code-423n4 2023-12-autonolas-findings issues

code-423n4 / 2023-12-autonolas-findings

3 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 3 from #146 [1706014097180]

#461 c4-judge closed 8 months ago
2
QA Report

#459 c4-bot-1 closed 8 months ago
2
Gas Optimizations

#458 c4-bot-7 closed 8 months ago
2
Functions that send Ether to arbitrary destinations

#457 c4-bot-8 closed 8 months ago
3
Analysis

#456 c4-bot-1 closed 8 months ago
3
claimOwnerIncentives x depositServiceDonationsETH x checkpoint x-entrancy Attack to get instant topups

#455 c4-bot-7 closed 8 months ago
3
QA Report

#454 c4-bot-8 opened 9 months ago
2
Gas Optimizations

#453 c4-bot-1 closed 8 months ago
2
Withdraw amount returned by `getLiquidityAmountsAndPositions` may be incorrect

#452 c4-bot-1 opened 9 months ago
6
MALICIOUS USER CAN `DoS` A NORMAL USER FROM LOCKING THE `OLAS` TOKENS FOR A SHORTER PERIOD OF TIME, TO GET VOTING POWER

#451 c4-bot-1 closed 8 months ago
5
Silent failure in user reward transfer in `Treasury.withdrawToAccount()` can lead to loss of rewards

#450 c4-bot-1 closed 8 months ago
6
Service owners can accrue OLAS top-ups even when donating to their own services

#449 c4-bot-1 closed 8 months ago
3
Reliance on unknown `governorCheckProposalId` is a potential backdoor and risks loss of critical function control

#448 c4-bot-8 closed 8 months ago
3
Potential inaccurate calculation of `maxBond` and `effectiveBond` in case of delayed call to `checkpoint()`

#447 c4-bot-4 closed 8 months ago
5
Analysis

#446 c4-bot-5 opened 9 months ago
4
Permanent DOS in `liquidity_lockbox` for under $10

#445 c4-bot-6 opened 9 months ago
3
LP rewards in `liquidity_lockbox` can be arbitraged

#444 c4-bot-4 opened 9 months ago
3
Griefing attack on `liquidity_lockbox` withdrawals due to lack of minimum deposit

#443 c4-bot-10 opened 9 months ago
4
[M2] DrainServicesSlashedFunds has not check for received funds

#442 c4-bot-10 closed 8 months ago
2
GovernorOLAS is susceptible to DOS via proposal frontrunning

#441 c4-bot-10 closed 9 months ago
3
CM can exploit a pause in `GuardCM` to gain permanent unrestricted access

#440 c4-bot-10 closed 8 months ago
6
Analysis

#439 c4-bot-10 closed 8 months ago
3
Gas Optimizations

#438 c4-bot-10 closed 8 months ago
2
CM can `delegatecall` to any address and bypass all restrictions

#437 c4-bot-10 opened 9 months ago
3
`Tokenomics.checkpoint()` may be called on implementation contract directly

#436 c4-bot-6 opened 9 months ago
3
In `FxERC20RootTunnel`, there is no option to get bridged tokens back in case the transaction can not be executed on L2

#435 c4-bot-1 closed 8 months ago
2
Gas Optimizations

#434 c4-bot-1 closed 8 months ago
2
Change owner() function can pass in wrong address and authorize malicious user in Treasury.sol

#433 c4-bot-2 closed 8 months ago
4
Decisionmaking in the DAO is to slow which results in the DAO not been able to use the `CANCELLER_ROLE` properly

#432 c4-bot-2 closed 8 months ago
2
Olas can be locked less than 1 week

#431 c4-bot-3 closed 8 months ago
2
Leap year not accounted for OLAS and veOLAS contract

#430 c4-bot-3 closed 8 months ago
4
[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack

#429 c4-bot-9 closed 8 months ago
2
NO access control in decreaseAllowance and increaseAllowance

#428 c4-bot-6 closed 8 months ago
3
In tokenomics,sol, anyone can become admin and can at the same time alter the values of all input paramaters of the initializeTokenomics() function.

#427 c4-bot-3 closed 9 months ago
3
Gas Optimizations

#426 c4-bot-6 closed 8 months ago
2
Analysis

#425 c4-bot-6 closed 8 months ago
2
QA Report

#424 c4-bot-1 closed 8 months ago
2
Changing the `quorumNumerator` should not be only possible by the governance

#423 c4-bot-7 closed 8 months ago
5
use of 0.8.20

#422 c4-bot-1 closed 8 months ago
2
THE EXECUTION OF THE GOVERNANCE ACTIONS (CONTINOUS TRANSACTIONS PACKED TOGETHER) ON GNOSIS CHAIN COULD `DoS`, IF A SINGLE MALICIOUS `target` CONTRACT REVERTS THE TRANSACTION

#421 c4-bot-1 closed 8 months ago
3
[H1] Custom upgrade functionality is dangerous

#420 c4-bot-7 closed 8 months ago
2
Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals

#419 c4-bot-8 closed 8 months ago
2
A MALICIOUS USER CAN FRONT RUN AND EXECUTE THE `Tokenomics.initializeTokenomics` TRANSACTION TO BECOME THE OWNER OF THE `Tokenomics` CONTRACT

#418 c4-bot-4 closed 8 months ago
3
The Treasury.sol contract changes the address for the different manager contract in one function call.

#417 c4-bot-1 closed 9 months ago
3
Gas Optimizations

#416 c4-bot-9 opened 9 months ago
2
Signatures can be replayed to cast with castVoteWithReasonAndParamsBySig() more votes than the user intended in GovernorOLAS

#415 c4-bot-5 closed 8 months ago
4
Gas Optimizations

#414 c4-bot-1 closed 8 months ago
2
Analysis

#413 c4-bot-4 closed 8 months ago
2
Gas Optimizations

#412 c4-bot-1 opened 9 months ago
2
Gas Optimizations

#411 c4-bot-1 opened 9 months ago
2