code-423n4 2023-09-delegate-findings issues

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Unchecked return value of low level

#387 c4-submissions closed 1 year ago
2
DelegateTokenRegistryHelpers::calculateDecreasedAmount() - Comment "Assumes the decreased amount won't underflow with "amount"", but it *can* underflow given the right value for parameter `decreaseAmount`, and is also inside unchecked {} block.

#386 c4-submissions closed 1 year ago
2
Unchecked return value of low level call()/delegatecall()

#385 c4-submissions closed 1 year ago
1
Analysis

#384 c4-submissions opened 1 year ago
2
No way to revoke Approval in DelegateToken.approve leads to un authorized calling of DelegateToken.transferFrom

#383 c4-submissions opened 1 year ago
9
The code uses assembly for memory allocation, which can be complex and prone to errors.

#382 c4-submissions closed 1 year ago
2
Gas Optimizations

#381 c4-submissions closed 1 year ago
3
Gas Optimizations

#380 c4-submissions opened 1 year ago
5
Gas Optimizations

#379 c4-submissions closed 1 year ago
1
Incorrect withdrawal amount for Rebasing/Inflationary/Deflationary tokens

#378 c4-submissions closed 1 year ago
3
Gas Optimizations

#377 c4-submissions closed 1 year ago
1
create function will DoS with ERC1155s.

#376 c4-submissions closed 1 year ago
4
Fee on Transfer tokens cause incorrect accounting

#375 c4-submissions closed 1 year ago
2
Impossible for the owner to change rights

#374 c4-submissions closed 1 year ago
5
Analysis

#373 c4-submissions closed 1 year ago
4
Gas Optimizations

#372 c4-submissions closed 1 year ago
1
Lack of Access Control On Flashloan

#371 c4-submissions closed 1 year ago
2
Gas Optimizations

#370 c4-submissions closed 1 year ago
1
QA Report

#369 c4-submissions opened 1 year ago
3
Analysis

#368 c4-submissions closed 1 year ago
2
Expiry time is of no use

#367 c4-submissions closed 1 year ago
4
Rebasing tokens not supported

#366 c4-submissions closed 1 year ago
4
QA Report

#365 c4-submissions closed 1 year ago
3
Gas Optimizations

#364 c4-submissions closed 1 year ago
2
QA Report

#363 c4-submissions closed 1 year ago
1
Gas Optimizations

#362 c4-submissions closed 1 year ago
1
Return value of ETH

#361 c4-submissions closed 1 year ago
2
Protocols does not work with fee-on-transfer ERC20 tokens

#360 c4-submissions closed 1 year ago
2
Sweep to ZERO address from DelegateRegistry

#359 c4-submissions closed 1 year ago
8
Gas Optimizations

#358 c4-submissions closed 1 year ago
1
QA Report

#357 c4-submissions opened 1 year ago
3
Approved operator can't use flashloan with ERC721 because it is not the owner of the token

#356 c4-submissions closed 1 year ago
4
use SafeMint instead of mint in PrincipalToken.sol

#355 c4-submissions closed 1 year ago
7
Any contract can call `DelegateToken.onERC1155Received` to update `erc1155PullAuthorization` and block the transfer.

#354 c4-submissions opened 1 year ago
9
QA Report

#353 c4-submissions opened 1 year ago
2
Unchecked Arithmetic Allows Nonce Replay

#352 c4-submissions closed 1 year ago
2
Gas Optimizations

#351 c4-submissions closed 1 year ago
2
Wrong input hash given to `decodeType` function in `CreateOffererHelpers` library

#350 c4-submissions closed 1 year ago
8
Delegation events are emitted even when the state has not changed

#349 c4-submissions closed 1 year ago
5
Malicious caller tcan o pass arrays with more than 1 element to exploit the contract

#348 c4-submissions closed 1 year ago
1
Lack of revert upon undefined delegation type in many places may change global state without doing anything

#347 c4-submissions closed 1 year ago
11
"rights" stored in memory is overwriting the memory block storing "from" and 32 bytes memory is given to store 20 byes long "contract_"

#346 c4-submissions closed 1 year ago
3
checkERC1155BeforePull Function in DelegateTokenTransferHelpers

#345 c4-submissions closed 1 year ago
2
Protocol will fail for ERC1155 tokens

#344 c4-submissions closed 1 year ago
4
Malicious users may grief the expiry date right before PrincipalToken is sold on the secondary market

#343 c4-submissions closed 1 year ago
5
QA Report

#342 c4-submissions closed 1 year ago
1
DelegateRegistry enumeration functions may break for big arrays of outgoing and incoming delegations

#341 c4-submissions closed 1 year ago
2
Gas Optimizations

#340 c4-submissions closed 1 year ago
2
No protection against conduit front-running

#339 c4-submissions closed 1 year ago
3
Missing Ownership Check in mint Function

#338 c4-submissions closed 1 year ago
1