issues
search
code-423n4
/
2023-04-caviar-findings
9
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
There is no check for the protocolFeeRate limit in the Factory contract
#958
code423n4
closed
1 year ago
3
Oracle could possibly flag stolen NFT after the NFT already was sold to the pool which leads to non-trivial impact
#957
code423n4
closed
1 year ago
2
The Factory logic of `predictPoolDeploymentAddress()` may be broken if the `privatePoolImplementation` is changed
#956
code423n4
closed
1 year ago
7
No router for PrivatePools with ERC20 base token
#955
code423n4
closed
1 year ago
3
Anyone can withdraw any NFT from EthRouter
#954
code423n4
closed
1 year ago
4
QA Report
#953
code423n4
closed
1 year ago
3
No check for `minPrice` and `maxPrice` in the `deposit()` function
#952
code423n4
closed
1 year ago
9
QA Report
#951
code423n4
closed
1 year ago
1
`flashFee` is not applied correctly in the `flashLoan` function
#950
code423n4
closed
1 year ago
3
setVirtualReserves might lead to incorrect price values in PrivatePool.sol
#949
code423n4
closed
1 year ago
3
Manual NFT transferring can affect to the price
#948
code423n4
closed
1 year ago
4
Gas Optimizations
#947
code423n4
closed
1 year ago
1
Gas Optimizations
#946
code423n4
opened
1 year ago
2
Mismatch of NFT addresses between EthRouter and PrivatePool can lead to NFT theft
#945
code423n4
closed
1 year ago
8
Gas Optimizations
#944
code423n4
closed
1 year ago
1
Victims can be able to lost their Eth for no nft tokens by trusting wrong pool.
#943
code423n4
closed
1 year ago
3
INACCURATE ARITHMETIC OPERATION IN CHANGEFEEQUOTE
#942
code423n4
closed
1 year ago
2
A hacker can front-run the owner of a PrivatePool to drain the pool
#941
code423n4
closed
1 year ago
2
Constant product formula is not maintained in `deposit()` and `withdraw()` functions.
#940
code423n4
closed
1 year ago
2
Previous owner can steal all of the pool funds
#939
code423n4
closed
1 year ago
4
A royaltyFee recipient will steal funds via reentrancy attack from EthRouter
#938
code423n4
closed
1 year ago
3
Dangerous use of setVirtualReserves(), withdraw(), and execute() leads to incorrect configuration of PrivatePool
#937
code423n4
closed
1 year ago
5
Dangerous use of setVirtualReserves(), withdraw(), and execute() leads to incorrect configuration of PrivatePool
#936
code423n4
closed
1 year ago
2
Tokens with Fee on Transfer can break the PrivatePool invariant
#935
code423n4
closed
1 year ago
5
Tokens with Fee on Transfer can break the PrivatePool invariant
#934
code423n4
closed
1 year ago
2
Tokens with Fee on Transfer can break the PrivatePool invariant
#933
code423n4
closed
1 year ago
2
Gas Optimizations
#932
code423n4
closed
1 year ago
2
Shouldn't only EthRouter have access to this function for additional security?
#931
code423n4
closed
1 year ago
3
Creator fees may be burned
#930
code423n4
closed
1 year ago
6
Routing griefing via ERC-777 operator
#929
code423n4
closed
1 year ago
6
Slippage stealing via ERC-777 operator
#928
code423n4
closed
1 year ago
8
Gas Optimizations
#927
code423n4
closed
1 year ago
1
The function "deposit" in the private pool should check if the current prices is within the desired bounds inputted by the users. As the wrapper contract which makes this safely checks prior to depositing is only used for ether and not for ERC20 tokens.
#926
code423n4
closed
1 year ago
5
QA Report
#925
code423n4
closed
1 year ago
1
QA Report
#924
code423n4
closed
1 year ago
2
Royalty stealing
#923
code423n4
closed
1 year ago
8
Missing applying decimals in PrivatePool.flashFee
#922
code423n4
closed
1 year ago
3
Missing applying decimals in PrivatePool.flashFee
#921
code423n4
closed
1 year ago
2
what prevents private pool owner/user from depositing one or more NFTs into the pool using a nft parameter value different from the pool's nft variable value? I dont see any measures/checks to prevent this.
#920
code423n4
closed
1 year ago
3
EthRouter large positive slippage stealing via PrivatePool reconfiguration
#919
code423n4
closed
1 year ago
1
what prevents private pool owner/user from depositing one or more NFTs into the pool using a nft parameter value different from the pool's nft variable value? I dont see any measures/checks to prevent this.
#918
code423n4
closed
1 year ago
3
Misleading function can lead to fund loss
#917
code423n4
closed
1 year ago
3
PrivatePool ERC-20 allowance stealing via reconfiguration frontrunning
#916
code423n4
closed
1 year ago
1
The compartment should be closed to avoid confusion
#915
code423n4
closed
1 year ago
5
Incorrect virtual liquidity amount can result in NFTs becoming temporarily stuck
#914
code423n4
closed
1 year ago
4
Potential Reserve Manipulation through ERC721 Reentrancy
#913
code423n4
closed
1 year ago
5
Pool owners can frontrun buys and sells
#912
code423n4
closed
1 year ago
1
QA Report
#911
code423n4
closed
1 year ago
1
PrivatePool ERC-20 allowance stealing via execute()
#910
code423n4
closed
1 year ago
2
Gas Optimizations
#909
code423n4
closed
1 year ago
1
Previous
Next