code-423n4 2024-02-spectra-findings issues

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Users may receive yield for rate changes that occur after the expiry.

#108 c4-bot-2 closed 8 months ago
3
A momentary de-pegging can result in a loss for all PT holders, although the market recovers while the protocol could "earn" from the de-pegging.

#107 c4-bot-3 closed 8 months ago
3
QA Report

#106 c4-bot-5 closed 8 months ago
2
PrincipalToken.sol#maxDeposit, maxWithdraw and maxRedeem should return 0 when pausing

#105 c4-bot-2 closed 8 months ago
1
Potential DoS via Large Data Payloads

#104 c4-bot-8 closed 8 months ago
3
Delayed Invocation of storeRatesAtExpiry Affects View Functions

#103 c4-bot-4 closed 8 months ago
6
QA Report

#102 c4-bot-6 closed 8 months ago
3
Inconsistent ERC-4626 asset() Function Response

#101 c4-bot-10 closed 8 months ago
4
Analysis

#100 c4-bot-10 closed 8 months ago
2
Gas Optimizations

#99 c4-bot-6 closed 8 months ago
3
QA Report

#98 c4-bot-10 closed 8 months ago
3
a

#97 c4-bot-2 closed 8 months ago
1
Analysis

#96 c4-bot-2 closed 8 months ago
3
QA Report

#95 c4-bot-6 closed 8 months ago
3
Analysis

#94 c4-bot-5 opened 8 months ago
3
Analysis

#93 c4-bot-1 closed 8 months ago
4
Analysis

#92 c4-bot-3 closed 8 months ago
3
QA Report

#91 c4-bot-1 closed 8 months ago
6
Upgradeable contract "PrincipalToken" should have storage gaps for future upgrades

#90 c4-bot-5 closed 8 months ago
3
Users holding eip-20 approval cannot redeem or withdraw their funds.

#89 c4-bot-4 closed 8 months ago
5
Users would unfairly lose Yield To Protocol

#88 c4-bot-3 closed 8 months ago
3
msg.value can be Greater than Zero even when Data is Empty

#87 c4-bot-4 closed 8 months ago
2
Current Yield Of User In IBT can be manipulated by using Zero Rates

#86 c4-bot-7 closed 8 months ago
3
Yield Token is not Burnt after Expiry

#85 c4-bot-5 closed 8 months ago
3
RatesAtExpiryStored can only be set to True

#84 c4-bot-2 closed 8 months ago
3
Current PT Rate is one directional

#83 c4-bot-3 closed 8 months ago
5
QA Report

#82 c4-bot-2 closed 8 months ago
8
PT contract can remain with more asset allowance than shares minted on ERC4626 leading to some discrepancies and vulnerabilities

#81 c4-bot-3 closed 8 months ago
1
User can get yield on first deposit because of the design of updateYield(address) function thus breaking intended functionality

#80 c4-bot-8 closed 8 months ago
4
User can update IBT rate without interacting with the protocol (deposit, redeem, ...) by calling updateYield(address) with random address

#79 c4-bot-5 closed 8 months ago
1
User can burn YT without burning PT thus breaking a main invariant

#78 c4-bot-6 closed 8 months ago
3
Protocol not compliant to EIP 5095

#77 c4-bot-2 closed 8 months ago
3
Read-only reentrancy

#76 c4-bot-5 closed 8 months ago
4
Yield Computation Reverts When There is Enough Yield

#75 c4-bot-6 closed 8 months ago
5
Omission of empty data check in upgradeAndCall() may result in stuck ether.

#74 c4-bot-9 closed 8 months ago
2
Some errors appear in the `PrincipalToken.sol#initialize` function because the previous ptRate is not kept after expiry.

#73 c4-bot-2 closed 8 months ago
3
Since users receive a accumulated fee, the protocol suffers a loss.

#72 c4-bot-6 closed 8 months ago
5
`PrincipalTokenUtil.sol` has rounding errors.

#71 c4-bot-7 closed 8 months ago
3
Flash loan caller can end up paying double the flash loaned amount

#70 c4-bot-7 opened 8 months ago
13
PrincipalTokenUtil_computeYield calls the wrong Principal token contract type

#69 c4-bot-10 closed 8 months ago
4
Some IBTs cannot be used because it is non-rebasing

#68 c4-bot-4 closed 8 months ago
5
Depositing asset does not work because the IBT is the asset and not the share

#67 c4-bot-5 closed 8 months ago
3
PT must not expect decimals() of the underlying ERC20 to be present

#66 c4-bot-5 closed 8 months ago
5
Lack of zero value checks for minShares slippage value can lead to loss of shares for users

#65 c4-bot-9 closed 8 months ago
4
ERC4626 Vault may be susceptible to underlying asset and vault token different decimals

#64 c4-bot-3 closed 8 months ago
4
Depositing Underlying Assets is susceptible to ERC4626 Inflation Attacks

#63 c4-bot-4 closed 8 months ago
4
IBT exchange rate can potentially be resets by the flashloan, the significant drop in `_ibtRate` cause loss of unclaimed yield for users.

#62 c4-bot-9 closed 8 months ago
4
Non compliance with ERC standards

#61 c4-bot-7 closed 8 months ago
8
Withdrawal Failure Due to Zero Redemption Amount

#60 c4-bot-5 closed 8 months ago
3
Insufficient Slippage validation

#59 c4-bot-8 closed 8 months ago
4

Previous Next