code-423n4 2022-11-paraspace-findings issues

code-423n4 / 2022-11-paraspace-findings

7 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Invalid ERC-165 implementation

#470 code423n4 closed 1 year ago
2
double user token spending in function executeBuyWithCredit() contract transfer user wETH fund for wETH orders even when user send payment as ETH to contract and contract converted it to wETH (_depositETH() and _delegateToPool() takes user funds when user sends ETH and tries to buy WETH order)

#469 code423n4 closed 1 year ago
3
QA Report

#468 code423n4 opened 1 year ago
1
Gas Optimizations

#467 code423n4 closed 1 year ago
1
QA Report

#466 code423n4 closed 1 year ago
1
executeBuyWithCredit() in MarketPlaceLogic contract don't refund extra received ETH that has been converted to wETH.

#465 code423n4 closed 1 year ago
6
THE FUNCTION LOGIC OF _REMOVEFEEDER() IS FLAWED

#464 code423n4 closed 1 year ago
3
QA Report

#463 code423n4 opened 1 year ago
1
suppliers funds loss because attacker can transfer his collateralized tokens when health factor is below liquidation threshold by reentrancy attack during executeLiquidateERC20() logic and transferring collateralize

#462 code423n4 closed 1 year ago
4
External functions supplyPunk, acceptBidWithCredit, and batchAcceptBidWithCredit should provide the possibility to buy punk directly

#461 code423n4 closed 1 year ago
3
QA Report

#460 code423n4 closed 1 year ago
1
NFTFloorOracle's assets will use old prices if added back after removal

#459 code423n4 opened 1 year ago
4
Gas Optimizations

#458 code423n4 closed 1 year ago
1
`NFTFloorOracle` price feeders can be removed by anyone

#457 code423n4 closed 1 year ago
4
Gas Optimizations

#456 code423n4 closed 1 year ago
1
Discrepency in the Uniswap V3 position price calculation because of decimals

#455 code423n4 opened 1 year ago
4
Gas Optimizations

#454 code423n4 opened 1 year ago
1
PoolApeStaking#withdrawApeCoin compares health factor to incorrect value and allows user to take out large loans that expected

#453 code423n4 closed 1 year ago
4
CENTRALIZATION RISK: ADMIN HAS PRIVILEGES: POOL ADMIN CAN STEAL UNDERLYING OF A NTOKEN

#452 code423n4 closed 1 year ago
2
QA Report

#451 code423n4 opened 1 year ago
1
UNRELIABLE MEDIAN CUMULATIVEPRICES

#450 code423n4 closed 1 year ago
2
QA Report

#449 code423n4 opened 1 year ago
1
Gas Optimizations

#448 code423n4 closed 1 year ago
1
the MAX_DEVIATION_RATE restriction can reject valid NFT price oracle.

#447 code423n4 closed 1 year ago
2
QA Report

#446 code423n4 opened 1 year ago
1
Gas Optimizations

#445 code423n4 closed 1 year ago
1
Gas Optimizations

#444 code423n4 closed 1 year ago
1
Missing access control in `NFTFloorOracle::removeFeeder`

#443 code423n4 closed 1 year ago
5
QA Report

#442 code423n4 opened 1 year ago
1
Admin can set any price in `NFTFloorOracle::setPrice`

#441 code423n4 closed 1 year ago
2
Unbounded array size can result in stale price reported from oracle

#440 code423n4 opened 1 year ago
4
Gas Optimizations

#439 code423n4 closed 1 year ago
1
Missing `whenNotPaused` modifier in `NFTFloorOracle::getPrice`

#438 code423n4 closed 1 year ago
3
Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

#437 code423n4 opened 1 year ago
3
QA Report

#436 code423n4 opened 1 year ago
1
Operator can grief PoolMarketplace

#435 code423n4 opened 1 year ago
6
User health factor will be incorrect if a user has existing sAPE before depositing

#434 code423n4 closed 1 year ago
3
`DEFAULT_ADMIN_ROLE` is able to manipulate NFT prices for profit

#433 code423n4 closed 1 year ago
2
Gas Optimizations

#432 code423n4 closed 1 year ago
1
Gas Optimizations

#431 code423n4 closed 1 year ago
1
No `nonReentrant` modifier in `PoolApeStaking.repayAndSupply`.

#430 code423n4 closed 1 year ago
4
Interactions with AMMs do not use deadlines for operations

#429 code423n4 opened 1 year ago
8
Anyone can remove feeders from `NFTFloorOracle`.

#428 code423n4 closed 1 year ago
2
Gas Optimizations

#427 code423n4 closed 1 year ago
1
`ParaSpaceOracle.getAssetPrice` can return stale price

#426 code423n4 closed 1 year ago
4
QA Report

#425 code423n4 closed 1 year ago
1
WETH not recognized as Native when using X2Y2 adapter

#424 code423n4 closed 1 year ago
2
ChainLink price calls a deprecated API

#423 code423n4 closed 1 year ago
4
Gas Optimizations

#422 code423n4 closed 1 year ago
1
Pending Apecoin staking reward does not count towards the total collateral value when calculating account health factor.

#421 code423n4 closed 1 year ago
4

Previous Next