issues
search
code-423n4
/
2024-01-salty-findings
11
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
QA Report
#816
c4-bot-9
closed
7 months ago
1
voting power/quorum can be maniplated.
#815
c4-bot-7
closed
7 months ago
2
SEND SALT does not send salt to target
#814
c4-bot-6
closed
7 months ago
2
user might vote to the wrong proposal due to reorg
#813
c4-bot-6
closed
6 months ago
6
Blacklisted user may prevent ` claimAllRewards()`
#812
c4-bot-1
closed
7 months ago
0
Aggregated price feed might DOS liquidation process during price volatility
#811
c4-bot-4
closed
7 months ago
2
Salt token will be stuck while `BallotType.UNWHITELIST_TOKEN` is executed.
#810
c4-bot-1
closed
6 months ago
7
PriceFeed is likely to be disabled in times of volatility, causing liquidations and borrows to freeze
#809
c4-bot-1
opened
7 months ago
5
ManagedWallet Stuck if proposed new main wallet does not call changeWallets
#808
c4-bot-2
opened
7 months ago
6
Gas Optimizations
#807
c4-bot-1
opened
7 months ago
1
ManagedWallet Stuck and cannot propose an alternative wallet pair if confirmation wallet rejects a proposal
#806
c4-bot-1
closed
7 months ago
2
Adding liquidity with zapping while providing only one of the tokens can cause extreme slippage that results in liquidity being drained from Salty
#805
c4-bot-2
closed
7 months ago
5
`minLiquidityReceived` Unintentionally Set to 0 can be frontRun
#804
c4-bot-2
closed
7 months ago
1
Whitelisted token bootstrapping rewards remain stuck in liquidityRewardsEmitter when the token is Unwhitelisted
#803
c4-bot-2
opened
7 months ago
12
ManagedWallet cannot handle rejection
#802
c4-bot-6
closed
6 months ago
6
LPs can be exploited by frontrunning liquidity additions to a new pool with an initial deposit that creates a distorted initial price
#801
c4-bot-1
closed
6 months ago
14
Exchange Launch Constraint During DAO Bootstrapping
#800
c4-bot-2
closed
7 months ago
4
Unauthorized User Access for Depositing/Withdrawing Liquidity in Pools
#799
c4-bot-1
closed
7 months ago
2
DAO can be hijacked by an exploiter who gets a large share of the airdrop (i.e. through a sybil attack) by replacing the AccesManager contract
#798
c4-bot-6
opened
7 months ago
4
Double Voting Potential Due to Lack of S Value Check
#797
c4-bot-2
closed
7 months ago
2
QA Report
#796
c4-bot-2
closed
7 months ago
1
Analysis
#795
c4-bot-1
opened
7 months ago
3
QA Report
#794
c4-bot-5
closed
7 months ago
1
QA Report
#793
c4-bot-5
opened
7 months ago
3
DOS of the proposeTokenWhitelisting will happen because of the logic of the finalize ballot
#792
c4-bot-5
closed
7 months ago
2
ExchangeConfig::setContracts can be initialize multiple times by malicious owner
#791
c4-bot-5
closed
7 months ago
1
Gas Optimizations
#790
c4-bot-10
opened
7 months ago
1
DoS: Blacklisted user may prevent ` withdraw `
#789
c4-bot-5
closed
7 months ago
0
User can escape liquidation for a time period he decides
#788
c4-bot-5
closed
7 months ago
2
WBTC Depeg will result in a death spiral for USDS
#787
c4-bot-9
closed
6 months ago
11
Managed Wallet requires sending ETH to confirm wallets, but has no mechanism to withdraw the funds, leading to locked funds
#786
c4-bot-9
closed
7 months ago
2
A user can exploit rounding issue to deposit only one token to the pool
#785
c4-bot-6
closed
6 months ago
18
Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST
#784
c4-bot-4
opened
7 months ago
7
Managed Wallet can never be updated if proposed wallet never confirms
#783
c4-bot-3
closed
7 months ago
2
Collateral positions within cooldown period can not be liquidated, which may lead to an undercollateralized loans
#782
c4-bot-3
closed
7 months ago
3
The initial distrubution process can be bricked permanently
#781
c4-bot-7
closed
7 months ago
3
lash loans can affect governance voting in Proposals.sol
#780
c4-bot-5
closed
7 months ago
0
Analysis
#779
c4-bot-4
opened
7 months ago
3
QA Report
#778
c4-bot-2
opened
7 months ago
1
CoreChainlinkFeed use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs
#777
c4-bot-10
closed
7 months ago
2
Incorrect DUST check for reserve1 when removing liquidity allows attacker to take reserve1 below DUST amount
#776
c4-bot-9
closed
7 months ago
2
Rounding issue allows a user to provide only one token as liquidity in the pool
#775
c4-bot-9
closed
7 months ago
2
QA Report
#774
c4-bot-5
opened
7 months ago
1
Analysis
#773
c4-bot-5
closed
7 months ago
1
Analysis
#772
c4-bot-7
opened
7 months ago
4
Permanent loss of SALT tokens will occur in the Airdrop contract because of the lack of salt rewards transfer mechanisim
#771
c4-bot-10
closed
6 months ago
5
Unfair Token Whitelisting
#770
c4-bot-10
closed
7 months ago
1
The hardcoded argument `block.timestamp` for the parameter `deadline` is an invitation to MEV attack and there are several occurences in swap related functions
#769
c4-bot-9
closed
7 months ago
7
Analysis
#768
c4-bot-9
opened
7 months ago
1
The input parameter of StakingRewards.claimAllRewards() should be checked ,and parameter poolID also need to check
#767
c4-bot-2
closed
7 months ago
1
Previous
Next