code-423n4 2022-12-caviar-findings issues

code-423n4 / 2022-12-caviar-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

there is no check for ensure closeTimestamp is not bigger than timestamp

#509 code423n4 closed 1 year ago
2
Tokens are expected to have 18 decimals but not all have them

#508 code423n4 closed 1 year ago
2
User will often overpay when adding liquidity

#507 code423n4 closed 1 year ago
7
Pair.sol contract is susceptible to having its pricing curve (x*y = k) manipulated through a 3rd party contract calling selfdestruct() and forwarding ether.

#506 code423n4 closed 1 year ago
6
`Pair.sol` has payable functions with no way of withdrawing that ether

#505 code423n4 closed 1 year ago
2
QA Report

#504 code423n4 closed 1 year ago
1
QA Report

#503 code423n4 closed 1 year ago
1
there is no max value for min lp in add function

#502 code423n4 closed 1 year ago
2
The validity of the NFT id is not checked while unwrapping

#501 code423n4 closed 1 year ago
6
Frontrunning initial liquidity adding

#500 code423n4 closed 1 year ago
3
`NFTADD()` STAKERS COULD HAVE THEIR LIQUIDITY TRAPPED IN THE CONTRACT

#499 code423n4 closed 1 year ago
8
in `add` function forgot to add not zero for minimum lp

#498 code423n4 closed 1 year ago
2
LP token is vulnerable to flashloan manipulation

#497 code423n4 closed 1 year ago
2
Gas Optimizations

#496 code423n4 opened 1 year ago
1
Early user can break the minting of LP Tokens

#495 code423n4 closed 1 year ago
4
QA Report

#494 code423n4 opened 1 year ago
1
Invalid tokens can be added to the pair

#493 code423n4 closed 1 year ago
4
QA Report

#492 code423n4 opened 1 year ago
1
Gas Optimizations

#491 code423n4 opened 1 year ago
1
Using safeTransferFrom() Functions But without Getting the Approval

#490 code423n4 closed 1 year ago
2
QA Report

#489 code423n4 closed 1 year ago
1
ERC20 TOKENS WITH DIFFERENT DECIMALS THAN 18 MAY BREAK THE LOGIC AND PROVIDE UNEXPECTED RESULTS

#488 code423n4 closed 1 year ago
4
MISSING HANDLE FOR DIRECT SEND OF TOKEN

#487 code423n4 closed 1 year ago
2
QA Report

#486 code423n4 opened 1 year ago
1
First depositor can break the price of shares

#485 code423n4 closed 1 year ago
5
LP pricing formula is vulnerable to flash loan manipulation

#484 code423n4 closed 1 year ago
2
Centralization Risks, Rug pull vectors

#483 code423n4 closed 1 year ago
2
Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

#482 code423n4 closed 1 year ago
13
buyQuote should be rounded up

#481 code423n4 closed 1 year ago
3
PRICES CAN BE MANIPULATED WHEN LIQUIDITY IS VERY LOW

#480 code423n4 closed 1 year ago
2
Possible Reentrancy Vulnerability

#479 code423n4 closed 1 year ago
2
QA Report

#478 code423n4 closed 1 year ago
1
xyk invariant does not hold after calls to buy() and sell()

#477 code423n4 closed 1 year ago
3
Users could receive 0 LPTokens when calling ```add```

#476 code423n4 closed 1 year ago
4
Gas Optimizations

#475 code423n4 closed 1 year ago
1
Pair.sol:close() does not recover any of the base token / liquidity tokens before destroying it

#474 code423n4 closed 1 year ago
8
Price manipulation by sending Ether

#473 code423n4 closed 1 year ago
6
(*POTENTIAL DUPLICATE) `unwrap` function can be exploited to exchange lower priced NFT's for higher priced counterparts

#472 code423n4 closed 1 year ago
4
MEV searchers can capture slippage tolerance on pool creation

#471 code423n4 closed 1 year ago
2
A malicious early user/attacker can manipulate the lpToken's pricePerShare to take an unfair share of future users' deposits

#470 code423n4 closed 1 year ago
2
Pair.sol can be manipulated to affect small liquidity providers.

#469 code423n4 closed 1 year ago
3
QA Report

#468 code423n4 closed 1 year ago
1
QA Report

#467 code423n4 closed 1 year ago
1
QA Report

#466 code423n4 closed 1 year ago
1
User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount

#465 code423n4 closed 1 year ago
2
Gas Optimizations

#464 code423n4 opened 1 year ago
1
## MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT

#463 code423n4 closed 1 year ago
2
Pair contract can transfer tokens that are not approved

#462 code423n4 closed 1 year ago
5
`unwrap` function in `Pair.sol` can be exploited by a malicious user to exchange less expensive NFT's for more expensive ones in the pool

#461 code423n4 closed 1 year ago
3
Rounding down leads to breakage of the xy curve calculation

#460 code423n4 closed 1 year ago
3