code-423n4 2022-11-size-findings issues

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

QA Report

#239 code423n4 opened 2 years ago
1
Attacker may DOS any new auction by bidding all bid space and cancelling instantly

#238 code423n4 closed 2 years ago
2
Attacker may DOS auctions using invalid bid parameters

#237 code423n4 opened 2 years ago
7
A single bidder could force the result of the auction

#236 code423n4 closed 2 years ago
3
SizeSealed could not work with inflationary/deflationary/rebasing token as base token

#235 code423n4 closed 2 years ago
2
Gas Optimizations

#234 code423n4 closed 2 years ago
1
Bidder can DoS new bids

#233 code423n4 closed 2 years ago
4
QA Report

#232 code423n4 closed 2 years ago
1
quoteToken code existence not been checked can make bidder get baseToken for free.

#231 code423n4 closed 2 years ago
4
Gas Optimizations

#230 code423n4 closed 2 years ago
1
Gas Optimizations

#229 code423n4 opened 2 years ago
1
The auction can't be finalized if there are too many bids.

#228 code423n4 closed 2 years ago
2
QA Report

#227 code423n4 closed 2 years ago
1
Not support fee-on-transfer tokens

#226 code423n4 closed 2 years ago
2
Attacker can always spam `bid()` and DOS bidding if merkle proof is not used

#225 code423n4 closed 2 years ago
3
Quote refund can fail for some tokens, causing withdraw to fail

#224 code423n4 closed 1 year ago
8
Rebasing Token's increased token amount will be locked up forever

#223 code423n4 closed 2 years ago
2
Failed transfer with low level call could be overlooked

#222 code423n4 closed 2 years ago
2
Partial incompatibility With Rebasing/Deflationary/Inflationary tokens

#221 code423n4 closed 2 years ago
2
Quote token not checked for fees-on-transfer, can cause tokens to be stuck

#220 code423n4 closed 2 years ago
2
Occupation of all bids to prevent others from participating

#219 code423n4 closed 2 years ago
3
Incorrect logic to check for seen indices

#218 code423n4 closed 2 years ago
4
Gas Optimizations

#217 code423n4 closed 2 years ago
1
Gas Optimizations

#216 code423n4 opened 2 years ago
1
QA Report

#215 code423n4 opened 2 years ago
1
[PNM-003] `finalize` can be called by `bidders`, allows them to `cancelBid`

#214 code423n4 closed 2 years ago
3
[PNM-002] `finalize` with malicious input may lock bidder funds in the contract

#213 code423n4 closed 2 years ago
3
[PNM-001] `finalize` with malicious input may allow multiple calls leading to fund draining

#212 code423n4 closed 2 years ago
3
Gas Optimizations

#211 code423n4 opened 2 years ago
1
QA Report

#210 code423n4 closed 2 years ago
1
A malicious user could create a bid that would prevent an auction from being finalized

#209 code423n4 closed 1 year ago
16
Attacker can easily DOS any auction with `bid` function

#208 code423n4 closed 2 years ago
3
A malicious bidder can successfully bid the auction with lowest possible price for hot project, or make the auction fail by bidding the auction and then cancelling it, caused by 1000 bid limit

#207 code423n4 closed 2 years ago
2
`bid()` DOES NOT CHECK FOR TAX TOKENS WHERES `createAuction` CHECKS IT

#206 code423n4 closed 2 years ago
3
fee-on-transfer tokens used as quote tokens results in loss of funds for unsuccessfull bidders

#205 code423n4 closed 2 years ago
3
Wrong implement bitmap check of `BidIndices` in function `finalize`

#204 code423n4 closed 2 years ago
7
Safeguards needed to prevent against impossible vesting schedules

#203 code423n4 closed 2 years ago
2
Bidders can bid for canceled auctions

#202 code423n4 closed 2 years ago
2
Attacker can bid many times to prevent other bidders joining to the same auction

#201 code423n4 closed 2 years ago
3
Malicious seller can finalize his/her auction without changing `data.lowestQuote` , then auction's state will not be updated to `States.finalized` and this seller can repeat finalize or cancel auction to steal tokens from contract

#200 code423n4 closed 2 years ago
3
Auctioneer can set an extremely high reserveQuotePerBase so no one wins the bidding process

#199 code423n4 closed 2 years ago
2
Auctioneer can grief auction by not closing the auction

#198 code423n4 closed 2 years ago
4
Number of bids limited to 1000 can lead to clearing-price manipulation.

#197 code423n4 closed 2 years ago
3
A buyer could forbid an auction from being finalized by creating a bid with 0 base token

#196 code423n4 closed 2 years ago
3
QA Report

#195 code423n4 closed 2 years ago
1
Seller's ability to decrypt bids before reveal could result in a much higher clearing price than anticpated and make buyers distrust the system

#194 code423n4 opened 2 years ago
6
QA Report

#193 code423n4 opened 2 years ago
1
Auction created by ERC777 Tokens with tax can be stolen by re-entrancy attack

#192 code423n4 opened 2 years ago
6
Gas Optimizations

#191 code423n4 closed 2 years ago
1
Locking the bidder's fund even after the reveal period

#190 code423n4 closed 2 years ago
2

Previous Next