0
User can accidentally lose funds at depositWithSignature and mintWithSignature function

#256 code423n4 closed 2 years ago
2
Unsafe use of transfer()/transferFrom() with IERC20

#255 code423n4 closed 2 years ago
2
flash loan attack risk increases as the time span increases between lastSync and nextSync before synRewards is called

#254 code423n4 closed 2 years ago
4
Gas Optimizations

#253 code423n4 opened 2 years ago
0

Previous Next