issues
search
code-423n4
/
2022-11-paraspace-findings
6
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> M from #404 [1674736828553]
#521
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #404 [1674736594739]
#520
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #472 [1674665995647]
#519
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #449 [1674665297296]
#518
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #374 [1674664049404]
#517
c4-judge
closed
1 year ago
3
Upgraded Q -> M from #313 [1674663275698]
#516
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #258 [1674661917738]
#515
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #229 [1674661441196]
#514
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #229 [1674661320954]
#513
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #80 [1674644981726]
#512
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #72 [1674644492627]
#511
c4-judge
closed
1 year ago
2
Update and rename skinheadz-412.json to skinz-412.json
#509
kartoonjoy
closed
1 year ago
0
Update and rename skinheadz-412.json to skinz-412.json
#508
kartoonjoy
closed
1 year ago
0
Update and rename skinheadz-412.json to skinz-412.json
#507
kartoonjoy
closed
1 year ago
0
Update skinheadz-412.json
#506
kartoonjoy
closed
1 year ago
0
Attacker can inject a negligible holding to a victim and make them unable to withdraw assets, temporarily or permanently
#505
trust1995
closed
1 year ago
2
QA Report
#504
code423n4
opened
1 year ago
1
QA Report
#503
code423n4
opened
1 year ago
1
Missing ReEntrancy Guard to `executeAcceptBidWithCredit` function
#502
code423n4
closed
1 year ago
5
QA Report
#501
code423n4
opened
1 year ago
1
QA Report
#500
code423n4
closed
1 year ago
1
QA Report
#499
code423n4
opened
1 year ago
1
Attacker can drain pool using executeBuyWithCredit with malicious marketplace payload.
#498
code423n4
opened
1 year ago
2
MintableIncentivizedERC721 and NToken do not comply with ERC721, breaking composability
#497
code423n4
opened
1 year ago
4
Oracle will become invalid much faster than intended on non-mainnet chains
#496
code423n4
opened
1 year ago
2
Fallback oracle is unusable when primary oracle is not updated
#495
code423n4
closed
1 year ago
2
WPunk will become locked if liquidator ops to receive the underlying token instead of nToken
#494
code423n4
closed
1 year ago
2
Some arbitrary feeders will not be removable, even by admin.
#493
code423n4
closed
1 year ago
3
MintableIncentivizedERC721 incorrectly implements safe transfers
#492
code423n4
closed
1 year ago
2
Price can deviate by much more than maxDeviationRate
#491
code423n4
opened
1 year ago
2
Pausing assets only affects future price updates, not previous malicious updates.
#490
code423n4
opened
1 year ago
3
Asset removal leaks previous asset prices which will be used again when asset is re-added.
#489
code423n4
closed
1 year ago
2
PoolAdmin can steal NFT from NTokens
#488
code423n4
closed
1 year ago
2
Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage.
#487
code423n4
opened
1 year ago
4
UniswapV3 tokens of certain pairs will be wrongly valued, leading to liquidations.
#486
code423n4
opened
1 year ago
2
Compromised admin can instantly take all NFTs held in NToken contracts
#485
code423n4
closed
1 year ago
2
Downcast can lead to overflow and impact the functionality to remove an asset in `NFTFloorOracle`
#484
code423n4
closed
1 year ago
3
Gas Optimizations
#483
code423n4
closed
1 year ago
1
NFTFloorOracle's asset and feeder structures can be corrupted
#482
code423n4
opened
1 year ago
5
Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.
#481
code423n4
opened
1 year ago
4
Gas Optimizations
#480
code423n4
opened
1 year ago
2
Bad debt will likely incur when multiple NFTs are liquidated.
#479
code423n4
opened
1 year ago
4
User can pass auction recovery health check easily with flashloan
#478
code423n4
opened
1 year ago
3
Owner has complete control of NTokens using unsafe marketplace delegatecall
#477
code423n4
closed
1 year ago
2
Victim cannot make use of UniswapV3 NTokens if victim keeps DOSing their balance
#476
code423n4
closed
1 year ago
2
Attacker can abuse victim's signature for marketplace bid to buy worthless item
#475
code423n4
opened
1 year ago
2
When users sign a credit loan for bidding on an item, they are forever committed to the loan even if the NFT value drops massively.
#474
code423n4
opened
1 year ago
2
Compromised or malicious owner can fully control NFT prices, making them able to take uncollateralized loans or freely liquidate users
#473
code423n4
closed
1 year ago
2
QA Report
#472
code423n4
opened
1 year ago
1
QA Report
#471
code423n4
closed
1 year ago
2
Next