code-423n4 2024-02-spectra-findings issues

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Missing Rebalancing Mechanisms on Token Deposits and Asset Distribution in the Protocol"

#58 c4-bot-9 closed 8 months ago
2
Dependency on `whenNotPaused` Modifier in Withdraw and Redeem Functions

#57 c4-bot-10 closed 8 months ago
3
Missing checks for sequencer up

#56 c4-bot-3 closed 8 months ago
2
No deadline checks for slippage

#55 c4-bot-8 closed 8 months ago
3
Gas Optimizations

#54 c4-bot-2 closed 8 months ago
3
PrincipalTokenUtil.sol::_computeYield

#53 c4-bot-7 closed 8 months ago
7
Inconsistent Yield Update Handling for Redemptions Post-Expiry

#52 c4-bot-8 closed 8 months ago
6
maxRedeem Function Fails to Return 0 When Protocol Is Paused

#51 c4-bot-8 closed 8 months ago
4
Flash Loan Execution Permitted During Protocol Pause, Bypassing Security Checks

#50 c4-bot-9 closed 8 months ago
3
Protocol Fails to Impose Tokenization Fee on Minimal Deposit Amounts

#49 c4-bot-1 closed 8 months ago
4
Gas Optimizations

#48 c4-bot-3 opened 8 months ago
3
minShares Slippage Does Not Stop ERC4626 Inflation

#47 c4-bot-10 closed 8 months ago
7
Flashloan SafeTransferFrom Allows Approval Frontrunning Attack

#46 c4-bot-9 closed 8 months ago
7
Flashloan Re-entrancy Attack

#45 c4-bot-6 closed 8 months ago
5
Reversed Logic in the ` notExpired ` and ` afterExpiry ` Modifiers

#44 c4-bot-3 closed 8 months ago
3
QA Report

#43 c4-bot-5 closed 8 months ago
2
QA Report

#42 c4-bot-1 closed 8 months ago
3
selfdestruct the Principal Token contract

#41 c4-bot-10 closed 8 months ago
3
Violations of proper [EIP-5095](https://eips.ethereum.org/EIPS/eip-5095) standard

#40 c4-bot-1 closed 8 months ago
4
PrincipalToken Contract Deployment Can Be Failed Even For Valid ERC4626

#39 c4-bot-10 closed 8 months ago
4
Wrong main invariant assumptions: PT and its YT supply will be equal

#38 c4-bot-7 closed 8 months ago
3
User Tokens will be stuck forever

#37 c4-bot-2 closed 8 months ago
7
The `_depositIBT` mints more share than it should, due to rounding up `ptRate`

#36 c4-bot-4 closed 8 months ago
3
ETH Deposit Handling Failure in `PrincipalToken.sol`

#35 c4-bot-4 closed 8 months ago
3
Analysis

#34 c4-bot-1 opened 8 months ago
3
PrincipalToken is not fully EIP5095 compliant

#33 c4-bot-4 closed 8 months ago
8
Flashloan can be used to drain unsuspecting receivers

#32 c4-bot-8 closed 8 months ago
5
updateYield() can still be called by users against protocol

#31 c4-bot-5 closed 8 months ago
4
Inadequate Validation in Deposit Function Allows Unauthorized Deposits and Post-Maturity Actions

#30 c4-bot-6 closed 8 months ago
3
balanceOf returns 0 after maturity

#29 c4-bot-4 closed 8 months ago
3
Inconsistent use of SafeTransfer/SafeTransferFrom

#28 c4-bot-6 closed 8 months ago
3
Precision loss due to division before multiplication

#27 c4-bot-9 closed 8 months ago
3
PrincipalToken vaults can be shutdown/disrupted

#26 c4-bot-2 closed 8 months ago
4
Pausing mechanism is flawed

#25 c4-bot-3 closed 8 months ago
4
YT burn function breaks invariant

#24 c4-bot-1 closed 8 months ago
3
IERC4626::redeem() not according to spec and may result in loss of funds

#23 c4-bot-2 opened 8 months ago
6
Reentrancy on flashloan allows bypassing maxFlashLoan limit

#22 c4-bot-9 closed 8 months ago
1
Assigning admin role lacks 2 step process

#21 c4-bot-6 closed 8 months ago
3
QA Report

#20 c4-bot-2 closed 8 months ago
1
Improper Asset Transfer in Withdrawal Process

#19 c4-bot-4 closed 8 months ago
1
QA Report

#18 c4-bot-5 closed 8 months ago
3
Wrong event argument

#17 c4-bot-3 closed 8 months ago
6
Non-compliance with ERC20 Standard in YT

#16 c4-bot-9 closed 8 months ago
6
Admin can rug users by updating beacon address

#15 c4-bot-10 closed 8 months ago
3
Fee reduction calls the wrong recipient

#14 c4-bot-9 closed 8 months ago
4
Missed ERC20.approve() to PrincipleToken addr in depositIBT()

#13 c4-bot-2 closed 8 months ago
3
Missed ERC20.approve() to PrincipalToken in PrincipalToken.deposit()

#12 c4-bot-10 closed 8 months ago
3
Unrestricted Token Burning Functionality leading to Market Manipulation

#11 c4-bot-4 closed 8 months ago
3
PrincipalToken.sol::

#10 c4-bot-9 closed 8 months ago
3
users can't claim their rewards due to errors in PrincipalToken.sol::claimRewards

#9 c4-bot-1 closed 8 months ago
3

Previous Next