code-423n4 2023-07-arcade-findings issues

code-423n4 / 2023-07-arcade-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #422 [1692189363530]

#574 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #513 [1691698843467]

#572 c4-judge opened 1 year ago
3
QA Report

#571 code423n4 closed 1 year ago
1
QA Report

#570 code423n4 closed 1 year ago
1
`NFTBoostVault` incompatible with some NFTs

#569 code423n4 closed 1 year ago
5
Reverts when a User claims Voting Power of address(0) where there exists some for address(0)

#568 code423n4 closed 1 year ago
4
QA Report

#567 code423n4 closed 1 year ago
1
QA Report

#566 code423n4 closed 1 year ago
1
Batch function calls can use up all the gas and fail

#565 code423n4 closed 1 year ago
2
QA Report

#564 code423n4 closed 1 year ago
1
Malicious user can create an harmful proposal and execute it by setting a very low quorum .

#563 code423n4 closed 1 year ago
2
User able to steal all votes escrowed in `LockingVault` due to downcasting

#562 code423n4 closed 1 year ago
2
Analysis

#561 code423n4 closed 1 year ago
2
QA Report

#560 code423n4 closed 1 year ago
1
[NFTBoostVault] User can add NFTs which have not been assigned a multiplier

#559 code423n4 closed 1 year ago
3
Analysis

#558 code423n4 opened 1 year ago
3
User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower

#557 code423n4 closed 1 year ago
4
Analysis

#556 code423n4 opened 1 year ago
3
`Manager` can delete any users voting power

#555 code423n4 closed 1 year ago
5
A user could call mint() with less ETH than the mintPrice and improperly mint badges for a cheaper cost.

#554 code423n4 closed 1 year ago
2
QA Report

#553 code423n4 closed 1 year ago
1
QA Report

#552 code423n4 closed 1 year ago
1
NFTBoostVault.sol: After NFT update, if that NFT does not assigned with any multiplier value, user will lose all of their votes.

#551 code423n4 opened 1 year ago
3
Gas Optimizations

#550 code423n4 closed 1 year ago
1
Gas Optimizations

#549 code423n4 closed 1 year ago
1
Gas Optimizations

#548 code423n4 closed 1 year ago
1
QA Report

#547 code423n4 closed 1 year ago
1
Unsafe downcast can lead to silent Overflow that causes accounting issues which can be exploited.

#546 code423n4 closed 1 year ago
8
If a lower multiplier for a particular NFT was set the owner of this NFT can avoid syncing votes with new values.

#545 code423n4 closed 1 year ago
3
QA Report

#544 code423n4 closed 1 year ago
1
voting power is insufficiently tracked

#543 code423n4 closed 1 year ago
5
NFTBoostVault is not a proper implementation/logic contract in upgradeability system

#542 code423n4 closed 1 year ago
3
token address checks in batchCalls can be bypassed with approve call on unset tokens

#541 code423n4 opened 1 year ago
6
Missing Validation which could cause Underflow Error

#540 code423n4 closed 1 year ago
11
ARCDVestingVault.sol::revokeGrant can revert for zero value transfers with weird ERC20 tokens.

#539 code423n4 closed 1 year ago
3
QA Report

#538 code423n4 closed 1 year ago
1
faulty users can abuse the function `delegate` in `NFTBoostVault.sol`

#537 code423n4 closed 1 year ago
2
withdrawFees Have a vulnerability leading to

#536 code423n4 closed 1 year ago
2
Loss of previous spending power for same spender address in Treasury Contract

#535 code423n4 closed 1 year ago
2
Malicious proposal can drain the treasury contract and bypass the gscAllowance[token] check

#534 code423n4 closed 1 year ago
5
treasury approveSmallSpending, approveMediumSpend and approveLargeSpend and setThreshold and setGSCAllowance can be frontrunned

#533 code423n4 closed 1 year ago
2
Analysis

#532 code423n4 opened 1 year ago
1
Arbitrary from in transferFrom

#531 code423n4 closed 1 year ago
3
Analysis

#530 code423n4 closed 1 year ago
1
ImmutableVestingVault does not support multiple grants for the same recipient, breaking core logic

#529 code423n4 closed 1 year ago
6
Incorrect accounting in GSC approval mechanism in `ArcadeTreasury`

#528 code423n4 closed 1 year ago
2
setThreshold can bypass cool down period in setGSCAllowance

#527 code423n4 closed 1 year ago
3
`ARCDVestingVault._syncVotingPower` could revert if `newVotingPower` is big enough.

#526 code423n4 closed 1 year ago
3
treasury approveSmallSpending / MediumSpend / LargeSpend and small / medium / large transfer can be blocked

#525 code423n4 closed 1 year ago
7
Block Gas Calculation Error

#524 code423n4 closed 1 year ago
2