code-423n4 2024-01-init-capital-invitational-findings issues

code-423n4 / 2024-01-init-capital-invitational-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #36 [1707801162956]

#41 c4-judge closed 7 months ago
2
safeApprove() reverts if the allowance is bigger than 0 and it is called with non 0 amount

#39 c4-bot-1 closed 8 months ago
5
QA Report

#38 c4-bot-2 opened 8 months ago
3
Specifying a farm in Masterchef which accepts MOE or the reward token as LP would break rewards accounting

#37 c4-bot-10 opened 8 months ago
6
QA Report

#36 c4-bot-6 opened 8 months ago
2
MarginTradingHook users could potentially be DOSed

#35 c4-bot-6 opened 8 months ago
7
MarginTradingHook#updateOrder lacks access control

#34 c4-bot-5 opened 8 months ago
4
Gas Optimizations

#33 c4-bot-4 opened 8 months ago
3
WLpMoeMasterChef allows owner of nft to withdraw all balance before selling nft

#32 c4-bot-5 opened 8 months ago
6
Analysis

#31 c4-bot-2 opened 8 months ago
2
No ability to withdraw in case of emergency in merchant moe

#30 c4-bot-9 closed 8 months ago
3
Possible to update order of another user

#29 c4-bot-7 closed 8 months ago
3
No slippage control for fill order

#28 c4-bot-6 closed 8 months ago
3
MarginTradingHook.fillOrder calculates repay amt incorrectly

#27 c4-bot-4 closed 8 months ago
1
Attacker can prevent full decreasing of position by repaying small debt share

#26 c4-bot-2 closed 8 months ago
1
CloseExactOut swap can be rejected by attacker

#25 c4-bot-4 closed 8 months ago
3
Anyone can update other user's order inside `MarginTradingHook`

#24 c4-bot-9 closed 8 months ago
4
Order's creator can update `tokenOut` to arbitrary token

#23 c4-bot-7 opened 8 months ago
8
`fillOrder` executor can be front-run by the order creator by changing order's `limitPrice_e36`, the executor's assets can be stolen

#22 c4-bot-10 opened 8 months ago
5
`fillOrder` executor can be front-run by the order creator by withdrawing collateral, the executor's assets can be stolen

#21 c4-bot-6 closed 8 months ago
6
`fillOrder` not properly cancel order when collateral of position is empty

#20 c4-bot-8 opened 8 months ago
12
` reducePos` with `CloseExactOut` swap type is prone to DoS

#19 c4-bot-6 closed 8 months ago
4
Order creator can frontrun order filling by modifying order info to extract value from order filler

#18 c4-bot-3 closed 8 months ago
3
Order can be filled in a very unfavorable condition for order creator if user's borrow pool collateral is liquidated or if the borrower pool debt is already repaid

#17 c4-bot-2 closed 8 months ago
4
SwapType.CloseExactOut balance check too strict can be DOSed

#16 c4-bot-3 opened 8 months ago
6
Missing Slippage control when increase position in MarginTradeHook.sol

#15 c4-bot-5 closed 8 months ago
5
LsdApi3OracleReader.sol implementation does not mitigate M-11 from last audit

#14 c4-bot-3 closed 7 months ago
10
Malicious master chef admin can block lp unwrap by making reward token transfer distribution out of gas

#13 c4-bot-3 closed 7 months ago
8
Malicious master chef admin can block lp unwrap by distributing poison reward token

#12 c4-bot-1 closed 7 months ago
12
Stop loss order and take profits order lacks expiration time

#11 c4-bot-3 closed 8 months ago
4
Overpaid asset is locked in lending pool when flashloan

#10 c4-bot-4 opened 8 months ago
6
Analysis

#9 c4-bot-8 opened 8 months ago
3
Gas Optimizations

#8 c4-bot-7 opened 8 months ago
3
QA Report

#7 c4-bot-6 opened 8 months ago
4
MarginTradingHook.sol#updateOrder does not validate order.tokenOut, allowing order creator maliciously modify order.tokenOut before filling the order

#6 c4-bot-3 closed 8 months ago
7
MarginTradeHook.sol#fillOrder does not validate order creator's minHealth when filling the order

#5 c4-bot-3 opened 8 months ago
8
Refunded token in is locked in MarginTradeHook contract after swap

#4 c4-bot-5 closed 8 months ago
7
when wrapping LP token, rewards is not transferred to the lp owner

#3 c4-bot-2 closed 8 months ago
5
LP unwrap / wrap is fully broken if master chef contract has insufficient reward token and block decollateralize wlp and wlp liquidation

#2 c4-bot-6 opened 8 months ago
5
Agreements & Disclosures

#1 code423n4 opened 8 months ago
1