issues
search
code-423n4
/
2023-08-goodentry-findings
3
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Analysis
#580
code423n4
closed
1 year ago
1
Missing flash loan initiator check allows attacker to open trades, close trades and steal funds
#579
code423n4
closed
1 year ago
4
slot0 is easily manipulatable
#578
code423n4
closed
1 year ago
2
QA Report
#577
code423n4
opened
1 year ago
2
GetVault `poolMatchesOracle` calculation may overflow
#576
code423n4
closed
1 year ago
3
Loop condition that might prevent the function from correctly detecting range overlaps
#575
code423n4
closed
1 year ago
3
Gas Optimizations
#574
code423n4
opened
1 year ago
1
certain token pairs will be calculated and valued incorrectly, preventing compounding fees
#573
code423n4
opened
1 year ago
6
QA Report
#572
code423n4
closed
1 year ago
1
Wrong calculation of debt in function close0 may lead to loss of funds.
#571
code423n4
closed
1 year ago
3
GeVault cannot deposit ETH
#570
code423n4
closed
1 year ago
2
QA Report
#569
code423n4
closed
1 year ago
2
`modifyTick` has no validation
#568
code423n4
closed
1 year ago
2
Flashloan excess debt is not sent to user
#567
code423n4
closed
1 year ago
3
getAnswer() will return the wrong price for asset if underlying aggregator hits minAnswer
#566
code423n4
closed
1 year ago
11
The protocol uses `IRouter01` from Uniswap, which should not be used anymore because of a bug found in the code
#565
code423n4
closed
1 year ago
4
call() should be used instead of transfer() on an address payable
#564
code423n4
closed
1 year ago
4
Forced close position
#563
code423n4
closed
1 year ago
6
Inflation attacks with virtual shares and assets on GeVault
#562
code423n4
closed
1 year ago
3
`initiator` in `OptionsPositionManager.executeOperation` is not checked
#561
code423n4
closed
1 year ago
2
An excess amount of debt remaining in the contract, potentially results in a loss of user funds.
#560
code423n4
opened
1 year ago
7
`swapExactTokensForTokens` and `swapTokensForExactTokens` in `OptionsPositionManager.sol` uses UniswapV2Router01 which doesn't exist on Arbitrum
#559
code423n4
closed
1 year ago
4
Analysis
#558
code423n4
closed
1 year ago
1
Missing check for equal length arrays in `executeOperation()`.
#557
code423n4
closed
1 year ago
2
Functions Not Considering ERC20 Transaction Fees
#556
code423n4
closed
1 year ago
3
QA Report
#555
code423n4
closed
1 year ago
1
Gas Optimizations
#554
code423n4
opened
1 year ago
1
user can be DOS from callling `TokenisableRange#deposit`
#553
code423n4
closed
1 year ago
3
GeVault#poolMatchesOracle is extemely easy to manipulate due to how it calculates underlying token balances
#552
code423n4
closed
1 year ago
2
Analysis
#551
code423n4
opened
1 year ago
1
Avoid the use of hard coded slippage
#550
code423n4
closed
1 year ago
2
Analysis
#549
code423n4
closed
1 year ago
1
`addDust` in `OptionsPositionManager.sol` can add way more tokens than expected in cases where the asset used has less decimals
#548
code423n4
closed
1 year ago
3
Gas Optimizations
#547
code423n4
closed
1 year ago
1
QA Report
#546
code423n4
closed
1 year ago
1
TokenisableRange.sol claimFee function allows more slippage than intended due to incorrect calculation
#545
code423n4
closed
1 year ago
3
the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.
#544
code423n4
closed
1 year ago
2
Lost yield due to using block.timestamp as deadline in swap(), increaseLiquidity() and decreaseLiquidity() (which also don't always have slippage checks)
#543
code423n4
closed
1 year ago
5
Potential Precision Loss in `claimFee()` due to Division Before Multiplication
#542
code423n4
closed
1 year ago
3
Contract will use the wrong price if the Chainlink registry returns price outside min/max range
#541
code423n4
closed
1 year ago
3
OptionsPositionManager.addDust function can cause reverts when the token decimals are greater than 20 or small enough to inflate dust amount
#540
code423n4
closed
1 year ago
2
QA Report
#539
code423n4
closed
1 year ago
2
Hardcoded slippage of 95% may not be ideal if liquidity is low or during market volatility, may result in revert when depositing or withdrawing
#538
code423n4
closed
1 year ago
2
The treasury address can be updated by the contract owner to point to a malicious address after deployment
#537
code423n4
closed
1 year ago
5
Unauthorized Access to Critical Functions in Smart Contract
#536
code423n4
closed
1 year ago
3
No slippage Protecting while adding liquidity to the pool
#535
code423n4
closed
1 year ago
7
executeOperation() doesn't pass/authenticate the initiator address
#534
code423n4
closed
1 year ago
2
cleanup() does not properly handle debt repayment
#533
code423n4
closed
1 year ago
3
`withdrawOptionAssets` in `OptionsPositionManager.sol` doesn't use any slippage protection on withdrawing liquidity from UniswapV3
#532
code423n4
closed
1 year ago
4
Calculations like valueX8 and liquidity do not account for potential rounding errors
#531
code423n4
closed
1 year ago
3
Next