code-423n4 2023-06-reserve-findings issues

code-423n4 / 2023-06-reserve-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Analysis

#57 code423n4 opened 1 year ago
1
QA Report

#56 code423n4 opened 1 year ago
1
Gas Optimizations

#55 code423n4 opened 1 year ago
1
Potential malicious initialization of GnosisTrade and DutchTrade implementation contract

#54 code423n4 closed 1 year ago
5
The number of slots added to the upgraded BasketHandlerP1 was calculated incorrectly

#53 code423n4 closed 1 year ago
5
A more graceful way of handling the throttle

#52 code423n4 opened 1 year ago
1
Mising caller protection when issuing Rtoken

#51 code423n4 opened 1 year ago
6
Gas Optimizations

#50 code423n4 opened 1 year ago
1
QA Report

#49 code423n4 opened 1 year ago
1
A Dutch trade could end up with an unintended lower closing price

#48 code423n4 opened 1 year ago
5
The broker should not be fully disabled by GnosisTrade.reportViolation

#47 code423n4 opened 1 year ago
4
After trade has finished, BackingManager.rebalance is called with same trade kind

#46 code423n4 opened 1 year ago
6
Malicious actor can call rebalance with TradeKind for dutch auction when gas prices are big to make losses for system

#45 code423n4 opened 1 year ago
1
Dutch auction is costly for bidder which means that system will likely receive less assets then expected

#44 code423n4 opened 1 year ago
1
Loss of staking yield for stakers when another user stakes in pause/frozen state

#43 code423n4 closed 1 year ago
2
In case when not all RSR was sold on auction users can loose it

#42 code423n4 closed 1 year ago
6
User who stakes into StRSRVotes doesn't have any voting power

#41 code423n4 closed 1 year ago
3
StRSR.leakyRefresh function should call `_payoutRewards`

#40 code423n4 opened 1 year ago
8
StRSR.cancelUnstake doesn't call _payoutRewards before minting new shares

#39 code423n4 closed 1 year ago
4
RecollateralizationLibP1.basketRange calculates deficit incorrectly

#38 code423n4 closed 1 year ago
4
StRSR.leakyRefresh implementation is wrong

#37 code423n4 opened 1 year ago
4
StRSR.withdraw can be blocked

#36 code423n4 closed 1 year ago
3
AssetRegistry.swapRegistered can be called with low gas to make basket be disabled

#35 code423n4 closed 1 year ago
4
In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed

#34 code423n4 opened 1 year ago
3
GnosisTrade contract can be frontrunned in order to make it report violation and block broker

#33 code423n4 closed 1 year ago
2
RToken.redeem should claim rewards before sending tokens to user

#32 code423n4 closed 1 year ago
5
When asset is unregistered from registry, then rewards should be claimed for it by backing manager

#31 code423n4 opened 1 year ago
5
RToken.setIssuanceThrottleParams and RToken.setRedemptionThrottleParams doesn't update lastTimestamp for the limiter

#30 code423n4 opened 1 year ago
4
FurnaceP1.setRatio will work incorrect after call when frozen

#29 code423n4 opened 1 year ago
2
QA Report

#28 code423n4 opened 1 year ago
1
Gas Optimizations

#27 code423n4 opened 1 year ago
1
QA Report

#26 code423n4 opened 1 year ago
1
QA Report

#25 code423n4 opened 1 year ago
3
Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

#24 code423n4 closed 1 year ago
5
A reorg might cause Dutch Auction bidder to pay a much higher price than intended

#23 code423n4 opened 1 year ago
9
`Throttle::useAvailable` should not update ` throttle.lastTimestamp` if `limit * delta < ONE_HOUR`

#22 code423n4 closed 1 year ago
5
QA Report

#21 code423n4 opened 1 year ago
2
Gas Optimizations

#20 code423n4 closed 1 year ago
1
Shouldn't sell reward rtokens when basket is undercollateralized

#19 code423n4 opened 1 year ago
9
Dos rebalance forever by gnosis auction

#18 code423n4 opened 1 year ago
8
require collateral status remain constant when swapRegistered

#17 code423n4 opened 1 year ago
6
Lack of claimRewards when manageToken in RevenueTrader

#16 code423n4 opened 1 year ago
5
Oracle timeout at rebalance will result in a sell-off of all RSRs at 0 price

#15 code423n4 opened 1 year ago
3
the sale sequence of assets is incorrect when default

#14 code423n4 opened 1 year ago
12
sell reward rTokens at low price because of skiping furnace.melt

#13 code423n4 opened 1 year ago
2
distribute/distributeTokenToBuy does not stop when system is frozen

#12 code423n4 opened 1 year ago
6
stake before unfreeze can take away most of rsr rewards in the freeze period

#11 code423n4 opened 1 year ago
3
cancelUnstake lack payoutRewards before mint shares

#10 code423n4 opened 1 year ago
5
inflat attack in RToken when melt radio = 1

#9 code423n4 opened 1 year ago
4
An oracle deprecation might lead the protocol to sell assets for a low price

#8 code423n4 opened 1 year ago
11