issues
search
code-423n4
/
2023-07-pooltogether-findings
12
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Anyone can call mintYieldFee in the Vault contract to mint shares for themselves
#329
code423n4
closed
1 year ago
2
Calls inside loops that may address DoS.
#328
code423n4
closed
1 year ago
1
Anybody can mint himself shares up to the _yieldFeeTotalSupply
#327
code423n4
closed
1 year ago
3
`TwabController#sponsor` can be called by anybody.
#326
code423n4
closed
1 year ago
1
Analysis
#325
code423n4
closed
1 year ago
1
Insulfficient validation of input parameters in vaultfactory.sol:: deployvault:
#324
code423n4
closed
1 year ago
8
Analysis
#323
code423n4
opened
1 year ago
2
setDrawManager is susceptible to race conditions.
#322
code423n4
closed
1 year ago
2
```_computeMaxFee``` Computes the wrong fee for a tier
#321
code423n4
closed
1 year ago
3
push a parameter into an array of vaults without checking if it already exists
#320
code423n4
closed
1 year ago
4
```_nextDraw``` Does not check if the _nextNumberOfTiers is over the max possible value
#319
code423n4
closed
1 year ago
3
setDrawManager of PrizePool.sol can be frontrunned and called by anyone to become drawmanager.
#318
code423n4
closed
1 year ago
2
Gas Optimizations
#317
code423n4
opened
1 year ago
2
Anyone Can Claim the YieldFee to any arbitrary address
#316
code423n4
closed
1 year ago
2
Gas Optimizations
#315
code423n4
opened
1 year ago
3
Threshold check for adding of new tiers is skipped when `_nextNumberOfTiers` is at the maximum
#314
code423n4
opened
1 year ago
3
Inaccurate Comparison of Timestamp Periods in _getNextObservationIndex Function
#313
code423n4
closed
1 year ago
2
Gas Optimizations
#312
code423n4
opened
1 year ago
2
Inherent bias in selection of winner towards vaults with a higher total supply
#311
code423n4
opened
1 year ago
5
Bad use of hardcoded dates values
#310
code423n4
opened
1 year ago
5
Array Length Not checked when Claiming prices
#309
code423n4
closed
1 year ago
2
Loss of fees due to multiple issues with `Vault.mintYieldFee()`
#308
code423n4
closed
1 year ago
3
More shares can be minted than underlying assets available, rendering Vault.sol undercollateralized as a result
#307
code423n4
closed
1 year ago
10
QA Report
#306
code423n4
closed
1 year ago
1
Analysis
#305
code423n4
closed
1 year ago
1
`DrawAccumulatorLib.getDisbursedBetween` can revert when a correct `_endDrawId` is provided
#304
code423n4
opened
1 year ago
3
Hooks can block claiming of prizes for everyone
#303
code423n4
closed
1 year ago
2
Liquidating yield can lead to undercollateralization of the vault
#302
code423n4
opened
1 year ago
5
`setLiquidationPair` in `Vault.sol` can revert 100% in some cases which makes changing `_liquidationPair` impossible
#301
code423n4
opened
1 year ago
5
`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`
#300
code423n4
opened
1 year ago
4
Direct deposits to the Prize Pool reserves are not accounted, leading to lose of the deposits
#299
code423n4
closed
1 year ago
2
Gas Optimizations
#298
code423n4
opened
1 year ago
2
`PrizePool.sol` is prone to `DOS` if `drawManager` role is not set in constructor
#297
code423n4
closed
1 year ago
3
QA Report
#296
code423n4
opened
1 year ago
2
Front-running of liquidations can cause stealing of prize tokens
#295
code423n4
closed
1 year ago
6
Unfair distribution of tier prizes reduces rewards for subsequent winners
#294
code423n4
closed
1 year ago
4
Delegating to the zero address burns the transferred user's `delegateBalance` forever
#293
code423n4
closed
1 year ago
6
Any user's chances to win can be revoked by anyone
#292
code423n4
closed
1 year ago
2
Prize winners can forcefully make a claim fail when fees are too high
#291
code423n4
closed
1 year ago
2
Unrestricted `Vault.mintYieldFee` function allows stealing of mint yield
#290
code423n4
closed
1 year ago
2
Analysis
#289
code423n4
opened
1 year ago
2
A minimum draw duration should be introduced to protocol
#288
code423n4
closed
1 year ago
3
DrawNotFinished Revert Condition Issue in PrizePool Contract
#287
code423n4
closed
1 year ago
3
`deposit` and `mint` functions in `Vault.sol` can be easily front-ran making the user loose funds
#286
code423n4
closed
1 year ago
1
Anyone could call `sponsor()` which is not in line with desired behaviour
#285
code423n4
closed
1 year ago
2
The winning zone could be largely inflated due to a front run in `contributePrizeTokens()`
#284
code423n4
closed
1 year ago
2
claimPrizes() can be frontrun to get the claiming fees
#283
code423n4
closed
1 year ago
3
Timestamp Dependency Vulnerability in `getVRGDAPrice()` Function
#282
code423n4
closed
1 year ago
1
Arithmetic Overflow in calculateWinningZone Function.
#281
code423n4
closed
1 year ago
2
Arithmetic Overflow in `calculateWinningZone` Function.
#280
code423n4
closed
1 year ago
1
Previous
Next