code-423n4 2022-12-Stealth-Project-findings issues

code-423n4 / 2022-12-Stealth-Project-findings

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> M from #100 [1674425909347]

#112 c4-judge opened 1 year ago
2
QA Report

#111 code423n4 opened 1 year ago
1
Pool calls to `toScale` can revert

#110 code423n4 closed 1 year ago
3
ADDITIONAL INPUT TOKENS WILL NOT BE REIMBURSED WHEN SWAPPING

#109 code423n4 opened 1 year ago
6
Changes not being stored in `Delta.sol`

#108 code423n4 closed 1 year ago
2
Overflow in BinMap can break pool

#107 code423n4 closed 1 year ago
5
Gas Optimizations

#106 code423n4 opened 1 year ago
1
TWA update is not correct

#105 code423n4 opened 1 year ago
3
Unnecessary loss of accuracy in calculation of end sqrt price

#104 code423n4 closed 1 year ago
4
Aggregated reserve amounts should be used instead of the first valid tick liquidity

#103 code423n4 closed 1 year ago
4
Inconsistency with the document: unnecessary bins are moved

#102 code423n4 closed 1 year ago
6
Merged status is not updated and bins are not reset.

#101 code423n4 closed 1 year ago
5
The calculation of LP token amount and deposit amount is wrong for edge cases

#100 code423n4 closed 1 year ago
5
NON-EXIXTENT TOKEN COULD LEAD TO LOSS OF FUNDS TO TRADERS

#99 code423n4 closed 1 year ago
3
QA Report

#98 code423n4 opened 1 year ago
1
Router can perform swaps, add/remove liquidity to pools that do not belong to the protocol.

#97 code423n4 closed 1 year ago
14
QA Report

#96 code423n4 opened 1 year ago
2
Gas Optimizations

#95 code423n4 opened 1 year ago
5
Incompatibility With Rebasing/Deflationary/Inflationary tokens

#94 code423n4 closed 1 year ago
2
Pool.sol : Lack of slippage protection for swap

#93 code423n4 closed 1 year ago
2
Pool prices can be greatly skewed and exploited

#92 code423n4 closed 1 year ago
5
A pair cannot be created with an ERC20 token that doesn't implement the optional decimals method

#91 code423n4 opened 1 year ago
3
Gas Optimizations

#90 code423n4 opened 1 year ago
1
Unsafe downcasting in TWA.sol truncate TWAP price

#89 code423n4 closed 1 year ago
5
Stale price is used after the lookup period is passed in TWA

#88 code423n4 closed 1 year ago
5
QA Report

#87 code423n4 opened 1 year ago
3
`PoolInspector.getActiveBins()` returns the wrong bins when it should return an empty array.

#86 code423n4 closed 1 year ago
4
`Pool._amountToBin()` returns a wrong value when `protocolFeeRatio = 100%`.

#85 code423n4 opened 1 year ago
2
There is no option to cancel an `EMERGENCY` mode.

#84 code423n4 closed 1 year ago
4
Slippage control of addLiquidity may go wrong

#83 code423n4 closed 1 year ago
4
TWA value might be incorrect because of wrong update in first lookback period

#82 code423n4 opened 1 year ago
7
Wrong logic of `Math.mulDiv()` can affect `adjustAB()` calculation and fee calculation when computing swap amount

#81 code423n4 closed 1 year ago
9
user can loose ETH when using ``Router::multicall``

#80 code423n4 closed 1 year ago
4
Gas Optimizations

#79 code423n4 opened 1 year ago
2
Deflationary token is not supported

#78 code423n4 opened 1 year ago
7
TWA Price should be updated in addLiquidity, removeLiqudity and swap and migrateBinsUpStack and transferLiquidity

#77 code423n4 closed 1 year ago
4
Pool creator can manipulate the price whatever they want

#76 code423n4 closed 1 year ago
2
Use wrong reserve values in `Pool.addLiquidity()`

#75 code423n4 closed 1 year ago
4
Inline assembly bug in solidity 0.8.13

#74 code423n4 opened 1 year ago
5
It is possible to create a Pool with any fee - tickSpacing combination which allows different attacks

#73 code423n4 opened 1 year ago
8
An excess of tokens sent in by traders not refunded in `swap()`

#72 code423n4 closed 1 year ago
4
QA Report

#71 code423n4 opened 1 year ago
2
Gas Optimizations

#70 code423n4 closed 1 year ago
2
Gas Optimizations

#69 code423n4 closed 1 year ago
4
Path cannot contain repeated pools in "exact output" swaps

#68 code423n4 closed 1 year ago
2
Liquidity cannot be removed by an approved address via Router

#67 code423n4 closed 1 year ago
2
Liquidity may be lost when sent to a non-existent token

#66 code423n4 opened 1 year ago
6
A finding that cannot be disclosed at the moment

#65 code423n4 opened 1 year ago
10
`exactInput` allows stealing of funds via a malicious pool contract

#64 code423n4 opened 1 year ago
12
Admin can call claim fee multiple times with no restriction

#63 code423n4 closed 1 year ago
5