code-423n4 2023-10-canto-findings issues

code-423n4 / 2023-10-canto-findings

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Lack of validation allows invalid ticks, impacting data integrity.

#257 c4-submissions closed 1 year ago
2
Lack of validation in accrued index allows excess rewards claim.

#256 c4-submissions closed 1 year ago
2
Time-weighted liquidity accounting assumes consecutive activity; double counting possible, needs validation.

#255 c4-submissions closed 1 year ago
3
Reentrancy is possible in `claim` functions, which call out via `.call()`.

#254 c4-submissions closed 1 year ago
4
Unbounded tick arrays; add max length check to prevent gas issues.

#253 c4-submissions closed 1 year ago
3
No `poolIdx` validation; arbitrary values can corrupt storage, require validation.

#252 c4-submissions closed 1 year ago
4
No access control on `protocolCmd` and `userCmd`; potential for abuse.

#251 c4-submissions closed 1 year ago
5
Race condition on `timeWeightedWeeklyGlobalConcLiquidityLastSet_` can lead to incorrect rewards.

#250 c4-submissions closed 1 year ago
3
Analysis

#249 c4-submissions closed 1 year ago
2
Gas Optimizations

#248 c4-submissions closed 1 year ago
2
Missing Access Control on `setConcRewards` and `setAmbRewards`

#247 c4-submissions closed 1 year ago
3
Analysis

#246 c4-submissions closed 1 year ago
2
deleted

#245 c4-submissions closed 1 year ago
1
QA Report

#244 c4-submissions opened 1 year ago
3
Use of flashloan to inflate timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] and timeWeightedWeeklyPositionAmbLiquidity_[poolIdx][posKey][currWeek]

#243 c4-submissions closed 1 year ago
3
QA Report

#242 c4-submissions opened 1 year ago
2
Unexpected behavior when settings rewards for existing pools or past/ongoing periods

#241 c4-submissions closed 1 year ago
3
Reward amounts are not checked to be correctly deposited

#240 c4-submissions opened 1 year ago
4
Rewards cannot be transferred when calling protocol command

#239 c4-submissions opened 1 year ago
5
Existing pools will be bricked due to uninitialized state

#238 c4-submissions closed 1 year ago
4
Gas Optimizations

#237 c4-submissions closed 1 year ago
2
Manipulation of Overall Liquidity Calculation

#236 c4-submissions closed 1 year ago
4
Potential denial of service due to out of bound gas usage

#235 c4-submissions closed 1 year ago
3
Users can receive different rewards for the same week as different users.

#234 c4-submissions closed 1 year ago
3
Gas Optimizations

#233 c4-submissions opened 1 year ago
2
Analysis

#232 c4-submissions closed 1 year ago
2
QA Report

#231 c4-submissions opened 1 year ago
2
Analysis

#230 c4-submissions opened 1 year ago
4
Timestamp Manipulation

#229 c4-submissions closed 1 year ago
3
`CrossTicks` is not called when Users `claimConcentratedRewards`.

#228 c4-submissions closed 1 year ago
5
The `protocolCmd` is permisionless but does not check if the user provide native tokens

#227 c4-submissions closed 1 year ago
9
Access control check in the `setAmbRewards` and `setAmbRewards` functions is missing

#226 c4-submissions closed 1 year ago
3
QA Report

#225 c4-submissions closed 1 year ago
2
Functions can be called directly externally

#224 c4-submissions closed 1 year ago
3
Gas Optimizations

#223 c4-submissions closed 1 year ago
2
Rounding error leading to no reward being sent

#222 c4-submissions closed 1 year ago
2
The while loop used in all the `accrueXXXPositionTimeWeightedLiquidity` function could make a call reach the block gas limit

#221 c4-submissions closed 1 year ago
6
QA Report

#220 c4-submissions opened 1 year ago
2
Gas Optimizations

#219 c4-submissions closed 1 year ago
2
accrueConcentratedPositionTimeWeightedLiquidity may revert under special situations

#218 c4-submissions closed 1 year ago
1
Logic Error

#217 c4-submissions closed 1 year ago
3
Event not emitted after sensitive action of setting new concentrated and ambient rewards.

#216 c4-submissions closed 1 year ago
2
accrueConcentratedPositionTimeWeightedLiquidity() can easily DOS due to the for loop in it

#215 c4-submissions closed 1 year ago
3
LiquidityMining.initTickTracking() called by MarketSequencer.initCurve() Check if the liquidity curve for the pool is already initialized.

#214 c4-submissions closed 1 year ago
3
Gas Optimizations

#213 c4-submissions closed 1 year ago
4
Gas Optimizations

#212 c4-submissions closed 1 year ago
2
QA Report

#211 c4-submissions closed 1 year ago
2
QA Report

#210 c4-submissions opened 1 year ago
3
LiquidityMining.claimConcentratedRewards() does not properly account user liquidity across ticks

#209 c4-submissions closed 1 year ago
3
Potential Arithmetic Overflow in Rewards Calculation

#208 c4-submissions closed 1 year ago
3

Previous Next