issues
search
code-423n4
/
2023-09-asymmetry-findings
2
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 2 from #70 [1696570151963]
#75
c4-judge
closed
12 months ago
10
Upgraded Q -> 2 from #70 [1696570029024]
#74
c4-judge
closed
1 year ago
3
Upgraded Q -> 2 from #5 [1696399338071]
#72
c4-judge
closed
1 year ago
3
Analysis
#71
c4-submissions
opened
1 year ago
1
QA Report
#70
c4-submissions
opened
1 year ago
5
Analysis
#69
c4-submissions
opened
1 year ago
5
Gas Optimizations
#68
c4-submissions
opened
1 year ago
1
QA Report
#67
c4-submissions
opened
1 year ago
3
`sellCVX(0)` reverts
#66
c4-submissions
closed
1 year ago
4
`VotiumStrategyCore.applyRewards()` leaves unlimited allowance on tokens.
#65
c4-submissions
closed
1 year ago
9
`VotiumStrategy.price()` does not validate Chainlink response
#64
c4-submissions
closed
1 year ago
11
`VotiumStrategy.requestWithdraw()` does not account for immediately possible withdrawals
#63
c4-submissions
closed
1 year ago
4
Intrinsic arbitrage from price discrepancy
#62
c4-submissions
opened
1 year ago
9
No slippage protection on rewards deposits
#61
c4-submissions
closed
1 year ago
12
Unsafe use of `balanceOf(address(this))`
#60
c4-submissions
closed
1 year ago
5
Incorrect `AfEth.price()` calculation
#59
c4-submissions
closed
1 year ago
4
Inflation attack
#58
c4-submissions
opened
1 year ago
27
Gas Optimizations
#57
c4-submissions
opened
1 year ago
3
QA Report
#56
c4-submissions
opened
1 year ago
4
AfEth collaterals cannot be balanced after ratio is changed
#55
c4-submissions
opened
1 year ago
33
Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value
#54
c4-submissions
opened
1 year ago
3
Feature to recover stuck tokens is too permissive and could be used to remove CVX tokens
#53
c4-submissions
opened
1 year ago
6
`cvxPerVotium()` calculation will return zero if all CVX tokens are pending withdrawal as obligations
#52
c4-submissions
closed
1 year ago
8
Snapshot delegation cannot be cleared or modified
#51
c4-submissions
opened
1 year ago
10
Forced relock in VotiumStrategy withdrawal causes denial of service if Convex locking contract is shutdown
#50
c4-submissions
opened
1 year ago
4
VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process
#49
c4-submissions
opened
1 year ago
9
Inefficient reward split could cause unbalanced ratio and favor SafEth staking
#48
c4-submissions
opened
1 year ago
16
Weird ERC20 tokens that are used as rewards from Votium will get stuck in the `VotiumStrategy` contract
#47
c4-submissions
opened
1 year ago
8
Uninitialized protocol fee address could cause loss of funds
#46
c4-submissions
opened
1 year ago
8
Reward sandwiching in VotiumStrategy
#45
c4-submissions
opened
1 year ago
3
Inefficient reward compounding in Votium Strategy
#44
c4-submissions
opened
1 year ago
11
Missing deadline check for AfEth actions
#43
c4-submissions
opened
1 year ago
6
Missing storage gap in AbstractStrategy may affect contract upgradeability
#42
c4-submissions
opened
1 year ago
12
Missing slippage control while depositing rewards in SafEth and VotiumStrategy
#41
c4-submissions
closed
1 year ago
14
Percentage calculation could leave unused ETH leftovers in AfEth deposit
#40
c4-submissions
opened
1 year ago
10
Missing slippage control when directly interacting with the VotiumStrategy contract
#39
c4-submissions
closed
1 year ago
13
Lack of access control and value validation in the reward flow exposes functions to public access
#38
c4-submissions
opened
1 year ago
32
AfEth price calculation doesn't factor locked tokens held in contract balance
#37
c4-submissions
closed
1 year ago
5
Zero amount withdrawals of SafEth or Votium will brick the withdraw process
#36
c4-submissions
opened
1 year ago
12
Inflation attack in VotiumStrategy
#35
c4-submissions
opened
1 year ago
20
AfEth deposits could use price data from an invalid Chainlink response
#34
c4-submissions
opened
1 year ago
6
Direct depositors in the Votium strategy will lose rewards when these are routed to SafEth
#33
c4-submissions
opened
1 year ago
22
Analysis
#32
c4-submissions
opened
1 year ago
2
Missing circuit breaker checks in `ethPerCvx()` for Chainlink's price feed
#31
c4-submissions
opened
1 year ago
4
Withdrawal requests do not check if the amount of unlockable CVX is sufficient for withdrawals
#30
c4-submissions
closed
1 year ago
2
Withdrawals will be permanently DOSed if VLCVX's owner decides to shutdown the contract
#29
c4-submissions
closed
1 year ago
3
Users can `deposit()` even when Chainlink's price feed for CVX is stale
#28
c4-submissions
closed
1 year ago
4
Missing `__ERC20_init()` call in `AfEth`'s `initialize()` function
#27
c4-submissions
opened
1 year ago
7
Sole depositor in the `VotiumStrategy` contract can inflate `cvxPerVotium()` to steal subsequent deposits
#26
c4-submissions
closed
12 months ago
13
`price()` in `AfEth.sol` doesn't take afEth held for pending withdrawals into account
#25
c4-submissions
opened
1 year ago
7
Next