code-423n4 2022-11-size-findings issues

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`baseToken` AND `quoteToken` CAN BE THE SAME ERC20 TOKENS, RESULTING IN TRICKING BIDDERS TO LOSE THEIR TOKENS

#189 code423n4 closed 2 years ago
2
Gas Optimizations

#188 code423n4 closed 2 years ago
1
Gas Optimizations

#187 code423n4 opened 2 years ago
1
Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created

#186 code423n4 closed 2 years ago
2
seller can change `lowestBase`and `lowestQuote` and the seller can make it diffrent values causing a dos or loss of funds

#185 code423n4 closed 2 years ago
2
QA Report

#184 code423n4 opened 2 years ago
1
QA Report

#183 code423n4 opened 2 years ago
1
Gas Optimizations

#182 code423n4 opened 2 years ago
1
QA Report

#181 code423n4 closed 2 years ago
1
Attacker can bid 1000 times to not allow anyone else beat his price

#180 code423n4 closed 2 years ago
5
Arbitrage Opportunity for Non-Sellers

#179 code423n4 closed 2 years ago
3
Use of `abi.encodePacked` on `SizeSealed.computeMessage` can cause auctions to never finalize

#178 code423n4 closed 2 years ago
1
Contracts will not working correctly after February 2106. Vesting will be locked forever if withdrawn after February 2106.

#177 code423n4 closed 2 years ago
2
Gas Optimizations

#176 code423n4 closed 2 years ago
1
Gas Optimizations

#175 code423n4 closed 2 years ago
1
QA Report

#174 code423n4 opened 2 years ago
1
Seller do not have any punishment for not finalizing auction

#173 code423n4 closed 2 years ago
3
Gas Optimizations

#172 code423n4 closed 2 years ago
1
Attacker can drain the SizeSealed.sol contract.

#171 code423n4 closed 2 years ago
3
Seller can choose best prices

#170 code423n4 closed 1 year ago
9
Bid does not account for possible ERC20 transfer fee

#169 code423n4 closed 2 years ago
4
QA Report

#168 code423n4 closed 2 years ago
1
Malicious seller can steal from bidders.

#167 code423n4 closed 2 years ago
3
BaseAmount value could cause overflow

#166 code423n4 closed 2 years ago
1
Division by zero

#165 code423n4 closed 2 years ago
3
Bid can be cancelled after being finalized

#164 code423n4 closed 2 years ago
4
Crowding Out Competition

#163 code423n4 closed 2 years ago
3
Auction can be cancelled after being finalized

#162 code423n4 closed 2 years ago
3
QA Report

#161 code423n4 closed 2 years ago
1
Gas Optimizations

#160 code423n4 opened 2 years ago
1
QA Report

#159 code423n4 closed 2 years ago
1
Gas Optimizations

#158 code423n4 closed 2 years ago
1
Gas Optimizations

#157 code423n4 opened 2 years ago
1
QA Report

#156 code423n4 closed 2 years ago
1
Gas Optimizations

#155 code423n4 opened 2 years ago
1
ecMul is used with 6000 gas which will fail if gas prices increase

#154 code423n4 closed 2 years ago
1
QA Report

#153 code423n4 opened 2 years ago
1
The bids are open for replay attacks from smart contracts

#152 code423n4 closed 2 years ago
3
Gas Optimizations

#151 code423n4 closed 2 years ago
1
Miss check if pubKey is valid when 'createAuction()'

#150 code423n4 closed 2 years ago
2
Gas Optimizations

#149 code423n4 closed 2 years ago
1
Users can bid on auctions that has been cancelled

#148 code423n4 closed 2 years ago
1
Sellers may reuse revealed keypairs

#147 code423n4 closed 2 years ago
4
Missing check for `quoteToken` existence

#146 code423n4 closed 2 years ago
2
Auctions are incompatible with positive-rebasing tokens

#145 code423n4 closed 2 years ago
2
Last bidder can win some base token without paying in edge cases

#144 code423n4 closed 1 year ago
6
Private key nomenclature inconsistency

#143 code423n4 closed 2 years ago
1
createAuction() does not prevent use the old pubKey, which may lead to transparent bidding

#142 code423n4 closed 2 years ago
2
finalize() use malicious clearingQuote can steal token

#141 code423n4 closed 2 years ago
3
QA Report

#140 code423n4 closed 2 years ago
1

Previous Next