issues
search
code-423n4
/
2023-06-stader-findings
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#327
code423n4
opened
1 year ago
2
QA Report
#326
code423n4
closed
1 year ago
1
Gas Optimizations
#325
code423n4
opened
1 year ago
1
Paused Pool should not receive the staked ETH
#324
code423n4
opened
1 year ago
5
Node Operators can `addValidatorKeys` with an invalid `_depositSignature`, which would lead to loss of users' funds.
#323
code423n4
closed
1 year ago
8
QA Report
#322
code423n4
closed
1 year ago
1
StaderOracle - Strict equal can cause no consensus if trusted nodes are removed before consensus
#321
code423n4
opened
1 year ago
5
Gas Optimizations
#320
code423n4
opened
1 year ago
1
Rewards sent directly to NodeELRewardVault contract will be locked
#319
code423n4
closed
1 year ago
5
Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw
#318
code423n4
closed
1 year ago
2
Gas Optimizations
#317
code423n4
closed
1 year ago
1
Chainlink's `latestRoundData()` can return stale or incorrect result
#316
code423n4
closed
1 year ago
2
Lack of Pause and Unpause Functionality in Auction Contract
#315
code423n4
closed
1 year ago
2
VaultProxy initialise can be frontrun
#314
code423n4
closed
1 year ago
1
VaultProxy initialise can be frontrun
#313
code423n4
closed
1 year ago
1
Stale or incorrect results from data feeds can affect assets and shares calculation on deposits and withdrawals
#312
code423n4
closed
1 year ago
2
`UserWithdrawManager.requestWithdraw` should use `msg.sender` instead of `_owner`
#311
code423n4
closed
1 year ago
3
QA Report
#310
code423n4
opened
1 year ago
1
No Check on `_sdAmount` When Creating a Lot Results In Users Adding Bids On Lots With Zero SD Tokens & The Highest Bidder Losing His Ethers
#309
code423n4
closed
1 year ago
2
Anyone Can `selfdestruct` The `VaultProxy` Contract.
#308
code423n4
closed
1 year ago
3
QA Report
#307
code423n4
opened
1 year ago
1
Gas Optimizations
#306
code423n4
closed
1 year ago
1
The check on operator number limit in `PermissionedNodeRegistry.onboardNodeOperator` could be incorrect.
#305
code423n4
closed
1 year ago
3
QA Report
#304
code423n4
closed
1 year ago
1
QA Report
#303
code423n4
closed
1 year ago
1
MIN_AUCTION_DURATION set in Auction.sol when deploy in other chains will be incorrect.
#302
code423n4
closed
1 year ago
2
bidIncrement is not bounded allows manager to DOS addBit() function in Auction.sol
#301
code423n4
closed
1 year ago
1
Compromised or malicious manager can freeze users' SD tokens in SDCollateral.sol.
#300
code423n4
closed
1 year ago
1
`StaderStakePoolsManager.depositETHOverTargetWeight` should have the `whenNotPaused` modifier
#299
code423n4
opened
1 year ago
7
CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS
#298
code423n4
closed
1 year ago
2
`StaderStakePoolsManager.depositETHOverTargetWeight` should revert when `availableETHForNewDeposit > 0 && availableETHForNewDeposit < poolDepositSize`
#297
code423n4
closed
1 year ago
4
Gas Optimizations
#296
code423n4
opened
1 year ago
1
QA Report
#295
code423n4
closed
1 year ago
1
Gas Optimizations
#294
code423n4
opened
1 year ago
1
WithdrawnValidators can decrease exchangerate and cause user loss fund
#293
code423n4
closed
1 year ago
4
Protocol will not benefit from slashing mechanism when remaining penalty bigger than minThreshold
#292
code423n4
opened
1 year ago
5
Chainlink return values not handled properly
#291
code423n4
closed
1 year ago
2
Pools cannot be updated forever
#290
code423n4
closed
1 year ago
2
Calls transfer()/transferFrom() With IERC20
#289
code423n4
closed
1 year ago
2
Gas Optimizations
#288
code423n4
opened
1 year ago
1
QA Report
#287
code423n4
closed
1 year ago
1
MISSING ACCESS CONTROL AND MISSING LOGICAL CHECKS IN PENALTY.sol
#286
code423n4
closed
1 year ago
2
Action.sol,function addBid(),will get error revert msg if auction not exist
#285
code423n4
closed
1 year ago
1
Action.sol# createLot ,parameter `_sdAmount` can set to zero , many zero profit auctions can be created.
#284
code423n4
closed
1 year ago
2
`PermissionedPool.stakeUserETHToBeaconChain` could falsely update the active validator count.
#283
code423n4
closed
1 year ago
16
QA Report
#282
code423n4
opened
1 year ago
1
Gas Optimizations
#281
code423n4
opened
1 year ago
1
Gas Optimizations
#280
code423n4
opened
1 year ago
1
EVENT EMITTED WITHOUT ACTION
#279
code423n4
closed
1 year ago
3
Reentrancy Attack Vulnerability in the distributeRewards() Function
#278
code423n4
closed
1 year ago
1
Previous
Next