code-423n4 2023-07-tapioca-findings issues

code-423n4 / 2023-07-tapioca-findings

15 stars 10 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

USDT approval racing can lead to DoS

#1698 code423n4 closed 1 year ago
3
Analysis

#1697 code423n4 opened 1 year ago
1
Missing access control override in BoringFactory

#1696 code423n4 closed 1 year ago
3
TOFT in (m)TapiocaOft contracts can be stolen by calling removeCollateral() with a malicious removeParams.market

#1695 code423n4 opened 1 year ago
3
Analysis

#1694 code423n4 closed 1 year ago
1
Balancer swap fee is not set and quote properly when Rebalancing

#1693 code423n4 closed 1 year ago
3
QA Report

#1692 code423n4 closed 1 year ago
1
QA Report

#1691 code423n4 opened 1 year ago
2
QA Report

#1690 code423n4 opened 1 year ago
1
QA Report

#1689 code423n4 opened 1 year ago
1
Direct claim of convex rewards causes rewards to get stuck

#1688 code423n4 closed 1 year ago
5
Add access control to inti constructor like function

#1687 code423n4 closed 1 year ago
2
Gas Optimizations

#1686 code423n4 opened 1 year ago
3
Miusing empty string insteaf of oracleData in updateExchangeRate

#1685 code423n4 closed 1 year ago
6
Gas Optimizations

#1684 code423n4 closed 1 year ago
1
QA Report

#1683 code423n4 opened 1 year ago
1
The USDOOptionsModule contract's exercise function allows for dangerous call delegation

#1682 code423n4 closed 1 year ago
2
QA Report

#1681 code423n4 opened 1 year ago
1
Loss of Funds when user wants to repay debt and underflow in _repay () function

#1680 code423n4 closed 1 year ago
3
QA Report

#1679 code423n4 opened 1 year ago
1
Incorrect parameter for getCallerReward might return 0 reward despite insolvency

#1678 code423n4 closed 1 year ago
2
borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

#1677 code423n4 closed 1 year ago
3
Yearn Stragety tolerant 0 loss, which is too strict and can block withdraw

#1676 code423n4 closed 1 year ago
2
Analysis

#1675 code423n4 opened 1 year ago
3
Re-entrancy in flash minting USDO can bypass max checks

#1674 code423n4 closed 1 year ago
2
Incorrect parameter for allowedBorrow when repaying

#1673 code423n4 closed 1 year ago
2
Gas Optimizations

#1672 code423n4 closed 1 year ago
1
QA Report

#1671 code423n4 opened 1 year ago
1
QA Report

#1670 code423n4 opened 1 year ago
2
Possibly wrong parameters for Stargate router swap methods can lead to user fund loss

#1669 code423n4 closed 1 year ago
3
Gas Optimizations

#1668 code423n4 closed 1 year ago
1
Setting debtStartPoint > 0 breaks many BigBang actions

#1667 code423n4 closed 1 year ago
3
Analysis

#1666 code423n4 opened 1 year ago
1
QA Report

#1665 code423n4 closed 1 year ago
1
AirdropBroker.sol#L442 :` _participatePhase3` - `PHASE_3_AMOUNT_PER_USER` should be multiplied by 1e18

#1664 code423n4 closed 1 year ago
2
ConvexTriCryptoStrategy might not compound all rewards

#1663 code423n4 closed 1 year ago
2
Gas Optimizations

#1662 code423n4 opened 1 year ago
1
Lack of slippage checks on public withdraw fees function

#1661 code423n4 closed 1 year ago
3
BigBang liquidations causes YieldBox-tokens to be locked in contract

#1660 code423n4 closed 1 year ago
5
Analysis

#1659 code423n4 closed 1 year ago
1
QA Report

#1658 code423n4 opened 1 year ago
2
Controlled Delegatecall Vulnerability in Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule

#1657 code423n4 closed 1 year ago
6
Gas Optimizations

#1656 code423n4 opened 1 year ago
1
Missing validation checks on sending non blocking LZ payload

#1655 code423n4 closed 1 year ago
3
The USDOMarketModule contract's lend function allows for dangerous call delegation

#1654 code423n4 closed 1 year ago
3
Incorrect Interest Accrual Calculation in 'SGLCommon' Contract

#1653 code423n4 closed 1 year ago
3
Reentrancy vulnerability in BaseUSDO._executeModule() function

#1652 code423n4 closed 1 year ago
3
aoTAP.sol : `brokerClaim()` can be called by anyone as soon as the contract is deployed.

#1651 code423n4 closed 1 year ago
3
Signature Validation Bypass in 'permit' Function of MarketERC20.sol

#1650 code423n4 closed 1 year ago
3
Analysis

#1649 code423n4 opened 1 year ago
1