issues
search
code-423n4
/
2023-07-pooltogether-findings
12
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Lack of Access Control in `setDrawManager` Function
#229
code423n4
closed
1 year ago
4
Missing access control in setDrawManager in PrizePool.sol
#228
code423n4
closed
1 year ago
3
Gas Optimizations
#227
code423n4
closed
1 year ago
1
The shares for each prize tier have a hard limit placed on them causing a possible wrong limitation in functionality
#226
code423n4
closed
1 year ago
4
TwabController.transfer() could easily lead to a costly damage
#225
code423n4
closed
1 year ago
3
Winner can make the claimer waste more gas than should it should be
#224
code423n4
closed
1 year ago
2
Anyone can call mintYieldFee() and mint the yield fee to themself
#223
code423n4
closed
1 year ago
2
Vault owner can steal prizes
#222
code423n4
closed
1 year ago
3
TwabController.burn() can be used by malicious actors to destroy Vault balance of users due to no access control
#221
code423n4
closed
1 year ago
2
Malicious vault owners can steal the PrizePool's Reserves as well as contributions made by EOA to other vaults.
#220
code423n4
closed
1 year ago
8
Potential fees lock in claimPrizes Method
#219
code423n4
opened
1 year ago
2
BeforeClaims hook can be used to lock prizes and artificially inflate vault contributions
#218
code423n4
closed
1 year ago
4
The winner prizes will be lost if the claimer does not claim those prizes before the next draw ends
#217
code423n4
closed
1 year ago
6
Reentrancy issue in Vault.deposit function which can inflate the exchange rate in the favor of Attacker.
#216
code423n4
closed
1 year ago
2
Users can delegate assets to any address other than the Sponsorship's and address zero
#215
code423n4
closed
1 year ago
1
ContributePrizeTokens method without access control can be front-run
#214
code423n4
closed
1 year ago
5
Malicious user can use vault hooks to grief claimers
#213
code423n4
closed
1 year ago
2
Gas Optimizations
#212
code423n4
closed
1 year ago
1
Inadequate check in ClaimPrize metthod
#211
code423n4
closed
1 year ago
1
QA Report
#210
code423n4
closed
1 year ago
1
problem allow an attacker to manipulate the totalVaults function to return an incorrect value.
#209
code423n4
closed
1 year ago
1
The setDrawManager() function lacks access control
#208
code423n4
closed
1 year ago
1
No slippage protection when depositing or withdrawing from vaults
#207
code423n4
closed
1 year ago
3
Resetting delegation will result in user funds being lost forever
#206
code423n4
opened
1 year ago
3
`PrizePool` will generate a partial DoS due to underflow
#205
code423n4
closed
1 year ago
12
Malicious actor can sponsor anyone causing that sponsored user the revoke of his chances to win even if he has previous deposits
#204
code423n4
closed
1 year ago
2
Anyone can mint the `_yieldFeeTotalSupply`
#203
code423n4
closed
1 year ago
2
Gas griefing temporary DoS with prize hooks
#202
code423n4
closed
1 year ago
2
Missing Check for equal length of _winners and _prizeIndices in claimPrizes method.
#201
code423n4
closed
1 year ago
2
An adversary can backrun an attempt to increase reserves and get free liquidity for his vault
#200
code423n4
closed
1 year ago
6
`mintYieldFee` allows to pass an arbitrary recipient for yield fee meaning anybody can mint shares for free
#199
code423n4
closed
1 year ago
2
Liquidator can be front-runned due to manipulation on availableYieldBalance()
#198
code423n4
closed
1 year ago
4
Inflated reserve variable in prizePool contract is possible if someone provides POOL tokens via `increaseReserve` function and liquidates vault's yield afterwards
#197
code423n4
closed
1 year ago
3
Anyone can capture the vault shares for yield fee that actually belongs to recipient of yield fee.
#196
code423n4
closed
1 year ago
3
prb-math not audited
#195
code423n4
closed
1 year ago
6
`yieldFee` could be sent to the any address in function `mintYieldFee`
#194
code423n4
closed
1 year ago
2
Vault owners may abuse their privilege and cause harm to the users
#193
code423n4
closed
1 year ago
2
Delegating to address(0) in the TwabController will permanently lock the assets
#192
code423n4
closed
1 year ago
2
Re-org attack in VaultFactory contract (function deployVault)
#191
code423n4
closed
1 year ago
2
_requireVaultCollateralized() is called at the beginning of the functions mintYieldFee() and liquidate()
#190
code423n4
opened
1 year ago
6
The Yield Fee can be stolen by everyone
#189
code423n4
closed
1 year ago
2
Creating new Vault, the owner should be the msg.sender
#188
code423n4
closed
1 year ago
2
Using mulDiv incorrectly in `Vault.sol`
#187
code423n4
closed
1 year ago
2
QA Report
#186
code423n4
closed
1 year ago
1
Insecure time-based validity check altering the minting process
#185
code423n4
closed
1 year ago
1
Must approve by zero first
#184
code423n4
closed
1 year ago
2
Unnecessary precision loss in `Claimer.claimPrizes()`
#183
code423n4
closed
1 year ago
3
Wrong formula in calculate C
#182
code423n4
opened
1 year ago
4
Malicious vault owner can drain all users assets from the vault
#181
code423n4
closed
1 year ago
3
Improper handling of cases when withdrawable assets = 0
#180
code423n4
opened
1 year ago
8
Previous
Next