code-423n4 2022-12-prepo-findings issues

code-423n4 / 2022-12-prepo-findings

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> M from #163 [1671458931869]

#340 c4-judge closed 1 year ago
2
Upgraded Q -> M from #201 [1671458492331]

#339 c4-judge closed 1 year ago
2
Upgraded Q -> M from #334 [1671456734920]

#338 c4-judge closed 1 year ago
2
Upgraded Q -> M from #315 [1671270502271]

#337 c4-judge closed 1 year ago
2
QA Report

#336 code423n4 closed 1 year ago
1
Misconfigured or malicious MANAGER Can drain, lose or steal ALL of the collateral.

#335 code423n4 closed 1 year ago
2
QA Report

#334 code423n4 opened 1 year ago
4
Collateral tokens with small amount of decimals will not work

#333 code423n4 opened 1 year ago
4
Insufficient support for fee-on-transfer type of ERC20

#332 code423n4 closed 1 year ago
4
Unsafe usage of ERC20 methods

#331 code423n4 closed 1 year ago
2
Collateral can be easily stolen by hacked or malicious protocol owners

#330 code423n4 closed 1 year ago
3
Users can get free collateral when using non-reverting on failure baseTokens

#329 code423n4 closed 1 year ago
7
Gas Optimizations

#328 code423n4 opened 1 year ago
2
QA Report

#327 code423n4 opened 1 year ago
2
depositAndTrade::exactInputSingleParams the possible return values not checked

#326 code423n4 closed 1 year ago
2
user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract

#325 code423n4 closed 1 year ago
4
Gas Optimizations

#324 code423n4 opened 1 year ago
2
Mint might result in too few tokens minted

#323 code423n4 closed 1 year ago
2
Ability to redeem excess collateral

#322 code423n4 closed 1 year ago
3
Gas Optimizations

#321 code423n4 closed 1 year ago
4
Storage collision in Collateral.sol

#320 code423n4 closed 1 year ago
2
`depositAndTrade` function is incomplete & does not use returnValue of UniswapV3 router

#319 code423n4 closed 1 year ago
2
QA Report

#318 code423n4 closed 1 year ago
1
unsafe transfer/TransferFrom breaks functionality of Collateral.sol

#317 code423n4 closed 1 year ago
3
Malicious users can easily bypass the score requirements in deposit, contrary to system design

#316 code423n4 closed 1 year ago
2
Compromised manager + Withdraw hook manager can steal entire Collateral.sol reserves.

#315 code423n4 closed 1 year ago
5
Admin may take non-fee baseTokens from Collateral.sol

#314 code423n4 closed 1 year ago
4
Misordered and insufficient rewarding of protocol users

#313 code423n4 closed 1 year ago
9
POSSIBLE FRONTRUNNING ATTACK ON MINTING LONG/SHORT POSITIONS

#312 code423n4 closed 1 year ago
5
Permanent freeze of yield when TokenSender rewards bank is depleted and deposit or withdraw is called.

#311 code423n4 closed 1 year ago
7
A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

#310 code423n4 opened 1 year ago
4
User can burn their tokens outside of redeem

#309 code423n4 opened 1 year ago
5
User's supplied tokens may be swallowed and no collateral tokens given when using underlying ERC20 with above 18 decimals

#308 code423n4 closed 1 year ago
2
Owner can rug PrePOMarket using re-initialized finalLongPayout.

#307 code423n4 closed 1 year ago
3
Gas Optimizations

#306 code423n4 closed 1 year ago
2
Admin has excessive privilege and can freeze PrePOMarket withdrawals indefinitely.

#305 code423n4 closed 1 year ago
5
User may burn Short or Long tokens, losing any claim of collateral tokens and causing leak of value.

#304 code423n4 closed 1 year ago
2
User can cut the fees paid in deposit and withdraw functions in half.

#303 code423n4 closed 1 year ago
2
Infinite approval given to `DepositTradeHelper` contract can be misused by malicious actors

#302 code423n4 closed 1 year ago
3
QA Report

#301 code423n4 opened 1 year ago
1
Long and short tokens can continue to be minted even after expiry

#300 code423n4 closed 1 year ago
2
QA Report

#299 code423n4 closed 1 year ago
1
QA Report

#298 code423n4 opened 1 year ago
1
Potential denial of Service to an existing LP if protocol owner resets the `AccountList`

#297 code423n4 closed 1 year ago
4
QA Report

#296 code423n4 closed 1 year ago
1
Gas Optimizations

#295 code423n4 closed 1 year ago
1
Deposit record does not update properly for withdrawals

#294 code423n4 closed 1 year ago
4
Inconsistent implementation of `expiryTime` in PrePOMarket

#293 code423n4 closed 1 year ago
2
QA Report

#292 code423n4 opened 1 year ago
1
Permit should not approve type(uint256).max

#291 code423n4 closed 1 year ago
2