code-423n4 2023-05-ajna-findings issues

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

User should not be allowed to claim delegate rewards in challenge period

#308 code423n4 opened 1 year ago
5
Ajna Rewards Might Be Lost

#307 code423n4 closed 1 year ago
3
An Optimizer Bug in `PositionManager.getPositionIndexesFiltered`

#306 code423n4 opened 1 year ago
2
QA Report

#305 code423n4 closed 1 year ago
1
`PositionManager.memorializePositions` record the wrong amount of received LPs

#304 code423n4 closed 1 year ago
2
memorializePositions Function Lacks Auth

#303 code423n4 closed 1 year ago
5
Gas Optimizations

#302 code423n4 opened 1 year ago
1
Parameter change could lead to wrong calculations and unnecessary actions

#301 code423n4 closed 1 year ago
3
QA Report

#300 code423n4 opened 1 year ago
1
QA Report

#299 code423n4 opened 1 year ago
4
Execution functionality of `ExtraordinaryFunding` contract becomes unavailable after ten proposals have been executed

#298 code423n4 closed 1 year ago
3
`StandardFunding` contract's functionalities for proposals with positive `tokensRequested` can be DOS'ed for `_distributions[1]`

#297 code423n4 opened 1 year ago
5
Users are able to call `StandardFunding.claimDelegateReward` function to claim delegate rewards when `block.number` is end block of challenge period in which challenge period is not ended though they should not be allowed to do so

#296 code423n4 opened 1 year ago
3
`StandardFunding._getDelegateReward` function does not factor in votes used by user during screening stage for calculating user's delegate reward

#295 code423n4 opened 1 year ago
5
If a user owns 51% of non-treasury tokens, the user can take more than 1% of treasury tokens.

#294 code423n4 closed 1 year ago
4
User can receive 0 delegate reward though she or he should receive a positive amount of such reward

#293 code423n4 opened 1 year ago
8
No state change in `updateRewardsClaimed[curBurnEpoch]` even if there's not enough rewards to send

#292 code423n4 closed 1 year ago
3
`Funding._getVotesAtSnapshotBlocks` function does not take into account user's available votes between snapshot blocks

#291 code423n4 opened 1 year ago
3
Calling `StandardFunding.startNewDistributionPeriod` function can cause `fundsAvailable` for new distribution period to be less than it should be

#290 code423n4 opened 1 year ago
5
`StandardFunding._updateTreasury` function should not add voters' delegate rewards back to `treasury`

#289 code423n4 closed 1 year ago
4
Calling `StandardFunding.screeningVote` function and `ExtraordinaryFunding.voteExtraordinary` function when `block.number` equals respective start block and when `block.number` is bigger than respective start block can result in different available votes for same voter

#288 code423n4 opened 1 year ago
13
Attacker can manipulate the threshold for an extraordinary proposal to pass by funding the treasury

#287 code423n4 closed 1 year ago
7
User can call `StandardFunding.updateSlate` function to frontrun other user's `StandardFunding.updateSlate` transaction

#286 code423n4 opened 1 year ago
5
The voting thresholds in Ajna's Extraordinary Funding Mechanism can be manipulated to execute proposals below the expected threshold.

#285 code423n4 opened 1 year ago
14
Gas Optimizations

#284 code423n4 opened 1 year ago
9
QA Report

#283 code423n4 opened 1 year ago
1
Using `IERC721.transferFrom()` instead of `safeTransferFrom()` may cause the user's NFT to be frozen in a contract that does not support ERC721

#282 code423n4 opened 1 year ago
2
Gas Optimizations

#281 code423n4 closed 1 year ago
1
`Funding._validateCallDatas` miss the check on the length of `calldatas_[i]`

#280 code423n4 opened 1 year ago
13
getVBotesExtraOrdinary always returns 0

#279 code423n4 closed 1 year ago
2
QA Report

#278 code423n4 opened 1 year ago
1
NFT might get stuck in contracts not supporting it

#277 code423n4 closed 1 year ago
1
QA Report

#276 code423n4 opened 1 year ago
1
Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs The EIP-721 standard says the following about transferFrom():

#275 code423n4 closed 1 year ago
2
A proposal receives no vote should not be submitted to execute

#274 code423n4 closed 1 year ago
3
Delegate rewards are claimable in challenge period

#273 code423n4 opened 1 year ago
4
wdiv does not validate the denominator for 0

#272 code423n4 closed 1 year ago
2
wmul (...) operation may return 0

#271 code423n4 closed 1 year ago
1
Proposals received 0 vote in funding stage may still be eligible for funding

#270 code423n4 closed 1 year ago
2
Gas Optimizations

#269 code423n4 closed 1 year ago
1
QA Report

#268 code423n4 closed 1 year ago
1
Gas Optimizations

#267 code423n4 opened 1 year ago
1
`#StandardFunding._standardProposalState()` will retrun an inactive proposal as active

#266 code423n4 closed 1 year ago
3
Extraordinary proposals have a race condition that can cause proposals to fail

#265 code423n4 closed 1 year ago
2
Risk of User's Reward Loss due to Surge in Reward Claims

#264 code423n4 closed 1 year ago
2
Internal balance of treasury will be higher than expected after each distribution period

#263 code423n4 closed 1 year ago
7
QA Report

#262 code423n4 closed 1 year ago
1
fromPosition.depositTime is not updated after the position is moved leading unexpected/ incorrect behaviour.

#261 code423n4 closed 1 year ago
6
Adversary can prevent the creation of any extraordinary funding proposal by frontrunning `proposeExtraordinary()`

#260 code423n4 opened 1 year ago
4
Anyone can call `memorializePositions()` on behalf of other user's position due to lack of access control

#259 code423n4 closed 1 year ago
5

Previous Next