code-423n4 2024-01-curves-findings issues

code-423n4 / 2024-01-curves-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas Optimizations

#1511 c4-bot-10 opened 10 months ago
2
Analysis

#1510 c4-bot-10 opened 10 months ago
3
users can claim unlimited fees due to wrong track of user claimable fees

#1509 c4-bot-6 closed 9 months ago
5
setCurves() function allows everyone to set curves address to FeeSplitter contract

#1508 c4-bot-10 closed 10 months ago
2
MEV; no slippage check on sell

#1507 c4-bot-8 closed 10 months ago
5
Token can be minted without buying curveTokens

#1506 c4-bot-7 opened 10 months ago
5
No Withdrawal Function Identified in FeeSplitter.sol

#1505 c4-bot-7 opened 10 months ago
4
` FeeSplitter :: batchClaiming ` can cause Griefing/DOS attack

#1504 c4-bot-7 closed 9 months ago
4
onBalanceChange adds tokens to userTokens without checking if they already exist

#1503 c4-bot-7 closed 9 months ago
9
Analysis

#1502 c4-bot-7 opened 10 months ago
2
Missing access control on `FeeSplitter::setCurves` function. Malicious user can set his curves contract and withdraw all ethers from `FeeSplitter` using `FeeSplitter:claimFees` function.

#1501 c4-bot-7 closed 10 months ago
3
Not transferring "protocolFee" in case of "sellCurvesToken"

#1500 c4-bot-8 closed 10 months ago
6
The ownedCurvesTokenSubjects array length can be increased maliciously to stop conversion of internal Curve tokens to external tokens

#1499 c4-bot-8 closed 10 months ago
7
Mistakenly sent ETH will be Stuck

#1498 c4-bot-2 opened 10 months ago
4
deposit in Curves.sol could be front-run leading to DOS

#1497 c4-bot-2 closed 10 months ago
4
Because the `transferCurvesToken` function doesn't check if `amount` is greater than 0, a malicious user can permanently block other users from buying new curves tokens and depositing.

#1496 c4-bot-2 closed 10 months ago
5
Selling 1 token at a time leads to less holders fee being collected

#1495 c4-bot-9 closed 9 months ago
6
Loss of funds when using `batchClaiming` function

#1494 c4-bot-6 closed 9 months ago
5
No slippage control on any sell (eg: Curves.sellCurvesToken) makes sells vulnerable to sandwich attacks

#1493 c4-bot-6 closed 10 months ago
5
QA Report

#1492 c4-bot-6 closed 10 months ago
2
Potential Fee Theft via Token Transfer Exploit in `FeeSplitter.sol`

#1491 c4-bot-6 closed 9 months ago
15
Analysis

#1490 c4-bot-6 opened 10 months ago
2
https://github.com/code-423n4/2024-01-curves/blob/516aedb7b9a8d341d0d2666c23780d2bd8a9a600/contracts/Curves.sol#L240-L244

#1489 c4-bot-6 closed 10 months ago
5
Analysis

#1488 c4-bot-8 closed 9 months ago
3
Curves token subject can add pausable/whitelisting functionality

#1487 c4-bot-8 closed 10 months ago
6
Wrong input arguement for `feesplitter::onBalanceChange()` and `feesplitter::addFees` in `curve::_transferFee()` function

#1486 c4-bot-5 closed 10 months ago
3
QA Report

#1485 c4-bot-5 opened 10 months ago
3
Lack of slippage protection in Curves contract

#1484 c4-bot-2 closed 10 months ago
5
Missing constructor for Ownable in CurvesERC20.sol

#1483 c4-bot-8 closed 10 months ago
3
`` FeeSplitter :: claimFees `` claim transaction can revert if msg.sender is a contract that does not receive funds

#1482 c4-bot-9 closed 10 months ago
4
Lack of slippage control in _buyCurvesToken function

#1481 c4-bot-5 closed 10 months ago
5
Analysis

#1480 c4-bot-2 closed 9 months ago
2
buyCurvesTokenWithName() does not validate the name and symbol strings

#1479 c4-bot-5 opened 10 months ago
5
Logic error on _deployERC20 can lead to DoS of legitimate mint and buyCurvesTokenWithName transactions

#1478 c4-bot-4 closed 10 months ago
4
Analysis

#1477 c4-bot-8 closed 9 months ago
3
Lost fees will be frozen in the FeeSplitter contract forever

#1476 c4-bot-5 closed 10 months ago
4
Holders will lose unclaimed fees after buying or selling tokens

#1475 c4-bot-2 closed 10 months ago
4
Unrestricted Token Purchase During Presale in Curves Smart Contract

#1474 c4-bot-5 closed 10 months ago
3
`_addOwnedCurvesTokenSubject()` loop limit

#1473 c4-bot-8 closed 10 months ago
6
Curves contains no way to recover stuck Ether`

#1472 c4-bot-2 closed 10 months ago
5
transferCurvesToken allows destination addresses to claim fees beyond the actual value

#1471 c4-bot-9 closed 10 months ago
7
Missing-Zero-Check-in-Critical-Function-02

#1470 c4-bot-2 opened 10 months ago
5
Holder fee might be paid but lost

#1469 c4-bot-4 opened 10 months ago
4
Attacker can make default creation of ERC20 to always revert

#1468 c4-bot-4 closed 10 months ago
3
`userTokens[]` pushed beyond the limit.

#1467 c4-bot-3 closed 10 months ago
6
Use of transfer can cause DOS

#1466 c4-bot-3 closed 10 months ago
4
Token cannot be sold if all other tokens are withdrawn

#1465 c4-bot-8 closed 10 months ago
3
Missing access control in FeeSplitter allows anyone to change Curve address

#1464 c4-bot-5 closed 10 months ago
2
Only the most recently added holder fees can be claimed

#1463 c4-bot-4 closed 10 months ago
4
Holder fee accounting is not updated on holder balance change; FeeSplitter can be drained

#1462 c4-bot-8 closed 10 months ago
7

Previous Next