issues
search
code-423n4
/
2022-11-redactedcartel-findings
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Gas Optimizations
#368
code423n4
opened
1 year ago
1
Gas Optimizations
#367
code423n4
closed
1 year ago
1
QA Report
#366
code423n4
closed
1 year ago
1
Use Of block.timestamp Can Result In Attacker Manipulating His/Her Rewards In Their Favour
#365
code423n4
closed
1 year ago
2
QA Report
#364
code423n4
opened
1 year ago
1
Gas Optimizations
#363
code423n4
closed
1 year ago
2
Lack Of Proper Access Control Might Lead To User Getting Lesser Rewards
#362
code423n4
closed
1 year ago
2
Add reward token existence check in order to avoid user reward lost.
#361
code423n4
closed
1 year ago
4
QA Report
#360
code423n4
opened
1 year ago
1
QA Report
#359
code423n4
opened
1 year ago
1
QA Report
#358
code423n4
closed
1 year ago
1
Gas Optimizations
#357
code423n4
opened
1 year ago
2
QA Report
#356
code423n4
closed
1 year ago
1
Gas Optimizations
#355
code423n4
closed
1 year ago
2
QA Report
#354
code423n4
opened
1 year ago
1
QA Report
#353
code423n4
opened
1 year ago
1
Gas Optimizations
#352
code423n4
opened
1 year ago
1
Gas Optimizations
#351
code423n4
closed
1 year ago
1
QA Report
#350
code423n4
opened
1 year ago
1
Division by zero could cause DOS in function `harvest()` and `claim()` in PirexRewards contract
#349
code423n4
closed
1 year ago
4
The compound() function is used with a fixed amountOutMinimum value
#348
code423n4
closed
1 year ago
4
QA Report
#347
code423n4
opened
1 year ago
1
A malicious user might call `AutoPxGmx.compound()` with a higher fee than `poolFee`.
#346
code423n4
closed
1 year ago
6
`AutoPxGlp.compound()` might revert forever if `gmxBaseReward` is not whitelisted.
#345
code423n4
closed
1 year ago
2
`platform` should be approved again after it's changed by the admin.
#344
code423n4
closed
1 year ago
2
Unexpected return values for some sets of parameters passed into _computeAssetAmounts
#343
code423n4
closed
1 year ago
2
Gas Optimizations
#342
code423n4
closed
1 year ago
1
Gas Optimizations
#341
code423n4
opened
1 year ago
1
Incentive fund loss when calling claim() in AutoPxGlp/PxGmxRewards because it calls this.compound(,,true) which would transfer incentive to contract itself and those funds won't be calculated as rewards or fee and won't be accessible to withdraw
#340
code423n4
closed
1 year ago
2
Attackers can manipulate ERC4626 price per share to take an unfair share of future users
#339
code423n4
closed
1 year ago
4
Verification on contract/address is too loose, which may lead to serious implication
#338
code423n4
closed
1 year ago
2
QA Report
#337
code423n4
closed
1 year ago
1
QA Report
#336
code423n4
closed
1 year ago
1
Contract `AutoPxGmx`: Any user can exploit compound incentive rewards by calling `AutoPxGmx.compound()`
#335
code423n4
closed
1 year ago
2
Variable used before assignation on function `beforeDeposit`
#334
code423n4
closed
1 year ago
2
Contract `AutoPxGlp`: Any user can exploit compound incentive rewards by calling `AutoPxGlp.compound()`
#333
code423n4
closed
1 year ago
2
QA Report
#332
code423n4
closed
1 year ago
2
First depositor who is a whale account can deny later depositors who are smaller accounts from using `AutoPxGmx` contract, such as for depositing GMX for apxGMX
#331
code423n4
closed
1 year ago
4
QA Report
#330
code423n4
opened
1 year ago
1
Anybody can claim reward on behalf of anyone else.
#329
code423n4
closed
1 year ago
3
Gas Optimizations
#328
code423n4
closed
1 year ago
1
`AutoPxGmx.compound` function can be directly called with a `fee` input value that is not the configured Uniswap pool fee
#327
code423n4
closed
1 year ago
5
QA Report
#326
code423n4
opened
1 year ago
2
Gas Optimizations
#325
code423n4
opened
1 year ago
3
User can continuosly accrue rewards they are not due
#324
code423n4
closed
1 year ago
1
Gas Optimizations
#323
code423n4
opened
1 year ago
3
Functions like `AutoPxGmx.withdraw` and `AutoPxGmx.redeem` do not provide effective slippage control
#322
code423n4
closed
1 year ago
4
fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be executed for those rewards
#321
code423n4
opened
1 year ago
4
PirexRewards.sol removeRewardToken can potentially break the rewardTokens array
#320
code423n4
closed
1 year ago
2
Gas Optimizations
#319
code423n4
closed
1 year ago
1
Previous
Next