issues
search
code-423n4
/
2023-01-popcorn-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
`BeefyAdapter._protocolWithdraw()` can revert for some boosters
#803
code423n4
closed
1 year ago
3
`AdapterBase.accruedPerformanceFee` does not work with tokens with low decimals
#802
code423n4
closed
1 year ago
7
Missed `owner` accrual in MultiRewardStaking `_withdraw()` leads to reward loss
#801
code423n4
closed
1 year ago
4
MultiStakingReward.sol assumes all RewardTokens are in 18 decimal places
#800
code423n4
closed
1 year ago
2
Out of gas for view function
#799
code423n4
closed
1 year ago
2
Incorrect computation in MultiRewardStaking `changeRewardSpeed()` leads to loss of rewards
#798
code423n4
closed
1 year ago
7
Gas Optimizations
#797
code423n4
closed
1 year ago
1
QA Report
#796
code423n4
opened
1 year ago
1
QA Report
#795
code423n4
opened
1 year ago
1
AdminProxy should do some extra security checks
#794
code423n4
closed
1 year ago
2
User might pay higher fees than intended in MultiRewardEscrow
#793
code423n4
opened
1 year ago
3
lack of cooldown period for Yearn adapter operation.
#792
code423n4
closed
1 year ago
2
Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of `supplierDelta`
#791
code423n4
opened
1 year ago
3
Missing owner check in function addTemplate in DeploymentController
#790
code423n4
closed
1 year ago
3
QA Report
#789
code423n4
closed
1 year ago
1
Overflow tokens
#788
code423n4
closed
1 year ago
2
Delegatecall can silently fail when Adapter calls harvest() Strategy.
#787
code423n4
opened
1 year ago
3
Stragety withdrawal fee estimation is not accurate in BeefyAdapter.sol
#786
code423n4
opened
1 year ago
5
`quitPeriod` is effectively always just `1 day`
#785
code423n4
opened
1 year ago
3
`takeManagementAndPerformanceFees` calculates fees incorrectly
#784
code423n4
closed
1 year ago
3
Incorrect feeShares due to rounding down
#783
code423n4
closed
1 year ago
2
user can bypass `managementFee` by front running fee collection with a withdraw then deposit
#782
code423n4
closed
1 year ago
3
FEE ON TRANSFER TOKENS UNSUPPORTED IN VAULT.SOL
#781
code423n4
closed
1 year ago
3
`Vault::takeFees` can be front run to minimize `accruedPerformanceFee`
#780
code423n4
opened
1 year ago
4
QA Report
#779
code423n4
opened
1 year ago
1
Sync of highWaterMark can be used to avoid performance fees
#778
code423n4
closed
1 year ago
3
anyone can set fees to `0` after deploy
#777
code423n4
closed
1 year ago
3
Token implementation in not fully up to EIP-4626 specification
#776
code423n4
opened
1 year ago
4
reentrancy in `MultiRewardStaking::claimRewards` for tokens with transfer callbacks, like erc777
#775
code423n4
closed
1 year ago
4
`managementFee` is unfair and can be used to steal stakers deposits
#774
code423n4
closed
1 year ago
2
HarvestCooldown can be bypassed because lastHarvest is never updated, leading to potential risk of funds depending on the strategy attached.
#773
code423n4
closed
1 year ago
3
QA Report
#772
code423n4
closed
1 year ago
1
inital share manipulation attack possible in Vault
#771
code423n4
closed
1 year ago
3
Trade in Uniswap V2 can be very sub-optimal
#770
code423n4
closed
1 year ago
2
Attach non-endorsed Adapter to Vaults resulting in DOS
#769
code423n4
closed
1 year ago
3
Gas Optimizations
#768
code423n4
opened
1 year ago
1
Gas Optimizations
#767
code423n4
closed
1 year ago
1
Gas Optimizations
#766
code423n4
closed
1 year ago
1
Gas Optimizations
#765
code423n4
opened
1 year ago
2
QA Report
#764
code423n4
closed
1 year ago
1
Race condition enabled by external claim method
#763
code423n4
closed
1 year ago
3
Anyone can bypass the cooldown period and call harvest multiple times
#762
code423n4
closed
1 year ago
5
Changing reward speed calculates wrong rewardsEndTimestamp
#761
code423n4
closed
1 year ago
10
Gas Optimizations
#760
code423n4
opened
1 year ago
1
Lack of slippage check when perform V2 Uniswap V2 trade in Pool2SingleAssetCompounder
#759
code423n4
closed
1 year ago
2
claimRewards is not re-entrancy safe.
#758
code423n4
closed
1 year ago
4
RewardTokens can be locked in MultiRewardStaking contract when the rewardsEndTimestamp of the rewardsTokens are different.
#757
code423n4
closed
1 year ago
2
Gas Optimizations
#756
code423n4
closed
1 year ago
1
QA Report
#755
code423n4
closed
1 year ago
1
Anyone can add templates
#754
code423n4
closed
1 year ago
2
Previous
Next