code-423n4 2023-07-pooltogether-findings issues

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 3 from #264 [1691857350267]

#480 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #93 [1689707967381]

#478 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #392 [1689707598962]

#477 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #422 [1689707351452]

#476 c4-judge closed 1 year ago
2
QA Report

#475 code423n4 closed 1 year ago
1
Malicious Yield Vault could deny Pool Together withdrawing assets

#474 code423n4 closed 1 year ago
2
withdrawReserve will revert when withdrawing tokens with on chain tx fees

#473 code423n4 closed 1 year ago
2
QA Report

#472 code423n4 opened 1 year ago
1
Analysis

#471 code423n4 opened 1 year ago
3
IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT

#470 code423n4 opened 1 year ago
10
Gas Optimizations

#469 code423n4 opened 1 year ago
2
Permit does not revert for tokens that do not implement it.

#468 code423n4 closed 1 year ago
2
Gas Optimizations

#467 code423n4 opened 1 year ago
2
_winningRandomNumber vartiable used in calculating if caller is winner can be read via web3.getStorageAt() and user can predict if he wins or not before hand

#466 code423n4 closed 1 year ago
2
Unintended or Malicious Use of Prize Winners' Hooks

#465 code423n4 opened 1 year ago
8
`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

#464 code423n4 opened 1 year ago
5
Unsecure and predictable random number generation in closeDraw.winningRandomNumber_()

#463 code423n4 closed 1 year ago
1
Vault funds can be stolen by a malicious Yield Vault.

#462 code423n4 closed 1 year ago
3
Sponsor function allows voiding some elses chance to win

#461 code423n4 closed 1 year ago
2
Depositors might lose funds due to the lack of zero share check

#460 code423n4 closed 1 year ago
2
`isTimeSafe` and `isTimeRangeSafe` not implemented in the functions `getBalanceAt` and `getTwabBetween`

#459 code423n4 closed 1 year ago
5
deposit function does not check for the `maxMint` amount.

#458 code423n4 opened 1 year ago
7
Possible centralization issue in PrizePool.closeDraw

#457 code423n4 closed 1 year ago
1
Missing External Transfer Function In Vault

#456 code423n4 closed 1 year ago
1
Attacker can steal vault funds through the deposit function.

#455 code423n4 closed 1 year ago
2
No access control on mintYieldFee

#454 code423n4 closed 1 year ago
2
Adding balance to accumulator does not depend on the current drawId, while documentation says it does

#453 code423n4 closed 1 year ago
5
Balance invariant between individual and total twabs can be broken

#452 code423n4 opened 1 year ago
3
balanceOf method can be manipulate to liquidated vault

#451 code423n4 closed 1 year ago
3
_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities

#450 code423n4 closed 1 year ago
1
Gas Optimizations

#449 code423n4 opened 1 year ago
3
Gas Optimizations

#448 code423n4 opened 1 year ago
3
Malicious yield vault owners can manipulate the interaction between the vault and yield vault

#447 code423n4 closed 1 year ago
2
Analysis

#446 code423n4 closed 1 year ago
1
The binarySearch exit condition is missing and may go into DOS or revert

#445 code423n4 opened 1 year ago
4
QA Report

#444 code423n4 closed 1 year ago
1
The `_currentExchangeRate` of the Vault contract can't increase, and always be lower than or equal to `_assetUnit`

#443 code423n4 opened 1 year ago
9
DISCREPENCY BETWEEN DOCUMENTATION AND `Vault._currentExchangeRate` FUNCTION IMPLEMENTATION

#442 code423n4 closed 1 year ago
4
Analysis

#441 code423n4 opened 1 year ago
2
Gas Optimizations

#440 code423n4 opened 1 year ago
5
Malicious user can steal other user's deposits from Vault.sol

#439 code423n4 opened 1 year ago
5
CONFIGURING ALLOWANCE TO ZERO FOR THE `_previousLiquidationPair` CAN BE FRONT RUN

#438 code423n4 closed 1 year ago
4
An identical vault can be deployed with existing values, the logic controlling this is missing

#437 code423n4 closed 1 year ago
2
`_totalWithdrawn` VALUE DOES NOT INCLUDE THE `_fee` AMOUNT THUS INTRODUCING ACCOUNTING ERROR

#436 code423n4 closed 1 year ago
3
mintYieldFee function does not check for the maxMint amount.

#435 code423n4 closed 1 year ago
6
precision loss due to division before multiplication

#434 code423n4 closed 1 year ago
1
Analysis

#433 code423n4 closed 1 year ago
1
Gas Optimizations

#432 code423n4 opened 1 year ago
3
`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

#431 code423n4 opened 1 year ago
4
Analysis

#430 code423n4 closed 1 year ago
1