issues
search
code-423n4
/
2023-08-pooltogether-findings
4
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 2 from #97 [1692009140035]
#180
c4-judge
closed
1 year ago
2
Upgraded Q -> 2 from #46 [1692007870612]
#179
c4-judge
closed
1 year ago
4
Analysis
#178
code423n4
closed
1 year ago
1
QA Report
#177
code423n4
closed
1 year ago
2
function rngComplete is unpprotected
#176
code423n4
closed
1 year ago
2
INCORRECT ACCESS CONTROL
#175
code423n4
closed
1 year ago
3
Gas Optimizations
#174
code423n4
closed
1 year ago
1
QA Report
#173
code423n4
closed
1 year ago
1
Analysis
#172
code423n4
closed
1 year ago
1
Lack of authentication in rngComplete
#171
code423n4
closed
1 year ago
2
Lack of check in `LiquidationPair.sol#_computePeriod()` can lead to DOS
#170
code423n4
closed
1 year ago
3
Re-org attack in factory `LiquidationPairFactory.sol`
#169
code423n4
closed
1 year ago
18
Gas Optimizations
#168
code423n4
closed
1 year ago
2
Incorrect Import Path Directories
#167
code423n4
closed
1 year ago
3
Unchecked Call Return Value
#166
code423n4
closed
1 year ago
3
Gas Optimizations
#165
code423n4
opened
1 year ago
1
QA Report
#164
code423n4
closed
1 year ago
2
Wrong Accruing executed in VaultBooster.sol
#163
code423n4
closed
1 year ago
7
No Single Event Emission present in the LiquidationPair.sol Contract
#162
code423n4
closed
1 year ago
5
REENTRANCY
#161
code423n4
closed
1 year ago
3
RemoteOwner Contract Bricked if setOriginChainOwner is called
#160
code423n4
closed
1 year ago
7
Analysis
#159
code423n4
opened
1 year ago
4
UNCHECKED TRANSFER
#158
code423n4
closed
1 year ago
3
Wrong Type for Time Related Variable
#157
code423n4
closed
1 year ago
3
Gas Optimizations
#156
code423n4
opened
1 year ago
1
QA Report
#155
code423n4
closed
1 year ago
2
RemoteOwner .execute should be payable
#154
code423n4
closed
1 year ago
6
removeFromAllTicks() withdraws all tick assets before deposit and withdraw re-deposit them creates a reentrancy attacks.
#153
code423n4
closed
1 year ago
3
Gas Optimizations
#152
code423n4
opened
1 year ago
1
Gas Optimizations
#151
code423n4
opened
1 year ago
1
The system is subjected to Cross-Contract Reentrancy due to Insufficient validation for tokens, source and liquidity Pairs
#150
code423n4
closed
1 year ago
3
QA Report
#149
code423n4
opened
1 year ago
2
Malicious `VaultBooster` owner can steal others user deposited funds
#148
code423n4
closed
1 year ago
5
RemoteOwner circular dependency at deployment time
#147
code423n4
opened
1 year ago
5
PRBMATH `SD59x18.exp()` reverts on hugely negative numbers.
#146
code423n4
opened
1 year ago
5
Analysis
#145
code423n4
opened
1 year ago
1
Calculations like valueX8 and liquidity do not account for potential rounding errors
#144
code423n4
closed
1 year ago
3
It is possible that function `rngComplete()` does not iterate through all rewards
#143
code423n4
closed
1 year ago
4
The treasury address can be updated by the contract owner to point to a malicious address after deployment
#142
code423n4
closed
1 year ago
3
Gas Optimizations
#141
code423n4
opened
1 year ago
1
Gas Optimizations
#140
code423n4
closed
1 year ago
1
Too many rewards are distributed when a draw is closed
#139
code423n4
opened
1 year ago
6
Missing access control in RngRelayAuction::rngComplete()
#138
code423n4
closed
1 year ago
2
QA Report
#137
code423n4
closed
1 year ago
2
rngComplete() function is vulnerable to an array out of bounds error
#136
code423n4
closed
1 year ago
4
Closing the draw will be compromised if the recipient reward is `address(0)`
#135
code423n4
closed
1 year ago
4
An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves
#134
code423n4
closed
1 year ago
3
The absence of proper Access Control in RngRelayAuction::rngComplete() enables anyone to prematurely conclude the Auction Process.
#133
code423n4
closed
1 year ago
2
integer underflow vulnerability in the _fractionalReward() function
#132
code423n4
closed
1 year ago
3
The @dev comments states that the setOriginChainOwner() function can only be called once, but it seems it can be called multiple times
#131
code423n4
closed
1 year ago
5
Next