code-423n4 2023-07-basin-findings issues

code-423n4 / 2023-07-basin-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #116 [1691272104948]

#298 c4-judge closed 1 year ago
4
Upgraded Q -> 2 from #180 [1691271324742]

#297 c4-judge closed 1 year ago
6
Funds added to reserves through `sync` are accidentally transferred out to users

#296 code423n4 closed 1 year ago
7
QA Report

#295 code423n4 closed 1 year ago
3
ARRAY LENGTH MISMATCH CAN LEAD TO TRANSACTION REVERTS

#294 code423n4 opened 1 year ago
5
_addLiquidity() function will revert in first call

#293 code423n4 closed 1 year ago
7
`Well.shift()` FUNCTION DOES NOT HAVE THE `deadline` FUNCTIONALITY THUS COULD BE DISADVANTAGEOUS TO TRADERS

#292 code423n4 closed 1 year ago
5
`Well.skim()` TRANSACTION CAN BE FRONT RUN BY `Well.sync()` TRANSACTION THUS MAKING THE `Well.skim()` CALL INEFFECTIVE

#291 code423n4 closed 1 year ago
6
Inflation attack in well

#290 code423n4 closed 1 year ago
4
`_addLiquidity()` can fail on zero amount transfers if treasury fee is set to zero

#289 code423n4 opened 1 year ago
7
NO ACCESS CONTROL IN THE `Well.skim()` EXTERNAL FUNCTION

#288 code423n4 closed 1 year ago
3
The `MultiFlowPump.sol/update()` function will neither update nor revert any call made to it by any Well Implementation, hence will fail in storing the correct reserve values.

#287 code423n4 closed 1 year ago
7
Constant Product formula overflowing if number of tokens in reserve is too high

#286 code423n4 opened 1 year ago
9
Gas Optimizations

#285 code423n4 closed 1 year ago
5
bad actore can increase gas usage in swapfrom function

#284 code423n4 closed 1 year ago
4
Possible Front Running on the Permit function

#283 code423n4 closed 1 year ago
4
Potential token duplication validation bypass

#282 code423n4 closed 1 year ago
9
Analysis

#281 code423n4 closed 1 year ago
2
QA Report

#280 code423n4 opened 1 year ago
3
Tokens with multiple addresses should be blocklisted to prevent the creation of multiple pools for the same token

#279 code423n4 opened 1 year ago
9
Users can swap tokens through `shift()` function without `_updatePumps()`

#278 code423n4 closed 1 year ago
4
Well.sol::addLiquidity() Unauthorized Liquidity Addition for Fee-on-Transfer Tokens

#277 code423n4 closed 1 year ago
5
the swapFrom() function allows the Fee On Transfer tokens and _setReserves doesn't revert

#276 code423n4 closed 1 year ago
5
Flash loan price manipulation in `Well.sol`

#275 code423n4 closed 1 year ago
4
Possible Issues Related to Well Initial State

#274 code423n4 closed 1 year ago
12
Gas Optimizations

#273 code423n4 opened 1 year ago
5
Gas Optimizations

#272 code423n4 opened 1 year ago
6
QA Report

#271 code423n4 closed 1 year ago
2
Gas Optimizations

#270 code423n4 closed 1 year ago
2
QA Report

#269 code423n4 opened 1 year ago
4
Gas Optimizations

#268 code423n4 closed 1 year ago
2
Unprotected Initializer

#267 code423n4 opened 1 year ago
6
Gas Optimizations

#266 code423n4 opened 1 year ago
3
Well.sol::swapFrom() Missing Fee-on-Transfer Token Check

#265 code423n4 closed 1 year ago
3
Recommended use of shift() is vulnerable to theft of all user's funds

#264 code423n4 opened 1 year ago
16
Memory corruption in getBytes32FromBytes() can likely lead to loss of funds

#263 code423n4 opened 1 year ago
10
Gas Optimizations

#262 code423n4 opened 1 year ago
2
QA Report

#261 code423n4 opened 1 year ago
7
Due to slot confusion, reserve amounts in the pump will be corrupted, resulting in wrong oracle values

#260 code423n4 opened 1 year ago
8
Due to bit-shifting errors, reserve amounts in the pump will be corrupted, resulting in wrong oracle values

#259 code423n4 opened 1 year ago
11
Incorrect storage parsing corrupts the reserves array read using LibBytes16

#258 code423n4 opened 1 year ago
10
Inconsistent use of state variable uint256 constant ‘ONE-WORD’ across interacting contracts that use shared logic could result in incorrect calculations, incorrect assumptions about memory layout, and unexpected behaviors.

#257 code423n4 opened 1 year ago
5
Lack of validation in ConstantProduct2 makes calcReserve output an invalid reserve amount, when index >1

#256 code423n4 opened 1 year ago
9
Long term denial of service due to lack of fees in Well

#255 code423n4 opened 1 year ago
7
Implementation of Well shift() function allows attackers to completely manipulate the oracles

#254 code423n4 closed 1 year ago
6
TWAP can be easily manipulated by attacker through the sync() function, causing loss of funds

#253 code423n4 closed 1 year ago
6
Analysis

#252 code423n4 opened 1 year ago
3
Gas Optimizations

#251 code423n4 opened 1 year ago
4
Gas Optimizations

#250 code423n4 closed 1 year ago
3
QA Report

#249 code423n4 opened 1 year ago
10