code-423n4 2023-03-mute-findings issues

code-423n4 / 2023-03-mute-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #17 [1681332048307]

#50 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #17 [1680620822176]

#48 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #17 [1680620718364]

#47 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #44 [1680620528235]

#46 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #13 [1680615156614]

#45 c4-judge closed 1 year ago
3
QA Report

#44 code423n4 opened 1 year ago
1
Gas Optimizations

#43 code423n4 opened 1 year ago
1
Logic for RescueTokens is incorrect for muteTokens

#42 code423n4 closed 1 year ago
2
Award is still distributed when there aren't any stakers, allowing users to get reward without staking

#41 code423n4 opened 1 year ago
11
QA Report

#40 code423n4 opened 1 year ago
2
`dripsInfo` is not correct when there is no deposit

#39 code423n4 closed 1 year ago
6
QA Report

#38 code423n4 opened 1 year ago
1
The first stake is possible after endTime

#37 code423n4 closed 1 year ago
2
A user can 'borrow' dMute balance for a single block to increase their amplifier APY

#36 code423n4 opened 1 year ago
5
A malicious frontrunner can make the `Mutebond` contract broken when the owner decreases `maxPayout`

#35 code423n4 closed 1 year ago
4
In `MuteBond.deposit()`, users might deposit more LPs than they expected by a malicious user

#34 code423n4 closed 1 year ago
3
`MuteAmplifier.rescueTokens()` should check conditions for fee tokens(token0/token1) as well

#33 code423n4 closed 1 year ago
3
`MuteAmplifier.rescueTokens()` checks the wrong condition for `muteToken`

#32 code423n4 opened 1 year ago
4
Gas Optimizations

#31 code423n4 opened 1 year ago
2
Params of Lien struct are not emitted when lien is created making it difficult to track

#30 code423n4 closed 1 year ago
1
Function `takeBid()` allows attacker to sell any collateral NFT that deposited through function `borrowToBuy()`

#29 code423n4 closed 1 year ago
1
Attacker can steal the locked NFT in protocol because of lacking check in function `borrowToBuy()`

#28 code423n4 closed 1 year ago
1
Attacker can take a loan offer without providing the NFT from requested collection by using function `borrowerRefinance()`

#27 code423n4 closed 1 year ago
1
Owner lowering max payout might break the MuteBonds contract

#26 code423n4 closed 1 year ago
2
Bond max-buyer might end up buying the max buy of the next epoch

#25 code423n4 opened 1 year ago
4
Attacker can front-run Bond buyer and make them buy it for a lower payout than expected

#24 code423n4 opened 1 year ago
5
An edge case in amplifier allows user to stake after end time, causing reward to be locked in the contract

#23 code423n4 opened 1 year ago
4
MuteBond is susceptible to DOS

#22 code423n4 opened 1 year ago
4
Amplifier users might not get all the LP fees they are entitled to

#21 code423n4 opened 1 year ago
2
Malicious user can force victims to waste a lot of gas when they redeem their dMute

#20 code423n4 closed 1 year ago
8
MuteAmplifier.sol: multiplier calculation is incorrect which leads to loss of rewards for almost all stakers

#19 code423n4 opened 1 year ago
4
MuteAmplifier.sol: rescueTokens function does not prevent fee tokens from being transferred

#18 code423n4 opened 1 year ago
4
QA Report

#17 code423n4 opened 1 year ago
2
No slippage control for deposit() with the impact that a user deposits with expected high bond price might end up a deposit with the lowest bond price.

#16 code423n4 closed 1 year ago
11
There is a race condition betweeen MuteBond#setEpochDuration() and MuteBond#deposit()

#15 code423n4 closed 1 year ago
6
MuteBond.sol: When maxPayout is lowered the contract can end up DOSed

#14 code423n4 opened 1 year ago
3
MuteBond.sol: deposit function allows no control for payout and value which leads to unexpected purchases of bonds

#13 code423n4 closed 1 year ago
6
An attacker can lower the price of another depositor() by frontrunning

#12 code423n4 closed 1 year ago
3
An attacker can front-run setMaxPayout() and freeze deposit() and the whole protocol from progressing in epochs.

#11 code423n4 closed 1 year ago
4
A staker might be still be able to stake after staking is over.

#10 code423n4 closed 1 year ago
2
MuteBond.sol: price discount can be manipulated which undermines its purpose of reflecting demand

#9 code423n4 closed 1 year ago
5
deposit() might fail to enforce the minimum ``payout`` constraint near the end of an epoch.

#8 code423n4 opened 1 year ago
5
MuteBond.sol: deposit function reverts if remaining payout is very small due to >0 check in dMute.LockTo function

#7 code423n4 closed 1 year ago
2
dMute.sol: Attacker can push lock items to victim's array such that redemptions are forever blocked

#6 code423n4 opened 1 year ago
7
QA Report

#5 code423n4 opened 1 year ago
2
Division-before-multiplication precision loss issue for update()

#4 code423n4 opened 1 year ago
10
DOS attack to RedeemTo() and GetUnderlyingTokens(), leading to loss of funds.

#3 code423n4 closed 1 year ago
4
Gas Optimizations

#2 code423n4 opened 1 year ago
1
Agreements & Disclosures

#1 code423n4 opened 1 year ago
0