issues
search
code-423n4
/
2023-07-pooltogether-findings
12
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
The `_getTier` function does not check if `_tier` is within the minimum and maximum values
#179
code423n4
closed
1 year ago
1
Lack of zero value check of the `firstDrawStartsAt` in `constructor`
#178
code423n4
closed
1 year ago
1
`setDrawManager` lack of two-step role transfer
#177
code423n4
closed
1 year ago
1
QA Report
#176
code423n4
opened
1 year ago
1
Gas Optimizations
#175
code423n4
closed
1 year ago
1
withdrawClaimRewards
#174
code423n4
closed
1 year ago
1
claimPrizes
#173
code423n4
closed
1 year ago
1
Analysis
#172
code423n4
closed
1 year ago
1
Unused dangerous function might lead to big problem
#171
code423n4
closed
1 year ago
1
Unchecked Deposits Enabling Share Price Manipulation
#170
code423n4
closed
1 year ago
1
Analysis
#169
code423n4
closed
1 year ago
1
Returning A Function That Doesnt Exist
#168
code423n4
closed
1 year ago
1
Claimer can steal all reward from user
#167
code423n4
closed
1 year ago
2
Vault.withdraw() and Vault.redeem() doesn't conform to EIP-4626, might cause integration problems in the future, that can lead to a wide range of issues for parties involved, including loss of funds.
#166
code423n4
closed
1 year ago
2
Anyone can mint vault shares meant for only the `yieldFeeRecipient_` to themselves due to lack of access control in the Vault.mintYieldFee() function
#165
code423n4
closed
1 year ago
2
There's no access control on setDrawManager()
#164
code423n4
closed
1 year ago
2
Attacker can withdraw Tokens from the Reserve
#163
code423n4
closed
1 year ago
3
QA Report
#162
code423n4
closed
1 year ago
1
Analysis
#161
code423n4
opened
1 year ago
2
Anybody can mint shares using mintYieldFee without ever depositing
#160
code423n4
closed
1 year ago
2
Missing Condition Validator in claimPrizes function
#159
code423n4
closed
1 year ago
2
Griefing attack: Vault owner can prevert user claiming rewards
#158
code423n4
closed
1 year ago
2
Reserve can be withdrawn by malicious DrawManager
#157
code423n4
closed
1 year ago
1
Wrong formula in increasing yield fee balance
#156
code423n4
closed
1 year ago
4
don’t verify deadline
#155
code423n4
closed
1 year ago
1
When _mint is called in liquidate, the asset is not converted to shares
#154
code423n4
closed
1 year ago
2
Vault mintWithPermit will always fail
#153
code423n4
closed
1 year ago
2
User funds may be trapped in the `Vault` contract if he delegates to zero address
#152
code423n4
closed
1 year ago
3
Malicious liquidationPair can extract the liquidable balance via `Vault.liquidate()` without deposit any prize token to the prize pool
#151
code423n4
closed
1 year ago
7
Vault contribution calculations wrongly include the current round when claiming prizes
#150
code423n4
opened
1 year ago
3
Gas Optimizations
#149
code423n4
closed
1 year ago
1
Gas Optimizations
#148
code423n4
closed
1 year ago
1
Increasing reserves breaks PrizePool accounting
#147
code423n4
opened
1 year ago
4
QA Report
#146
code423n4
opened
1 year ago
5
`_claimExpansionThreshold` may not work.
#145
code423n4
closed
1 year ago
6
delegate() delegateBalance may be lost
#144
code423n4
closed
1 year ago
3
Loss of precision leads to undercollateralized
#143
code423n4
opened
1 year ago
3
mintYieldFee() Lack of permission control
#142
code423n4
closed
1 year ago
2
Delegating to address 0 is permanent action, user will not be able to undo it and will not be able to withdraw anymore
#141
code423n4
closed
1 year ago
3
The transaction of the Vault#`withdraw()` will be reverted if a user assign `0` into the `_assets` parameter and the yield source of the yieldVault would be the Aave V3
#140
code423n4
closed
1 year ago
5
Gas Optimizations
#139
code423n4
opened
1 year ago
2
The first depositor can manipulate exchange rate and steal funds from later depositors
#138
code423n4
closed
1 year ago
1
Possibility of incorrect balance calculation in `_accountedBalance()` Function
#137
code423n4
closed
1 year ago
1
First ERC4626 deposit can break share calculation
#136
code423n4
closed
1 year ago
1
Anyone can claim yield fee
#135
code423n4
closed
1 year ago
2
Calculation Inaccuracy in `_totalAssets()` Function
#134
code423n4
closed
1 year ago
2
deposit/mint in Vault does not allow expression of minimum acceptable output for user leading to potential principle loss from user due to MEV.
#133
code423n4
closed
1 year ago
6
withdraw/redeem in Vault does not allow expression of minimum acceptable output for user leading to potential principle loss from user due to MEV
#132
code423n4
closed
1 year ago
2
Due to no limitation how many prize indices of each winner stored in the `_prizeIndices` storage can be claimed in a single transaction, the transaction will be reverted due to reaching the gas limit in the for-loop in the Vault#`claimPrizes()`
#131
code423n4
closed
1 year ago
4
Yield fee is neither deducted from user's received shares nor transferred to _yieldFeeRecipient
#130
code423n4
closed
1 year ago
4
Previous
Next