issues
search
code-423n4
/
2023-06-llama-findings
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Mislead of policy holders due to wrong role description, Unwanted roles creation
#305
code423n4
closed
1 year ago
3
Uses Send Value to transfer Native token instead of Transfer Function
#304
code423n4
closed
1 year ago
3
Gas Optimizations
#303
code423n4
closed
1 year ago
2
QA Report
#302
code423n4
closed
1 year ago
1
Transaction failed to deploy strategies
#301
code423n4
closed
1 year ago
3
Analysis
#300
code423n4
closed
1 year ago
1
QA Report
#299
code423n4
closed
1 year ago
1
In LlamaAccount.transferERC20(), Transaction revert if the Token does not support 0 value transfer
#298
code423n4
closed
1 year ago
3
QA Report
#297
code423n4
closed
1 year ago
1
NATIVE TOKENS COULD GET STUCK INSIDE THE `LlamaCore` CONTRACT SINCE THERE IS NO WITHDRAWAL MECHANISM
#296
code423n4
closed
1 year ago
7
Analysis
#295
code423n4
closed
1 year ago
1
QA Report
#294
code423n4
closed
1 year ago
1
Gas Optimizations
#293
code423n4
closed
1 year ago
1
NATIVE TOKENS TRANSFERRED TO THE `LlamaAccount` CONTRACT CAN GET STUCK
#292
code423n4
closed
1 year ago
6
Analysis
#291
code423n4
opened
1 year ago
1
QA Report
#290
code423n4
closed
1 year ago
1
Gas Optimizations
#289
code423n4
closed
1 year ago
1
THERE IS NO INPUT VALIDATION FOR CRITICAL STATE VARIABLES WHICH COULD BREAK THE CORE FUNCTIONALITY OF THE PROTOCOL
#288
code423n4
closed
1 year ago
2
expirationPeriod in the strategy contracts is not checked when calling LlamaCore.execute
#287
code423n4
closed
1 year ago
4
QA Report
#286
code423n4
closed
1 year ago
1
Gas Optimizations
#285
code423n4
opened
1 year ago
3
Gas Optimizations
#284
code423n4
opened
1 year ago
4
LlamaExecutor#execute is not payable
#283
code423n4
closed
1 year ago
5
Blacklisted Address Can Exploit the Exchange
#282
code423n4
closed
1 year ago
5
The function isActionExpired in the strategies contract is pretty confusing and may not work as intended
#281
code423n4
closed
1 year ago
3
Manually assigning token IDs in ERC-721 can cause problems in the future
#280
code423n4
closed
1 year ago
3
Analysis
#279
code423n4
opened
1 year ago
1
QA Report
#278
code423n4
opened
1 year ago
1
QA Report
#277
code423n4
closed
1 year ago
2
The low-level call returns true if the address does not exist
#276
code423n4
closed
1 year ago
2
QA Report
#275
code423n4
closed
1 year ago
1
Clone LlamaAccount with the same accountConfigs will result in an error, blocking the _deployAccounts() function or DOS
#274
code423n4
closed
1 year ago
2
Gas Optimizations
#273
code423n4
closed
1 year ago
1
Clone LlamaCore and LlamaPolicy in LlamaFactory.sol may fail or DOS
#272
code423n4
closed
1 year ago
3
An attacker can steal funds from an Llama account by re-logging in.
#271
code423n4
closed
1 year ago
3
Comparing Ether values using equality operators (== or !=) can be very hard to match each other . This will always reverts
#270
code423n4
closed
1 year ago
3
QA Report
#269
code423n4
closed
1 year ago
1
Analysis
#268
code423n4
opened
1 year ago
2
QA Report
#267
code423n4
opened
1 year ago
5
Actions can stuck in Queued state
#266
code423n4
closed
1 year ago
3
Success value and msg.value not checked in llamaExecutor.sol
#265
code423n4
closed
1 year ago
3
No control for finalizeInitialization() the over all contract become risk. Attacker can become ``llamaExecutor``. This can be a potential security risk if anyone can grant permissions to others maliciously
#264
code423n4
opened
1 year ago
2
Analysis
#263
code423n4
opened
1 year ago
2
Gas griefing/thief in LlamaAccount execute()
#262
code423n4
closed
1 year ago
4
createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks
#261
code423n4
closed
1 year ago
4
_newCastCount can overflow and lead to wrong state
#260
code423n4
closed
1 year ago
3
LlamaPolicyMetadata.tokenURI() name is missing escapeJSON
#259
code423n4
closed
1 year ago
6
ERC721 tokens can be forever locked when transferring
#258
code423n4
closed
1 year ago
2
Gas Optimizations
#257
code423n4
opened
1 year ago
2
User ETH will be stacked on Executor contract if the target script doesn't handle ETH.
#256
code423n4
closed
1 year ago
14
Next