code-423n4 2024-02-spectra-findings issues

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

`block.timestamp` does not correspond to the same values on multi chains

#258 c4-bot-2 closed 8 months ago
3
The rewardsProxy code is executed via delegatecall, which is dangerous

#257 c4-bot-4 closed 8 months ago
3
PT and its YT will not have an equal supply at all times

#256 c4-bot-10 closed 9 months ago
3
Users can burn YT when `PrincipalToken` contract is paused by

#255 c4-bot-4 closed 9 months ago
5
The user's yield is updated in beforeYtTransfer. This means yield will not be updated if only PT is transferred.

#254 c4-bot-9 closed 9 months ago
4
Lack of `minAsset` check in `claimYield()` and `claimFees()`.

#253 c4-bot-10 opened 9 months ago
13
The post-expiration price rate can be frontran/sandwiched, permanently setting manipulated price

#252 c4-bot-8 closed 8 months ago
6
`DOMAIN_SEPARATOR()` is missing in `PrincipalToken.sol` and `YieldToken.sol` can lead to Missing `DOMAIN_SEPARATOR()` can lead to vulnerabilities

#251 c4-bot-7 closed 8 months ago
3
QA Report

#250 c4-bot-2 closed 9 months ago
3
Analysis

#249 c4-bot-5 closed 8 months ago
4
`ptRate` can be set to 0, which will freeze funds held by the PrincipalToken contract.

#248 c4-bot-10 closed 8 months ago
6
The ERC4626 standard is not followed correctly

#247 c4-bot-10 closed 8 months ago
14
`Principal::depositIBT` @ line 201 invokes the function without slippage protection

#246 c4-bot-9 closed 8 months ago
4
The convertToPrincipal and convertToUnderlying functions can potentially allow manipulation of rates after expiry.

#245 c4-bot-5 closed 8 months ago
5
Owner can be attacked by a malicious contract when the owner calls withdraw, thereby draining the users assets.

#244 c4-bot-9 closed 8 months ago
3
Wrong decimals utilized in computingYield if underlying asset has less decimals than Yield Token

#243 c4-bot-8 closed 8 months ago
5
`PrincipalToken::maxDeposit` will not work for some tokens that don't support `type(uint256).max` amount.

#242 c4-bot-7 closed 8 months ago
3
Users will not be able to call `PrincipalToken::withdraw` and `PrincipalToken::redeem` functions when the contract is paused

#241 c4-bot-5 closed 9 months ago
3
Concentrating vault's liquidity might enable flashloan-backed vault reset attack leading to partial vault drain

#240 c4-bot-8 closed 8 months ago
17
Incorrect calculation of `newYieldInIBTRay` in function `_computeYield`.

#239 c4-bot-4 closed 9 months ago
3
`Principal::deposit` @ line 171 invokes the function without slippage protection

#238 c4-bot-4 closed 9 months ago
4
PrincipalToken does not comply with ERC5095 standard

#237 c4-bot-4 closed 9 months ago
5
QA Report

#236 c4-bot-1 closed 9 months ago
3
The Principal Token is not ERC-5095 compliant

#235 c4-bot-1 closed 9 months ago
6
QA Report

#234 c4-bot-1 closed 9 months ago
3
PrincipalToken does not comply with EIP5095

#233 c4-bot-3 closed 9 months ago
3
`updateYield()` can be called even when the contract is paused

#232 c4-bot-3 closed 9 months ago
3
Redeem Function May Cause Unintended PT Share Loss

#231 c4-bot-5 closed 9 months ago
4
Volatile IBT rate will quickly degrade PT rate of the pricipal token

#230 c4-bot-7 closed 9 months ago
7
Incompatible with rebasing tokens.

#229 c4-bot-8 closed 8 months ago
3
In line 303, `PrincipalToken::withdrawIBT` allows users to withdraw without slippage protection

#228 c4-bot-4 closed 9 months ago
3
Improper Implementation of Slippage Protection Mechanism

#227 c4-bot-4 closed 9 months ago
3
In line 278, `PrincipalToken::withdraw` allows users to withdraw without slippage protection

#226 c4-bot-5 closed 9 months ago
3
Analysis

#225 c4-bot-9 opened 9 months ago
5
Analysis

#224 c4-bot-7 closed 8 months ago
2
Analysis

#223 c4-bot-3 closed 8 months ago
7
QA Report

#222 c4-bot-2 opened 9 months ago
2
Analysis

#221 c4-bot-10 closed 8 months ago
3
Broken Invariant: Equal Supply PT==YT

#220 c4-bot-6 closed 9 months ago
5
Rounding error when deposit will result in more shares being minted to users

#219 c4-bot-6 closed 9 months ago
3
QA Report

#218 c4-bot-8 opened 9 months ago
2
Gas Optimizations

#217 c4-bot-8 closed 8 months ago
2
In line 253, `PrincipalToken::redeemForIBT` allows users to redeem without slippage protection

#216 c4-bot-3 closed 9 months ago
4
Gas Optimizations

#215 c4-bot-9 closed 8 months ago
2
Analysis

#214 c4-bot-1 closed 8 months ago
2
QA Report

#213 c4-bot-1 opened 9 months ago
2
Incorrect implementation of the EIP-5095 standard for maxRedeem() and maxWithdraw()

#212 c4-bot-3 closed 9 months ago
4
Incorrect implementation of the EIP-5095 standard for covertToUnderlying()

#211 c4-bot-4 closed 8 months ago
8
PrincipalToken is not ERC-5095 compliant

#210 c4-bot-7 opened 9 months ago
5
A misbehaving IBT can cause the protocol to lose all accumulated fees.

#209 c4-bot-9 closed 9 months ago
3

Previous Next