issues
search
code-423n4
/
2024-02-spectra-findings
4
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 2 from #206 [1710118582077]
#308
c4-judge
closed
6 months ago
2
Withdrawing or redeeming of tokens can be griefed
#307
c4-bot-5
closed
6 months ago
3
An Attacker can manipulate the IBTRate on PrincpleToken Contract resulting bad PTRate
#306
c4-bot-3
closed
6 months ago
7
YieldToken holders are able to effectively steal collateral from PrincipalToken holders when there is a temporary down-rebase in the ERC4626 token's yield
#305
c4-bot-8
closed
6 months ago
5
Asymmetry in calculating yield, when IBTRate has first dropped and then increased
#304
c4-bot-3
closed
6 months ago
4
Analysis
#303
c4-bot-8
closed
6 months ago
4
QA Report
#302
c4-bot-6
closed
6 months ago
5
Share Inflation Attack
#301
c4-bot-5
closed
6 months ago
4
Gas Optimizations
#300
c4-bot-6
opened
6 months ago
4
Gas Optimizations
#299
c4-bot-8
closed
6 months ago
2
Wrap around in `RayMath::fromRay()` , `RayMath::fromRay()` & `RayMath::toRay()` when max decimals are reached
#298
c4-bot-1
closed
6 months ago
3
Analysis
#297
c4-bot-4
closed
6 months ago
3
Analysis
#296
c4-bot-9
closed
6 months ago
3
Fee on transfer tokens can lead to incorrect approval
#295
c4-bot-9
closed
6 months ago
3
PT and its YT may not have an equal supply at all times
#294
c4-bot-2
closed
6 months ago
3
QA Report
#293
c4-bot-1
closed
6 months ago
3
Flash Loan Griefing Leading to Gas Wastage and Congestion
#292
c4-bot-1
closed
6 months ago
3
Yield token holders can drain value from principal token holders
#291
c4-bot-1
closed
6 months ago
3
Lack of slippage controls in PrincipalToken::deposit and PrincipalToken::withdraw
#290
c4-bot-3
closed
6 months ago
6
The ratesAtExpiryStored flag is not protected by access control. Anyone can call storeRatesAtExpiry() after expiry
#289
c4-bot-9
closed
6 months ago
3
Sandwich attack possible in PrincipalToken::redeem function
#288
c4-bot-1
closed
6 months ago
5
Gas Optimizations
#287
c4-bot-10
closed
6 months ago
3
Initial Deposit Rate Exploitation can Lead to Unfair Advantage and Future Deposit Dilution
#286
c4-bot-6
closed
6 months ago
4
`ibtRate` is vulnerable to price manipulation
#285
c4-bot-5
closed
6 months ago
4
There is no reentrancy protection for principal token flashloan function, allowing attackers to drain IBT
#284
c4-bot-2
closed
6 months ago
3
Unclaimed yield of the user will be lost.
#283
c4-bot-3
closed
6 months ago
7
Post-Expiry Rate Manipulation in PrincipalToken due to Lack of Access Control
#282
c4-bot-6
closed
6 months ago
4
Gas Optimizations
#281
c4-bot-10
closed
6 months ago
2
QA Report
#280
c4-bot-6
opened
6 months ago
3
Rounding in favour of the user in the _convertIBTsToShares() function
#279
c4-bot-2
closed
6 months ago
3
The owner of shares is not verified in the withdraw functions. This could allow anyone to burn someone else's shares via withdraw.
#278
c4-bot-3
closed
6 months ago
3
Using `_mint()` can be dangerous
#277
c4-bot-10
closed
6 months ago
3
Analysis
#276
c4-bot-8
closed
6 months ago
2
QA Report
#275
c4-bot-10
closed
6 months ago
3
Analysis
#274
c4-bot-5
closed
6 months ago
2
`ibtRate` will be wrong when ERC4626 decimals are different from underlying
#273
c4-bot-2
closed
6 months ago
3
Gas Optimizations
#272
c4-bot-3
closed
6 months ago
3
Gas Optimizations
#271
c4-bot-9
closed
6 months ago
2
QA Report
#270
c4-bot-3
closed
6 months ago
3
Gas Optimizations
#269
c4-bot-5
closed
6 months ago
3
`_computeTokenizationFee()` ends by collecting excess fee
#268
c4-bot-2
closed
6 months ago
5
Arbitrary `from` passed to `transferFrom` (or `safeTransferFrom`)
#267
c4-bot-6
closed
6 months ago
3
Analysis
#266
c4-bot-7
closed
6 months ago
2
Gas Optimizations
#265
c4-bot-10
closed
6 months ago
3
Both `_convertIBTsToShares()` and `_convertIBTsToSharesPreview()` use differnt logics to calculate `shares` and `_convertIBTsToSharesPreview()` is incompatable with developer comment
#264
c4-bot-4
closed
6 months ago
9
PrincipalToken not compliant with EIP-5095
#263
c4-bot-4
closed
6 months ago
4
When storing rates at expiry, there is no check that totalAssets > 0. This could allow rates to be stored when the vault is empty
#262
c4-bot-4
closed
6 months ago
4
QA Report
#261
c4-bot-2
closed
6 months ago
3
Analysis
#260
c4-bot-5
closed
6 months ago
3
Relying on `balanceOf` can lead to Price Manupulation Attack
#259
c4-bot-6
closed
6 months ago
3
Next