issues
search
code-423n4
/
2023-07-pooltogether-findings
12
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#379
code423n4
opened
1 year ago
1
Incorrect amount of tokens is transferred before updating the accumulator and emitting the ContributePrizeTokens event
#378
code423n4
closed
1 year ago
2
Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100
#377
code423n4
closed
1 year ago
1
The liquidate function lets the caller mint amountOut tokens without providing any
#376
code423n4
closed
1 year ago
4
Users can grief high prize winner by taking advantage of VRGDA mechanism
#375
code423n4
closed
1 year ago
2
QA Report
#374
code423n4
opened
1 year ago
1
Denial-of-service attack on "prizes claiming" transaction
#373
code423n4
closed
1 year ago
2
QA Report
#372
code423n4
opened
1 year ago
1
Anyone can mint to themselves type(uint96).max if _isVaultCollateralized() returns true
#371
code423n4
closed
1 year ago
2
Yield fees can be stolen by anyone
#370
code423n4
closed
1 year ago
3
Vault wrongly stays in collateralized state for next depositor if yield vault loses all assets
#369
code423n4
closed
1 year ago
2
Unfair Winner Selection in Prize Distribution Compromises Fairness in `PoolTogether` Protocol
#368
code423n4
closed
1 year ago
1
disrupting program flow and potential loss of data or funds in setDrawManager function
#367
code423n4
closed
1 year ago
1
`mintYieldFee` doesn't mint yield fee to the `_yieldFeeRecipient` in `Vault` contract
#366
code423n4
closed
1 year ago
4
Anyone can call mintYieldFee() in Vault.sol and mint the Yield Fee
#365
code423n4
closed
1 year ago
3
Wrong ERC20Permit import from Openzeppelin
#364
code423n4
closed
1 year ago
2
Some tokens cannot be used as underlying assets
#363
code423n4
closed
11 months ago
3
Analysis
#362
code423n4
closed
1 year ago
1
The length of `winners` and `prizeIndices` was not checked in the `claimPrizes`
#361
code423n4
closed
11 months ago
2
_totalAssets() in Vault.sol calls the wrong function to get amount of assets managed by YieldVault
#360
code423n4
closed
1 year ago
2
Missing Deadline parameter in liquidate() of Vault.sol
#359
code423n4
closed
1 year ago
2
Gas Optimizations
#358
code423n4
opened
1 year ago
1
Vault will drain if `_yieldVault` is fee-on-transfer token
#357
code423n4
closed
1 year ago
4
An attacker can install himself as a DrawManager and steal funds in the withdrawReserve() functions in PrizePool.sol
#356
code423n4
closed
11 months ago
6
Analysis
#355
code423n4
opened
1 year ago
2
reserve may be smaller than expected in PrizePool.sol
#354
code423n4
opened
1 year ago
3
DOS Vault.liquidate() if _yieldFeePercentage = FEE_PRECISION.
#353
code423n4
closed
11 months ago
7
Tier odds in TieredLiquidityDistributor are incorrect
#352
code423n4
opened
1 year ago
3
Delegated amounts can be forcefully removed from anyone in the TwabController
#351
code423n4
opened
1 year ago
3
Reorg attack in VaultFactory
#350
code423n4
closed
1 year ago
2
No check for minting to the address(0)
#349
code423n4
closed
1 year ago
1
QA Report
#348
code423n4
opened
1 year ago
1
Vault.sol is vulnerable to the classic vault's first depositor issue
#347
code423n4
closed
1 year ago
1
The `maxMint` check in `Vault::_beforeMint()` could be side stepped
#346
code423n4
closed
11 months ago
4
Gas Optimizations
#345
code423n4
opened
1 year ago
2
Reentrancy issue in Vault.deposit can lead to drain all funds of vault if _asset is ERC777 token
#344
code423n4
closed
1 year ago
2
QA Report
#343
code423n4
closed
1 year ago
1
Twab can return 0 between 2 draws
#342
code423n4
closed
11 months ago
3
Donation Attack possible on the underlying yieldVault breaking the main vault
#341
code423n4
closed
11 months ago
7
Analysis
#340
code423n4
opened
1 year ago
2
QA Report
#339
code423n4
opened
1 year ago
2
Analysis
#338
code423n4
opened
1 year ago
2
PrizePool deployment can be sabotaged
#337
code423n4
closed
1 year ago
2
Missing Nonce and ChainId may lead to signature replay attack
#336
code423n4
closed
1 year ago
2
Anyone can mint yield fee to any recipient
#335
code423n4
closed
1 year ago
3
Users can manipulate observation creation
#334
code423n4
opened
1 year ago
7
Possible loss of ownership of the vault, due to the use of ownable.sol for contract ownership.
#333
code423n4
closed
11 months ago
2
Number of prize tiers always increases if just 1 canary prize is claimed
#332
code423n4
opened
1 year ago
5
Tiers can be mantained active to give unfair advantage to user through DoS
#331
code423n4
opened
1 year ago
7
Gas Optimizations
#330
code423n4
closed
1 year ago
1
Previous
Next