code-423n4 2023-10-opendollar-findings issues

code-423n4 / 2023-10-opendollar-findings

10 stars 7 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`CamelotRelayer` & `UniV3Relayer` will return incorrect result if baseToken & quoteToken have different decimals

#400 c4-submissions closed 1 year ago
4
Camelot Relayer using wrong CAMELOT_V3_FACTORY address !

#399 c4-submissions closed 1 year ago
4
Inconsistent Ownership Transfer Affects Protocol Functionality

#398 c4-submissions closed 1 year ago
4
Incorrect Factory Addresses in UniV3Relayer & CamelotRelayer Contracts

#397 c4-submissions closed 1 year ago
3
Authorized Safe Handlers Can Pass on Safe Management Permissions in `ODSafeManager::allowSAFE` Function

#396 c4-submissions closed 1 year ago
3
Lack of contract existence check of _target before delegatecall will result in unexpected behavior

#395 c4-submissions closed 1 year ago
4
QA Report

#394 c4-submissions closed 1 year ago
2
`ODSafeManager.transferSAFEOwnership()` function doesn't revoke old permission leading to manipulate

#393 c4-submissions closed 1 year ago
5
QA Report

#392 c4-submissions opened 1 year ago
2
ODProxy is flawed due to delegatecall to ODSafeManager which render system inoperable

#391 c4-submissions closed 1 year ago
5
QA Report

#390 c4-submissions closed 1 year ago
2
Integer Overflow Risk in Financial Calculation

#389 c4-submissions closed 1 year ago
3
The CamelotRelayer does not work with the Uniswap OracleLibrary

#388 c4-submissions closed 1 year ago
3
ODGovernor contract may incorrectly execute submitted proposals

#387 c4-submissions closed 1 year ago
3
Gas Optimizations

#386 c4-submissions opened 1 year ago
4
QA Report

#385 c4-submissions opened 1 year ago
4
AccountingEngine can only transfer a maximum of 1% of the surplus to the designated extraSurplusReceiver

#384 c4-submissions closed 1 year ago
5
During Safe Transfer, the Receiving User Loses Control of the Safe, Resulting in the Safe Being Lost

#383 c4-submissions closed 1 year ago
4
Old permissions in handlerCan mapping are still attached to the safeHandler of a transferred safe

#382 c4-submissions opened 1 year ago
12
Updating `SafeManager` address in the `Vault721` will disable NFV minting

#381 c4-submissions opened 1 year ago
9
`ODProxy` contract can't grant `safeRights` (can't change the state of the called contracts) which will disable generating debts functionality

#380 c4-submissions closed 1 year ago
7
The protocol uses a vulnerable `GovernorCompatibilityBravo` version

#379 c4-submissions closed 1 year ago
3
`initializeRenderer` in `Vault721` can be called by anyone.

#378 c4-submissions closed 1 year ago
4
The manager of `AccountingEngine` contract can bypass the disabled contracts in the system

#377 c4-submissions opened 1 year ago
6
Gas Optimizations

#376 c4-submissions closed 1 year ago
3
No check on the SAFEs collateral types if matching when moving SAFE collateral and debt

#375 c4-submissions opened 1 year ago
4
Lack of event emission after updating sensitive contract addresses ' safeManager ' and ' nftRenderer '

#374 c4-submissions closed 1 year ago
6
Unauthorized Delegation of `allowSAFE()` Function Leads to Bypassing Owner Oversight

#373 c4-submissions closed 1 year ago
3
`BasicActions.lockTokenCollateral` allows locking collateral different from `safe.cType`

#372 c4-submissions opened 1 year ago
8
Mismatch between the SAFE generated debt and the amount of the system tokens minted for the user

#371 c4-submissions opened 1 year ago
7
`BasicActions._getGeneratedDeltaDebt` function is not rounding up the `_deltaDebt` as intended

#370 c4-submissions opened 1 year ago
9
`ODGovernor.propose` function: anyone with zero voting weight can add proposals

#369 c4-submissions closed 1 year ago
7
Scaling Issue in AccountingEngine.auctionSurplus Causing Token Drains

#368 c4-submissions closed 1 year ago
3
Same entity can create multiple safes which can warrant a Sybil attack on the protocol

#367 c4-submissions closed 1 year ago
6
Analysis

#366 c4-submissions closed 1 year ago
2
`Vault721` contract: unprotected initializers

#365 c4-submissions opened 1 year ago
4
QA Report

#364 c4-submissions closed 1 year ago
2
initializeRenderer() can be called by anyone

#363 c4-submissions closed 1 year ago
4
Updating `ODSafeManager` address in the `Vault721` will disable rendering SAFEs that were created by the previous `ODSafeManager` contract

#362 c4-submissions closed 1 year ago
7
SafeID's ownership is not checked properly in `BasicAction.generateDebt()`

#361 c4-submissions closed 1 year ago
5
Missing updating `nftRenderer` implementation when `SafeManager` address is updated in the `Vault721` contract

#360 c4-submissions closed 1 year ago
5
Users can create SAFEs with any collateral type `_cType`

#359 c4-submissions opened 1 year ago
4
Users can be tricked to buy safes with status different than advertized

#358 c4-submissions opened 1 year ago
7
Gas Optimizations

#357 c4-submissions opened 1 year ago
3
Malicious Safe Manager can be set for NFT Vault by anyone

#356 c4-submissions closed 1 year ago
4
Critical Integer Overflow Vulnerability in BasicActions Contract

#355 c4-submissions closed 1 year ago
5
Inconsistent block.number on Arbitrum leading to easy to manipulate voting

#354 c4-submissions closed 1 year ago
4
`initializeManager()` of vault721 contract can be frontrun

#353 c4-submissions closed 1 year ago
4
QA Report

#352 c4-submissions closed 1 year ago
2
Analysis

#351 c4-submissions opened 1 year ago
2

Previous Next