code-423n4 2023-07-amphora-findings issues

code-423n4 / 2023-07-amphora-findings

3 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

## [MEDIUM-1] SafeTransfer should be used in place of transfer

#434 code423n4 closed 1 year ago
3
Gas Optimizations

#433 code423n4 opened 1 year ago
1
Liquidation frontrunning can prevent debt repayment upon unpausing

#432 code423n4 closed 1 year ago
2
Oracle manipulation with read only reentrancy in `get_virtual_price()` is not fully protected against

#431 code423n4 closed 1 year ago
2
Lack of Zero-Check for _cvxTotalRewards in _claimable Function Can Lead to Logical Errors

#430 code423n4 opened 1 year ago
3
the castvotebysig is not preventing users to vote proposalid 0

#429 code423n4 closed 1 year ago
3
QA Report

#428 code423n4 opened 1 year ago
2
QA Report

#427 code423n4 closed 1 year ago
1
Analysis

#426 code423n4 opened 1 year ago
1
Gas Optimizations

#425 code423n4 closed 1 year ago
1
DoS attack possible in mintVault() function

#424 code423n4 closed 1 year ago
3
Incorrect validation in `executeTransaction()` could lead to theft of ETH

#423 code423n4 closed 1 year ago
3
Analysis

#422 code423n4 closed 1 year ago
1
## [M‑02] _safeMint() should be used rather than _mint() wherever possible

#421 code423n4 closed 1 year ago
3
QA Report

#420 code423n4 opened 1 year ago
1
permit function allows 0 signature

#419 code423n4 closed 1 year ago
2
Gas Optimizations

#418 code423n4 opened 1 year ago
3
QA Report

#417 code423n4 opened 1 year ago
1
Gas Optimizations

#416 code423n4 opened 1 year ago
1
## [M-01] DefaultAccount#fallback lack payable

#415 code423n4 closed 1 year ago
3
Vault.claimRewards can break if Convex changes the operator

#414 code423n4 opened 1 year ago
4
Interest Still Accrued When VaultController Is Paused

#413 code423n4 closed 1 year ago
3
Gas Optimizations

#412 code423n4 opened 1 year ago
1
Read-only reentrancy - during liquidation, an attacker can liquidate the vault and borrow USDA without depositing any collateral

#411 code423n4 closed 1 year ago
4
Directly calling BaseRewardPool.getReward locks rewards in Vault

#410 code423n4 closed 1 year ago
2
_amountToSolvency calculation is wrong

#409 code423n4 closed 1 year ago
2
Nonces are not used in the signature checks

#408 code423n4 closed 1 year ago
3
Analysis

#407 code423n4 opened 1 year ago
1
Gas Optimizations

#406 code423n4 opened 1 year ago
3
The missing salt/proposalId in the hash construction for queuedTransactions leads to the possible collision of records in the queue

#405 code423n4 closed 1 year ago
4
Gas Optimizations

#404 code423n4 opened 1 year ago
1
Gas Limit Vulnerability in vaultSummaries Function Due to Large Number of enabledTokens

#403 code423n4 closed 1 year ago
3
QA Report

#402 code423n4 opened 1 year ago
1
QA Report

#401 code423n4 opened 1 year ago
1
`msg.value ` is not handled properly in `execute` function

#400 code423n4 closed 1 year ago
3
the '_calculate' function in AMPHClaimer.sol may have rounding error vulnerability due to the use of floating-point arithmetic with 1e6 precision

#399 code423n4 closed 1 year ago
2
Everyone can cancel each other proposal

#398 code423n4 closed 1 year ago
3
Gas Optimizations

#397 code423n4 opened 1 year ago
1
Using `exchangeRateStored()` leads to an understatement of the `cToken` value

#396 code423n4 closed 1 year ago
3
executeTransaction function is susceptible to signature malleability which allows replay attacks

#395 code423n4 closed 1 year ago
4
QA Report

#394 code423n4 opened 1 year ago
2
Gas Optimizations

#393 code423n4 opened 1 year ago
1
ChainlinkTokenOracleRelay.sol produces inaccurate token pricing

#392 code423n4 closed 1 year ago
3
Potential Failure to Handle Vault Creation Errors in mintVault Function

#391 code423n4 closed 1 year ago
5
QA Report

#390 code423n4 opened 1 year ago
1
Analysis

#389 code423n4 opened 1 year ago
1
Risk of Loss of Funds due to Improper Handling of BaseRewardPool Update

#388 code423n4 opened 1 year ago
7
Old vote value is used during casting of proposal

#387 code423n4 closed 1 year ago
3
Some curve pools have implementations such that Amphora's liquidations always revert.

#386 code423n4 closed 1 year ago
2
The maximum wUSDA supply unchecked.

#385 code423n4 closed 1 year ago
6