issues
search
code-423n4
/
2023-05-maia-findings
20
stars
12
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Test
#925
0xLightt
closed
1 year ago
2
Test
#924
0xLightt
closed
1 year ago
2
Test
#923
0xLightt
closed
1 year ago
2
Test
#922
0xLightt
closed
1 year ago
2
test
#921
0xLightt
closed
1 year ago
2
Upgraded Q -> 2 from #835 [1689085140858]
#920
c4-judge
closed
1 year ago
4
Upgraded Q -> 2 from #727 [1689056911947]
#919
c4-judge
closed
1 year ago
3
Upgraded Q -> 2 from #727 [1689056893075]
#918
c4-judge
closed
1 year ago
2
Upgraded Q -> 2 from #198 [1688918565387]
#917
c4-judge
closed
1 year ago
3
Analysis
#916
CloudEllie
opened
1 year ago
4
BranchPort.toggleStrategyToken used on unregistered STRATEGY TOKEN will allow STRATEGIES to drain full token balance
#915
code423n4
closed
1 year ago
1
Analysis
#914
code423n4
closed
1 year ago
2
the mint function in erc4626 will mint incorrect amount
#913
code423n4
closed
1 year ago
1
Not using slippage parameter in swap() while swapping causes loss of funds
#912
code423n4
closed
1 year ago
5
QA Report
#911
code423n4
closed
1 year ago
1
Although `ERC20Boost.transfer` and `ERC20Boost.transferFrom` functions try to prevent sender from transferring her or his gauge boost amount that is not free to receiver, such sender can still call `UtilityManager.forfeitBoost` and `bHermes.transfer` or `bHermes.transferFrom` functions to bypass such prevention
#910
code423n4
closed
1 year ago
2
Reward clarinets can claim rewards multiple times
#909
code423n4
closed
1 year ago
1
Analysis
#908
code423n4
closed
1 year ago
2
Potential Loss of Funds Due to Zero Slippage Hardcoding in TalosBaseStrategy#deposit
#907
code423n4
closed
1 year ago
5
MALICIOUS USER CAN CALL THE `FlywheelBribeRewards.setRewardsDepot()` FUNCTION INDEFINITELY TO PUSH `ethereum` INTO `STATE BLOAT`
#906
code423n4
closed
1 year ago
1
Analysis
#905
code423n4
opened
1 year ago
3
Although `ERC20Boost.decrementGaugesBoostIndexed` function would require user to remove all of her or his boost from a deprecated gauge at once, such user can instead call `ERC20Boost.decrementGaugeBoost` function for multiple times to utilize such deprecated gauge and decrement its `userGaugeBoost` for multiple times
#904
code423n4
opened
1 year ago
5
QA Report
#903
code423n4
closed
1 year ago
1
Analysis
#902
code423n4
opened
1 year ago
3
Slippage controls for calling `bHermes` contract's `ERC4626DepositOnly.deposit` and `ERC4626DepositOnly.mint` functions are missing
#901
code423n4
opened
1 year ago
5
Calling `BaseV2Gauge.detachUser` function does not update user's `getUserBoost` when it should be updated
#900
code423n4
closed
1 year ago
3
Missing deadline checks allow pending transactions to be maliciously executed
#899
code423n4
closed
1 year ago
3
The function setBooster() within FlywheelCore.sol is unreachable from inside the owner contract under the current layout.
#898
code423n4
closed
1 year ago
3
Functionalities for burning bHermesVotes, bHermesGauges, and bHermesBoost tokens are unavailable even though related functions, which are inaccessible externally, for burning these tokens do exist to indicate needs for such functionalities
#897
code423n4
closed
1 year ago
8
Gas Optimizations
#896
code423n4
opened
1 year ago
2
QA Report
#895
code423n4
opened
1 year ago
2
Vulnerable to MEV exploitation due to lack of slippage protection
#894
code423n4
closed
1 year ago
6
QA Report
#893
code423n4
closed
1 year ago
1
Calculation during rebalancing can overflow
#892
code423n4
closed
1 year ago
1
`UlyssesToken.updateAssetBalances()` might revert on some unexpected conditions
#891
code423n4
closed
1 year ago
2
Gas Optimizations
#890
code423n4
closed
1 year ago
1
In case a token added to ERC4626MultiToken.sol/UlyssesToken.sol gets compromised, it will not be possible to add or remove any asset
#889
code423n4
closed
1 year ago
2
Gas Optimizations
#888
code423n4
opened
1 year ago
2
Despite the check in the constructor, weights can still be set to zero which would prevent user withdrawals
#887
code423n4
closed
1 year ago
3
`FlywheelGaugeRewards.queueRewardsForCycle()` will not revert even if no tokens are received leaving the contract susceptible to data corruption
#886
code423n4
closed
1 year ago
3
The `getUserBoost` state variable can get out-of-sync in `ERC20Boost` which can cause miscalculations and prevent transfers and burns
#885
code423n4
closed
1 year ago
5
Analysis
#884
code423n4
opened
1 year ago
3
Reactivated gauges can’t queue up rewards
#883
code423n4
closed
1 year ago
1
If a STRATEGY TOKEN is "Toggled off" STRATEGIES will still be able to withdraw but returning of tokens with replenishReserves will be disabled.
#882
code423n4
opened
1 year ago
6
QA Report
#881
code423n4
opened
1 year ago
1
Analysis
#880
code423n4
opened
1 year ago
3
Gas Optimizations
#879
code423n4
opened
1 year ago
1
Gas Optimizations
#878
code423n4
opened
1 year ago
1
Gas Optimizations
#877
code423n4
opened
1 year ago
1
When `totalSupply` is low `getProposalThresholdAmount()` and `getQuorumVotesAmount()` can return zero
#876
code423n4
closed
1 year ago
10
Next