issues
search
code-423n4
/
2023-12-autonolas-findings
3
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 3 from #146 [1706014097180]
#461
c4-judge
closed
8 months ago
2
QA Report
#459
c4-bot-1
closed
8 months ago
2
Gas Optimizations
#458
c4-bot-7
closed
8 months ago
2
Functions that send Ether to arbitrary destinations
#457
c4-bot-8
closed
8 months ago
3
Analysis
#456
c4-bot-1
closed
8 months ago
3
claimOwnerIncentives x depositServiceDonationsETH x checkpoint x-entrancy Attack to get instant topups
#455
c4-bot-7
closed
8 months ago
3
QA Report
#454
c4-bot-8
opened
9 months ago
2
Gas Optimizations
#453
c4-bot-1
closed
8 months ago
2
Withdraw amount returned by `getLiquidityAmountsAndPositions` may be incorrect
#452
c4-bot-1
opened
9 months ago
6
MALICIOUS USER CAN `DoS` A NORMAL USER FROM LOCKING THE `OLAS` TOKENS FOR A SHORTER PERIOD OF TIME, TO GET VOTING POWER
#451
c4-bot-1
closed
8 months ago
5
Silent failure in user reward transfer in `Treasury.withdrawToAccount()` can lead to loss of rewards
#450
c4-bot-1
closed
8 months ago
6
Service owners can accrue OLAS top-ups even when donating to their own services
#449
c4-bot-1
closed
8 months ago
3
Reliance on unknown `governorCheckProposalId` is a potential backdoor and risks loss of critical function control
#448
c4-bot-8
closed
8 months ago
3
Potential inaccurate calculation of `maxBond` and `effectiveBond` in case of delayed call to `checkpoint()`
#447
c4-bot-4
closed
8 months ago
5
Analysis
#446
c4-bot-5
opened
9 months ago
4
Permanent DOS in `liquidity_lockbox` for under $10
#445
c4-bot-6
opened
9 months ago
3
LP rewards in `liquidity_lockbox` can be arbitraged
#444
c4-bot-4
opened
9 months ago
3
Griefing attack on `liquidity_lockbox` withdrawals due to lack of minimum deposit
#443
c4-bot-10
opened
9 months ago
4
[M2] DrainServicesSlashedFunds has not check for received funds
#442
c4-bot-10
closed
8 months ago
2
GovernorOLAS is susceptible to DOS via proposal frontrunning
#441
c4-bot-10
closed
9 months ago
3
CM can exploit a pause in `GuardCM` to gain permanent unrestricted access
#440
c4-bot-10
closed
8 months ago
6
Analysis
#439
c4-bot-10
closed
8 months ago
3
Gas Optimizations
#438
c4-bot-10
closed
8 months ago
2
CM can `delegatecall` to any address and bypass all restrictions
#437
c4-bot-10
opened
9 months ago
3
`Tokenomics.checkpoint()` may be called on implementation contract directly
#436
c4-bot-6
opened
9 months ago
3
In `FxERC20RootTunnel`, there is no option to get bridged tokens back in case the transaction can not be executed on L2
#435
c4-bot-1
closed
8 months ago
2
Gas Optimizations
#434
c4-bot-1
closed
8 months ago
2
Change owner() function can pass in wrong address and authorize malicious user in Treasury.sol
#433
c4-bot-2
closed
8 months ago
4
Decisionmaking in the DAO is to slow which results in the DAO not been able to use the `CANCELLER_ROLE` properly
#432
c4-bot-2
closed
8 months ago
2
Olas can be locked less than 1 week
#431
c4-bot-3
closed
8 months ago
2
Leap year not accounted for OLAS and veOLAS contract
#430
c4-bot-3
closed
8 months ago
4
[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack
#429
c4-bot-9
closed
8 months ago
2
NO access control in decreaseAllowance and increaseAllowance
#428
c4-bot-6
closed
8 months ago
3
In tokenomics,sol, anyone can become admin and can at the same time alter the values of all input paramaters of the initializeTokenomics() function.
#427
c4-bot-3
closed
9 months ago
3
Gas Optimizations
#426
c4-bot-6
closed
8 months ago
2
Analysis
#425
c4-bot-6
closed
8 months ago
2
QA Report
#424
c4-bot-1
closed
8 months ago
2
Changing the `quorumNumerator` should not be only possible by the governance
#423
c4-bot-7
closed
8 months ago
5
use of 0.8.20
#422
c4-bot-1
closed
8 months ago
2
THE EXECUTION OF THE GOVERNANCE ACTIONS (CONTINOUS TRANSACTIONS PACKED TOGETHER) ON GNOSIS CHAIN COULD `DoS`, IF A SINGLE MALICIOUS `target` CONTRACT REVERTS THE TRANSACTION
#421
c4-bot-1
closed
8 months ago
3
[H1] Custom upgrade functionality is dangerous
#420
c4-bot-7
closed
8 months ago
2
Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals
#419
c4-bot-8
closed
8 months ago
2
A MALICIOUS USER CAN FRONT RUN AND EXECUTE THE `Tokenomics.initializeTokenomics` TRANSACTION TO BECOME THE OWNER OF THE `Tokenomics` CONTRACT
#418
c4-bot-4
closed
8 months ago
3
The Treasury.sol contract changes the address for the different manager contract in one function call.
#417
c4-bot-1
closed
9 months ago
3
Gas Optimizations
#416
c4-bot-9
opened
9 months ago
2
Signatures can be replayed to cast with castVoteWithReasonAndParamsBySig() more votes than the user intended in GovernorOLAS
#415
c4-bot-5
closed
8 months ago
4
Gas Optimizations
#414
c4-bot-1
closed
8 months ago
2
Analysis
#413
c4-bot-4
closed
8 months ago
2
Gas Optimizations
#412
c4-bot-1
opened
9 months ago
2
Gas Optimizations
#411
c4-bot-1
opened
9 months ago
2
Next