code-423n4 2023-07-pooltogether-findings issues

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Analysis

#429 code423n4 opened 1 year ago
3
Gas Optimizations

#428 code423n4 closed 1 year ago
1
`_amountOut` is representing assets and shares at the same time in the `liquidate` function

#427 code423n4 opened 1 year ago
5
QA Report

#426 code423n4 closed 1 year ago
1
IF UNDERLYING ASSETS ARE DIFFERENT BETWEEN THE STANDARD VAULT AND YIELD VAULT, IT COULD LEAD TO REDEPLOYMENT OF THE VAULT CONTRACT

#425 code423n4 closed 1 year ago
3
In a scenario with unexpectedly many prizes, the auction will fail to adjust

#424 code423n4 opened 1 year ago
6
In important libraries of PoolTogether, the pow() function of PRBMath is used, which exhibits inconsistent return values

#423 code423n4 opened 1 year ago
8
QA Report

#422 code423n4 opened 1 year ago
2
Unchecked PERIOD_OFFSET, could be set in the future

#421 code423n4 opened 1 year ago
3
Analysis

#420 code423n4 opened 1 year ago
2
QA Report

#419 code423n4 closed 1 year ago
1
Yield fee is minted out of thin air

#418 code423n4 closed 1 year ago
2
QA Report

#417 code423n4 closed 1 year ago
1
Attacker can frontrun deployVault to deploy at the same address

#416 code423n4 opened 1 year ago
7
High Prizes might not be claimed

#415 code423n4 opened 1 year ago
5
The type conversion overflow caused quantity calculation error

#414 code423n4 closed 1 year ago
2
QA Report

#413 code423n4 opened 1 year ago
2
Gas Optimizations

#412 code423n4 closed 1 year ago
1
QA Report

#411 code423n4 opened 1 year ago
1
QA Report

#410 code423n4 opened 1 year ago
2
QA Report

#409 code423n4 closed 1 year ago
1
`Vault.sponsor` may take away the prize chance from the receiver.

#408 code423n4 closed 1 year ago
4
Dynamic maxWithdraw causes previous users loss funds

#407 code423n4 closed 1 year ago
2
Yield fee can be stolen

#406 code423n4 closed 1 year ago
3
Analysis

#405 code423n4 opened 1 year ago
2
FIRST DEPOSITOR ATTACK IS PRESENT IN THE `Vault.sol` CONTRACT

#404 code423n4 closed 1 year ago
2
Missing access control in mintYieldFee allowing everybody to mint the available YieldFee to himself

#403 code423n4 closed 1 year ago
2
Gas Optimizations

#402 code423n4 opened 1 year ago
2
Gas Optimizations

#401 code423n4 opened 1 year ago
3
ALL WINNER CLAIMS CAN BE DoS BY A SINGLE MALICIOUS WINNER

#400 code423n4 closed 1 year ago
5
PrizePool -> Winners wouldn't be able to claim prize correctly in `claimPrize` function

#399 code423n4 opened 1 year ago
6
Uninitialized local variable may cause unintended behaviour

#398 code423n4 closed 1 year ago
2
Vault will lose its `_yieldFeeTotalSupply` without getting an equivalent amount of share tokens

#397 code423n4 closed 1 year ago
5
`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

#396 code423n4 opened 1 year ago
5
PRBMATH `pow()` function can return inconsistent values which is root of computation for the Area under curve`c(d) = −t ∗ ln(α)∗α ^ d * `

#395 code423n4 closed 1 year ago
10
QA Report

#394 code423n4 opened 1 year ago
1
Attacker can force users to delegate to `SPONSORSHIP_ADDRESS`

#393 code423n4 closed 1 year ago
6
QA Report

#392 code423n4 opened 1 year ago
2
Deposit transaction is prone to being front-run by bad actors.

#391 code423n4 closed 1 year ago
2
Claim failure can result to loss of funds

#390 code423n4 closed 1 year ago
1
No access control for `mintYieldFee()`

#389 code423n4 closed 1 year ago
3
`checkedSub()` might revert due to underflow

#388 code423n4 closed 1 year ago
2
The output amount validation in `Vault.liquidate()` is not correct.

#387 code423n4 closed 1 year ago
3
Users might lose their balances when they set delegates

#386 code423n4 closed 1 year ago
3
`Vault.liquidate()` will revert when `_yieldFeePercentage` is 100%

#385 code423n4 closed 1 year ago
2
`Vault.mintWithPermit()` can be DOSed

#384 code423n4 opened 1 year ago
5
QA Report

#383 code423n4 opened 1 year ago
2
The exchange rate is decreasing in Vault

#382 code423n4 closed 1 year ago
8
Malicious claimer could arbitrage the prize-claiming functionality

#381 code423n4 closed 1 year ago
4
QA Report

#380 code423n4 closed 1 year ago
1

Previous Next