code-423n4 2024-01-salty-findings issues

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

The reserves of the Pools pool will be smaller than PoolUtils.DUST

#616 c4-bot-9 closed 9 months ago
3
Sandwich attacks on `Upkeep` are possible

#615 c4-bot-8 closed 9 months ago
3
First Liquidity provider can claim all initial pool rewards

#614 c4-bot-8 opened 9 months ago
5
StakingReward.sol:Calculation of _decreaseUserShare() can be overflowed

#613 c4-bot-9 closed 9 months ago
1
Malicious use of proposals in DAO can prevent the DAO from functioning correctly

#612 c4-bot-10 closed 9 months ago
3
QA Report

#611 c4-bot-5 closed 9 months ago
1
Coding logic in proposeWallets renders ManagedWallet deadlock

#610 c4-bot-4 closed 9 months ago
3
The use of spot price by CoreSaltyFeed can lead to price manipulation and undesired liquidations

#609 c4-bot-4 opened 9 months ago
6
`Liquidizer` will always call `dao.withdrawPOL` and burn the pool's liquidity

#608 c4-bot-2 closed 9 months ago
4
Insufficient Input Validation in `Proposals::proposeSetContractAddress` and `Proposals::proposeWebsiteUpdate` prevents the execution of `createConfirmationProposal`

#607 c4-bot-2 closed 8 months ago
5
Total salt supply permanently locked if launch vote outcome is no or a draw

#606 c4-bot-3 opened 9 months ago
5
`0` would be assigned into the `minAmountOut` of the Pools#`depositSwapWithdraw()` called in the UpKeep#`_formPOL()`, which lead to a huge slippage loss

#605 c4-bot-2 closed 9 months ago
3
[H-01] In BootstrapBallot.sol, the incorrect setting logic of ballotFinalized can lead to DOS attacks

#604 c4-bot-10 closed 9 months ago
1
Whitelisted User Can Claim All Initial Rewards in Salt Staking Contract

#603 c4-bot-6 closed 9 months ago
3
Insufficient reserve check when removing liquidity

#602 c4-bot-2 closed 9 months ago
2
Disproportionate Virtual Rewards for Early LP Providers

#601 c4-bot-9 closed 9 months ago
3
Repaid USDS is sent to USDS contract instead of to the Liquidizer

#600 c4-bot-7 closed 9 months ago
2
Pools' small profits are wiped out by performUpkeep() in step7

#599 c4-bot-4 opened 9 months ago
3
Lack of check on tokens with multiple entrances still makes it for arbitrage bot to gain profits

#598 c4-bot-6 closed 9 months ago
2
QA Report

#597 c4-bot-8 closed 9 months ago
1
Lack of logic to pause some critical functions in the Pools contract for after the Salty.IO DEX would be launched

#596 c4-bot-3 closed 9 months ago
2
Risk of Governance Process Interference in Multi-Phase Parameter Updates (Contracts, Website)

#595 c4-bot-8 closed 8 months ago
4
The calling of function `depositLiquidityAndIncreaseShare()` with `useZapping = true` can be failed due to underflow on `_zapSwapAmount()`

#594 c4-bot-8 closed 9 months ago
4
Wrong calculation issue is existed on `_mostSignificantBit()`.

#593 c4-bot-8 closed 9 months ago
1
Transactions to addliquidity can be front run

#592 c4-bot-8 closed 9 months ago
3
After the exchange is approved, the user can promptly receive many SALT rewards.

#591 c4-bot-9 closed 9 months ago
3
Whitelisting token with `finalizeBallot()` would be reverted by access limitation, if it's called by user

#590 c4-bot-4 closed 9 months ago
2
Step 1 of performUpkeep fails to swap WBTC, WETH, and DAI to USDS in Liquidizer.sol due to a mismanagement of solidity context variables.

#589 c4-bot-4 closed 9 months ago
2
QA Report

#588 c4-bot-1 opened 9 months ago
2
QA Report

#587 c4-bot-7 opened 9 months ago
2
`decimal` function not available in all interfaces

#586 c4-bot-9 closed 9 months ago
0
Inactive Price Feed can Determine AggregatePrice due to Oversight in Implementation

#585 c4-bot-2 closed 8 months ago
8
Gas Optimizations

#584 c4-bot-4 opened 9 months ago
2
anyone can burn tokens and cause a liquidation and a Dos attack

#583 c4-bot-5 closed 9 months ago
0
Voting power is computed asynchronously and allows manipulation of results.

#582 c4-bot-4 closed 9 months ago
3
not withdraw method in ` ManagedWallet ` funds stuck

#581 c4-bot-3 closed 9 months ago
0
Step 1 of performUpkeep fails to swap wbtc, weth, and dai to USDS in Liquidizer.sol due to a mismanagement of msg.sender

#580 c4-bot-3 closed 9 months ago
1
Arbitrage may not be profitable

#579 c4-bot-7 closed 8 months ago
5
anyone can burn tokens and cause a liquidation and a Dos attack

#578 c4-bot-9 closed 9 months ago
0
QA Report

#577 c4-bot-1 closed 8 months ago
1
$SALT to be distributed to the active teamWallet and DAO would be stuck in the `teamVestingWallet` and the `daoVestingWallet`

#576 c4-bot-8 closed 8 months ago
4
Incomplete Incomplete Implementation as Cancelled and Claimed Unstake would be Returned instead of only Pending Unstake

#575 c4-bot-9 opened 9 months ago
7
Compromised `EXPECTED_SIGNER` Address Risks: Unauthorized Access and New User Lockouts

#574 c4-bot-9 closed 8 months ago
2
ManagedWallet.sol can no longer propose or change wallet, if a confirmationWallet rejects one wallet proposal.

#573 c4-bot-2 closed 9 months ago
2
QA Report

#572 c4-bot-9 opened 9 months ago
1
USDS repaid will not be transferred to Liquidizer, but Liquidizer will still burn the amount of USDS in upkeep, causing Liquidizer always draining protocol owned liquidity

#571 c4-bot-9 closed 9 months ago
2
`PoolStats::_arbitrageProfits` will retain its non-zero value even if the pool is removed, and furthermore, even when those profits have been distributed to `SaltRewards`

#570 c4-bot-4 closed 8 months ago
13
`proposals.proposeTokenWhitelisting` can be DOS with multiple fake proposals preventing actual users from making appropriate proposals.

#569 c4-bot-7 closed 9 months ago
2
_possiblyBurnUSDS() will always revert when usdsBalance >= usdsThatShouldBeBurned due to failure of dao.withdrawPOL.

#568 c4-bot-4 closed 9 months ago
2
Borrower can prevent getting liquidated by frontrunning the liquidate call.

#567 c4-bot-10 closed 9 months ago
2

Previous Next