issues
search
code-423n4
/
2022-12-backed-findings
1
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> M from #216 [1673172689834]
#305
c4-judge
closed
1 year ago
2
Upgraded Q -> M from #172 [1673039408650]
#304
c4-judge
closed
1 year ago
3
Upgraded Q -> M from #188 [1671981716625]
#302
c4-judge
closed
1 year ago
1
function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval
#301
code423n4
closed
1 year ago
3
Signature mallebaility in underwritePriceForCollateral
#300
code423n4
closed
1 year ago
2
Gas Optimizations
#299
code423n4
closed
1 year ago
1
totalCollateralValue in maxDebt may not be calculated correctly everytime
#298
code423n4
closed
1 year ago
2
A BETTER APPROACH TO REVERTING CODE LINES ON _ADDCOLLATERALTOVAULT() AND _REMOVECOLLATERAL()
#297
code423n4
closed
1 year ago
1
Contract owner can drain all NFT collateral
#296
code423n4
closed
1 year ago
1
`PaprController.sol` doesn't support ERC20 Tokens with fee on transfer in `increaseDebtAndSell()`
#295
code423n4
closed
1 year ago
3
QA Report
#294
code423n4
closed
1 year ago
1
QA Report
#293
code423n4
closed
1 year ago
1
QA Report
#292
code423n4
opened
1 year ago
2
Potential DOS in `removeCollateral`
#291
code423n4
closed
1 year ago
1
QA Report
#290
code423n4
closed
1 year ago
1
Early NFT collections such as CryptoPunks and MoonCats can not be used as a collateral
#289
code423n4
closed
1 year ago
2
When liquidation is not locked, anyone can liquidate another persons' collateral
#288
code423n4
closed
1 year ago
1
Gas Optimizations
#287
code423n4
closed
1 year ago
1
code doesn't check that the Uniswap pool is not exist and if attacker creates the uniswap pool before hand with calculatable papr address and underlying address and exact fee amount, then the deployment transaction would fail always
#286
code423n4
closed
1 year ago
3
Malicious user able to start auction to any NFT
#285
code423n4
closed
1 year ago
1
NFT owner only is allowed for liquidation, this may not work for all the cases, the debt can be insolvent
#284
code423n4
closed
1 year ago
2
QA Report
#283
code423n4
opened
1 year ago
3
QA Report
#282
code423n4
closed
1 year ago
1
PaprTokens may stuck in the contract, `rescue` functionality is desirable
#281
code423n4
closed
1 year ago
4
PaprController.removeCollateral() only takes the price of the first collateral to determine whether the NFTs can be withdrawn
#280
code423n4
closed
1 year ago
1
ReservoirOracleUnderwriter.sol: signature is not followig the standard process which will lead to signature related issues like replay attack.
#279
code423n4
opened
1 year ago
8
Gas Optimizations
#278
code423n4
closed
1 year ago
1
QA Report
#277
code423n4
closed
1 year ago
1
function underwritePriceForCollateral() uses message.timestamp > block.timestamp to validate oracle message timestamp but it can create MEV as miners can control block.timestamp and revert some of the user's transactions
#276
code423n4
closed
1 year ago
1
if msg.sender != account, then msg.sender double pays in buyAndReduceDebt
#275
code423n4
closed
1 year ago
4
Gas Optimizations
#274
code423n4
opened
1 year ago
1
Gas Optimizations
#273
code423n4
opened
1 year ago
1
Protocol faces truncation issue in some places due to solidity integer division
#272
code423n4
closed
1 year ago
2
Wrong implemention of ERC721TokenReceiver interface leads to incorrect collateral ownership and NFT loss
#271
code423n4
closed
1 year ago
3
PaprController should not pay the swap fee in buyAndReduceDebt
#270
code423n4
closed
1 year ago
3
SOLMATE SAFETRANSFER AND SAFETRANSFERFROM DOES NOT CHECK THE CODESIZE OF THE TOKEN ADDRESS, WHICH MAY LEAD TO FUND LOSS
#269
code423n4
closed
1 year ago
1
QA Report
#268
code423n4
opened
1 year ago
3
The count should be reduced in PaprController.sol#purchaseLiquidationAuctionNFT instead of in PaprController.sol#startLiquidationAuction
#267
code423n4
opened
1 year ago
8
incorrect message signer check in ecrecover() and no validation for oracleSigner which would cause all the unsigned messagess to be considered asvalid ones
#266
code423n4
closed
1 year ago
2
QA Report
#265
code423n4
closed
1 year ago
1
There is no way to extract fees when someones wants to reduce a debt by paying with underlying tokens
#264
code423n4
closed
1 year ago
3
Faulty fee handling in `buyAndReduceDebt`
#263
code423n4
closed
1 year ago
3
code doesn't check that To address is not 0x0 in contract function, if user call contract's function with wrong value he would lose his funds
#262
code423n4
closed
1 year ago
1
Gas Optimizations
#261
code423n4
opened
1 year ago
1
Start an auction without an NFT
#260
code423n4
closed
1 year ago
2
QA Report
#259
code423n4
opened
1 year ago
1
Operator can buy papr with PaprController as the debtor.
#258
code423n4
closed
1 year ago
5
Potential Denial of Service for PaprController.addCollateral
#257
code423n4
closed
1 year ago
1
QA Report
#256
code423n4
opened
1 year ago
1
user fund loss because function purchaseLiquidationAuctionNFT() take extra liquidation penalty when user's last collateral is liquidated, (set wrong value for maxDebtCached when isLastCollateral is true)
#255
code423n4
opened
1 year ago
7
Next