code-423n4 2023-05-maia-findings issues

code-423n4 / 2023-05-maia-findings

24 stars 13 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

#825 code423n4 closed 1 year ago
1
Gas Optimizations

#824 code423n4 closed 1 year ago
1
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

#823 code423n4 opened 1 year ago
8
exactSqrtPriceImpact is unnecessarily divided by 2, which restricts the range of price impact percentage

#822 code423n4 closed 1 year ago
1
Analysis

#821 code423n4 opened 1 year ago
3
Division before multiplication could incur precision loss.

#820 code423n4 closed 1 year ago
1
Missing input validation in pool parameter can lead to protocol malicious behaviour

#819 code423n4 closed 1 year ago
3
`doRebalance` in Talos is vulnerable to Flash loan Attacks resulting loss of funds

#818 code423n4 closed 1 year ago
2
`_checkpoints` may be inaccurate voting power on arbitrum

#817 code423n4 closed 1 year ago
18
Gas Optimizations

#816 code423n4 closed 1 year ago
1
The ERC4626 is vulnerable to inflation attack and user funds stolen

#815 code423n4 closed 1 year ago
4
Interactions with AMMs do not use deadlines for operations

#814 code423n4 closed 1 year ago
2
## Significant roundoff error in depositToPort function (ArbitrumBranchBridgeAgent.sol )

#813 code423n4 closed 1 year ago
3
Potential Integer Underflow/Overflow: The code uses the SafeCastLib library for type conversions, but it does not handle potential underflow or overflow situations.

#812 code423n4 closed 1 year ago
1
Payable method `RootBridgeAgent.retrySettlement` can lead to loss of funds for users

#811 code423n4 closed 1 year ago
12
FlywheelCore.setBooster() can be used to steal unclaimed rewards

#810 code423n4 closed 1 year ago
1
Analysis

#809 code423n4 opened 1 year ago
3
Id not saved when adding a vault with `addVault` or partner with `addPartner`

#808 code423n4 closed 1 year ago
1
QA Report

#807 code423n4 opened 1 year ago
1
FlywheelCore’s setFlywheelRewards can remove access to reward funds from current users

#806 code423n4 closed 1 year ago
5
Gas Optimizations

#805 code423n4 opened 1 year ago
1
Incorrect refund of execution gas fee to user

#804 code423n4 closed 1 year ago
2
castVoteBySig can be front run without proper access control

#803 code423n4 closed 1 year ago
1
_createDepositSingle() call bridgeOut missing normalizeDecimals

#802 code423n4 closed 1 year ago
3
ONLY THE `owner` OF THE `tokenId` WILL BE ABLE TO RESTAKE THE LIQUIDITY NFT, EVEN AFTER THE INCENTIVE END TIME HAS PASSED

#801 code423n4 closed 1 year ago
2
First ERC4626 deposit and mint exploit can break share calculation

#800 code423n4 closed 1 year ago
6
In FlywheelCore.sol, setFlywheelRewards() can remove access to reward funds from current users

#799 code423n4 closed 1 year ago
3
Gas Optimizations

#798 code423n4 opened 1 year ago
1
QA Report

#797 code423n4 opened 1 year ago
2
Gas Optimizations

#796 code423n4 opened 1 year ago
3
public accrueBribes

#795 code423n4 closed 1 year ago
1
Gas Optimizations

#794 code423n4 closed 1 year ago
1
QA Report

#793 code423n4 closed 1 year ago
1
BRIBE REWARD ACCRUAL COULD `DoS` IF `bribeFlywheels` ARRAY GROWS INDEFINITELY

#792 code423n4 closed 1 year ago
4
Analysis

#791 code423n4 closed 1 year ago
2
_normalizeDecimals() Wrong calculation formula

#790 code423n4 closed 1 year ago
3
Gas Optimizations

#789 code423n4 closed 1 year ago
1
No slippage protection in `deposit()`, `_withdrawAll()` and `_compoundFees()`

#788 code423n4 closed 1 year ago
6
Missing Zero Address Check in Proposal Execution within Maia's Governance System

#787 code423n4 closed 1 year ago
1
Replenishing gas is missing in `_payFallbackGas` of RootBridgeAgent

#786 code423n4 opened 1 year ago
10
TRANSACTIONS CAN REVERT DUE TO OVERFLOW OF `uint32`

#785 code423n4 closed 1 year ago
1
Deadline set block.timestamp can be problematic

#784 code423n4 closed 1 year ago
2
Public createBribeFlywheel

#783 code423n4 closed 1 year ago
1
createBridgeAgent() Lack of permission control

#782 code423n4 closed 1 year ago
6
`ERC4626MultiToken` CONTRACT DEPLOYMENT COULD FAIL DUE TO INVALID INPUTS OF `_assets[]` ARRAY

#781 code423n4 closed 1 year ago
1
First depositor can break minting of shares

#780 code423n4 closed 1 year ago
6
Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract

#779 code423n4 closed 1 year ago
1
Analysis

#778 code423n4 closed 1 year ago
0
The `state()` function will not work properly on Optimism

#777 code423n4 closed 1 year ago
5
Liquidity providers may lose funds when initialising a strategy

#776 code423n4 closed 1 year ago
2

Previous Next