issues
search
code-423n4
/
2023-05-maia-findings
20
stars
12
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#875
code423n4
closed
1 year ago
3
In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT
#874
code423n4
closed
1 year ago
3
Incorrect Use of Equality Operator in addPartner and addVault Functions
#873
code423n4
closed
1 year ago
2
Functions don't update after being called
#872
code423n4
closed
1 year ago
1
FlywheelCore’s setFlywheelRewards can remove access to reward funds from current users introducing Rug Pull Attack Vector
#871
code423n4
closed
1 year ago
7
Reactivated gauges have incorrect accounting for the last cycle’s rewards
#870
code423n4
closed
1 year ago
1
`RootBridgeAgent.redeemSettlement` can be front-run using `RootBridgeAgent.retrySettlement` causing redeem DoS
#869
code423n4
opened
1 year ago
9
Analysis
#868
CloudEllie
opened
1 year ago
5
NO CHECK TO VERIFY THE ELEMENTS OF `assetsAmounts[]` ARRAY IS IN THE SAME ORDER AS `assets[]` ARRAY, IF MISCONFIGURED COULD BREAK THE INTERNAL ACCOUNTING OF SHARE CALCULATION
#867
code423n4
closed
1 year ago
1
In VirtualAccount.sol.withdrawERC20(), Transaction revert if the Token does not support 0 value transfer
#866
code423n4
closed
1 year ago
1
changeAdmin function does not have checks
#865
code423n4
closed
1 year ago
1
QA Report
#864
code423n4
closed
1 year ago
1
Interactions with Pool do not use valid deadlines for operations
#863
code423n4
closed
1 year ago
2
QA Report
#862
code423n4
opened
1 year ago
2
Many `create` methods are suspicious of the reorg attack
#861
code423n4
opened
1 year ago
8
BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.
#860
code423n4
closed
1 year ago
2
Contracts are vulnerable to rebasing accounting-related issues
#859
code423n4
closed
1 year ago
1
A first depositor can steal funds from future deposits
#858
code423n4
closed
1 year ago
6
Unable to check state() if proposalId == 0
#857
code423n4
closed
1 year ago
1
setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract
#856
code423n4
closed
1 year ago
2
Not using slippage parameter when interacting with AMMs
#855
code423n4
closed
1 year ago
5
Tokens with multiple addresses can be stolen due to reliance on balanceOf()
#854
code423n4
closed
1 year ago
1
DateTimeLib.isTuesday can't guarantee the first Tuesday of the month
#853
code423n4
closed
1 year ago
2
A malicious early user can play with the underlying assets' unit share price to get an unfair share of future users' deposits
#852
code423n4
closed
1 year ago
12
Only the state() of the latest proposal can be checked
#851
code423n4
closed
1 year ago
1
Time cycle can return wrong value due to downcasting
#850
code423n4
closed
1 year ago
1
Downcasting result in loss of fees for protocol and user
#849
code423n4
closed
1 year ago
1
Gas Optimizations
#848
code423n4
opened
1 year ago
1
RootPort.addBridgeAgentFactory() is taking bridgeAgentLenght into account rather than bridgeAgentFactoriesLength
#847
code423n4
closed
1 year ago
4
Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum
#846
code423n4
closed
1 year ago
1
Missing deadline check when performing a swap
#845
code423n4
closed
1 year ago
2
FIRST DEPOSITOR ATTACK IS PRESENT IN THE `ERC4626.sol` CONTRACT
#844
code423n4
closed
1 year ago
5
Holders will not have enough time to delegate or cast their votes
#843
code423n4
closed
1 year ago
7
Gas Optimizations
#842
code423n4
opened
1 year ago
3
No Deadline check in `UlyssesRouter`, allowing outdated slippage and allow pending transaction to be unexpected executed
#841
code423n4
closed
1 year ago
2
Analysis
#840
CloudEllie
opened
1 year ago
5
More funds can be redeemed than deposited
#839
code423n4
closed
1 year ago
1
In FlywheelCore.sol contract, setBooster() can be used to steal unclaimed rewards
#838
code423n4
closed
1 year ago
1
Maximum approve can liquidate
#837
code423n4
closed
1 year ago
1
Owner can reduce Governance power of a user
#836
code423n4
closed
1 year ago
1
QA Report
#835
code423n4
opened
1 year ago
1
Analysis
#834
code423n4
opened
1 year ago
5
It is risky to allow anyone to create a `RootBridgeAgent` because they will directly interact with RootPort, even though the `RootBridgeAgent` may be using an invalid Router address.
#833
code423n4
closed
1 year ago
6
Gas Optimizations
#832
code423n4
opened
1 year ago
1
First ERC4626 deposit exploit can break share calculation
#831
code423n4
closed
1 year ago
5
The code uses arithmetic operations without explicitly checking for possible overflows or underflows
#830
code423n4
closed
1 year ago
1
QA Report
#829
code423n4
opened
1 year ago
1
Lack of valid Slippage control parameter in `increaseLiquidity` calls in Talos
#828
code423n4
closed
1 year ago
6
depositToPort is supposed to be marked payable and it is not
#827
code423n4
closed
1 year ago
1
bHermes mint quantity can be attacked by grief
#826
code423n4
closed
1 year ago
1
Previous
Next