code-423n4 2024-01-salty-findings issues

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

The first user of pool gets all of the StakingRewards

#666 c4-bot-2 closed 9 months ago
2
It doesn't check whether `ballotName` ends with `_confirm` when creating a new proposal

#665 c4-bot-3 closed 8 months ago
4
`activeTimelock` might be extended or canceled by receiving ether from `confirmationWallet`before it is expired.

#664 c4-bot-1 closed 9 months ago
2
Ether received from `confirmationWallet` is stuck within `ManagedWallet`

#663 c4-bot-3 closed 9 months ago
2
`proposedMainWallet` was not set to `address(0)` when a wallet proposal is rejected

#662 c4-bot-2 closed 9 months ago
3
On launch disproportionate amount of rewards are distributed

#661 c4-bot-6 closed 8 months ago
8
QA Report

#660 c4-bot-7 closed 9 months ago
1
Attacker can DoS `finalizeBallot()` to prevent exchange startup

#659 c4-bot-1 closed 9 months ago
2
User can add liquidity with tokens' amount less than DUST

#658 c4-bot-8 closed 8 months ago
1
Invalid DUST check in removeLiquidity

#657 c4-bot-1 closed 9 months ago
2
First staker claims 100% of the rewards in StakingRewards

#656 c4-bot-3 closed 9 months ago
2
Liquidate users via changing WETH/WBTC pool's total value in USD

#655 c4-bot-5 closed 9 months ago
6
borrowers cannot be liquidated because of cooldownExpiration

#654 c4-bot-8 closed 9 months ago
2
QA Report

#653 c4-bot-1 opened 9 months ago
3
Inefficient Utilization of Protocol Liquidity due to Swap Limits in Liquidizer Contract

#652 c4-bot-10 opened 9 months ago
4
Analysis

#651 c4-bot-7 opened 9 months ago
1
`reserves.reserve1` can become < `PoolUtils.DUST`

#650 c4-bot-2 closed 9 months ago
2
`Liquidizer.performUpkeep` will revert if either SALT/USDS or DAI/USDS has less than `DUST` liquidity

#649 c4-bot-2 closed 8 months ago
5
Swaps can be made for token not in the whitelist

#648 c4-bot-1 opened 9 months ago
4
Pools reserves can be manipulated because of failed check of remaining reserves on `removeLiquidity()`

#647 c4-bot-8 closed 8 months ago
6
`CoreChainlinkFeed` uses BTC/USD Chainlink oracle to price WBTC which can lead to DoS and undercollateralized borrowing if WBTC depegs

#646 c4-bot-5 closed 9 months ago
2
QA Report

#645 c4-bot-8 closed 9 months ago
2
LP providers can rceive ZERO liquidity due to a missing check on the minLiquidityReceived

#644 c4-bot-4 closed 9 months ago
1
A user who call the Pools#`depositDoubleSwapWithdraw()` may face a huge slippage loss

#643 c4-bot-8 closed 8 months ago
6
Sandwich attacks on `dao.formPOL` are possible

#642 c4-bot-7 closed 9 months ago
3
Analysis

#641 c4-bot-4 opened 9 months ago
1
A user who has lost access can still participate in the DAO

#640 c4-bot-4 closed 8 months ago
1
User can prevent liquidations

#639 c4-bot-5 closed 9 months ago
2
QA Report

#638 c4-bot-7 opened 9 months ago
9
ManagedWallet contracts timelock can be skipped

#637 c4-bot-3 closed 8 months ago
5
Tokens can be swapped via unwhitelisted pools

#636 c4-bot-4 opened 9 months ago
2
Unwhitelisted pools are stripped of their earned rewards

#635 c4-bot-9 closed 8 months ago
9
Whales can abuse `cancelUnstake()` to sandwich other users rewards with no risk or extra cost

#634 c4-bot-9 closed 8 months ago
6
Unathorized users from excluded countries can continue to accumulate and claim rewards

#633 c4-bot-5 opened 9 months ago
2
Chainlink price feed uses BTC/USD feed instead of one with WBTC

#632 c4-bot-9 closed 8 months ago
4
`ManagedWallet.sol` is not a wallet if it does not transferout ETH transfered to it

#631 c4-bot-2 closed 9 months ago
2
Staking Rewards distribution is skipped when liquidity pools didn't make any profits

#630 c4-bot-5 opened 9 months ago
5
Inability to Fully Withdraw Liquidity or Liquidate Last LP left or only LP in Pool

#629 c4-bot-5 closed 9 months ago
2
Users from excluded countries can stake SALT by claiming airdrops

#628 c4-bot-7 opened 9 months ago
2
Wallet proposals aren't reset when they are rejected

#627 c4-bot-8 closed 9 months ago
2
Some positions can become instantly liquidatable after a DAO proposal is finished

#626 c4-bot-7 opened 9 months ago
9
Proposals that didn't reach quorum should be able to be finalized without changes when the voting phase ends

#625 c4-bot-1 closed 9 months ago
2
Geo restrictions can be bypassed to stake salt

#624 c4-bot-1 opened 9 months ago
2
Users can make last-minute votes and completely flip the results of a ballot

#623 c4-bot-9 opened 9 months ago
5
Approved "Send SALT" proposals can be finalized without sending the SALT

#622 c4-bot-5 opened 9 months ago
6
DOS of proposals by abusing ballot names without important parameters

#621 c4-bot-3 opened 9 months ago
8
Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

#620 c4-bot-9 opened 9 months ago
16
Once a pool is removed from the whitelist all its pending reward will be permanently stuck

#619 c4-bot-1 closed 8 months ago
5
USDS is sent to the wrong contract when repaying borrowed USDS

#618 c4-bot-1 closed 8 months ago
5
Users can avoid liquidations by abusing the cooldown mechanism

#617 c4-bot-3 closed 9 months ago
2

Previous Next