issues
search
code-423n4
/
2024-02-tapioca-findings
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> 2 from #184 [1712936233288]
#188
c4-judge
closed
2 months ago
2
Upgraded Q -> 2 from #184 [1712935796435]
#187
c4-judge
closed
2 months ago
2
[H10] `MagnetarMintXChainModule.sol`:`mintBBLendXChainSGL` can be used to manipulate user positions by abusing whitelist privileges
#185
c4-bot-2
opened
3 months ago
3
QA Report
#184
c4-bot-3
opened
3 months ago
1
Gas Optimizations
#183
c4-bot-8
opened
3 months ago
2
Missing an option to wrap Singularity tokens in `mintBBLendSGLLockTOLP` function to be able to lock into OLP
#182
c4-bot-5
closed
3 months ago
4
QA Report
#181
c4-bot-5
opened
3 months ago
1
Missing unwrap configuration when withdrawing cross-chain in the `depositYBLendSGLLockXchainTOLP()` function of MagnetarAssetXChainModule results in being unable to lock and participate on the destination chain
#180
c4-bot-9
opened
3 months ago
6
[H9] Missing check on helper contract allows arbitrary actions and theft of assets
#179
c4-bot-5
opened
3 months ago
11
QA Report
#178
c4-bot-2
opened
3 months ago
3
pool rescue timelock can be bypassed
#177
c4-bot-7
closed
2 months ago
7
`tOLP` positions created through `MagnetarAction.Permit` can be stolen
#176
c4-bot-6
opened
3 months ago
7
Spearbit finding 5.2.2 not fixed
#175
c4-bot-6
opened
3 months ago
5
`MagnetarAction.Permit` interaction with `Pearlmit` wrongly assumes second argument is owner
#174
c4-bot-6
opened
3 months ago
7
anyone holding TapTokens needs to be in control of their address on all chains `TAP` is deployed on
#173
c4-bot-4
closed
3 months ago
10
anyone with a `Pearlmit` approval to transfer `TapToken` can have their funds stolen
#172
c4-bot-10
opened
3 months ago
7
anyone can claim rewards for users with approval to `TapToken` or steal the whole position
#171
c4-bot-10
closed
2 months ago
5
anyone can take any whitelisted tokens approved to `Magnetar`
#170
c4-bot-10
closed
3 months ago
7
`MagnetarAction.Market` wrongly assumes `owner` is first parameter in `IMarket.execute.selector`
#169
c4-bot-9
opened
3 months ago
5
`MagnetarAction.TapToken` integration will leave tokens stuck in `Magnetar` contract
#168
c4-bot-4
closed
3 months ago
4
Vesting vests too much when `initialUnlock` is used
#167
c4-bot-9
closed
3 months ago
7
AirdropBroker / TapiocaOptionBroker cannot ensure that paymentTokenValuation's decimals in _getDiscountedPaymentAmount is 18
#166
c4-bot-6
closed
3 months ago
4
`TwTAP` participation can be bricked stopping user to participate
#165
c4-bot-5
closed
3 months ago
6
misaligned incentive model for `twAML` in `TapiocaOptionBroker`
#164
c4-bot-8
opened
3 months ago
5
Missing slippage check when depositing to YieldBox
#163
c4-bot-6
closed
2 months ago
7
The order of composed messages is reversed during the `depositYBLendSGLLockXchainTOLP()` function of MagnetarAssetXChainModule
#162
c4-bot-9
closed
3 months ago
4
Tokens deposited will be stuck in `depositRepayAndRemoveCollateralFromMarket` function if user attempts to execute the deposit step but skip the repay step
#161
c4-bot-9
opened
3 months ago
10
Approval for pearlmit is missing before repaying in the `depositRepayAndRemoveCollateralFromMarket` function of MagnetarAssetModule
#160
c4-bot-6
closed
3 months ago
6
`exitPositionAndRemoveCollateral` function of MagnetarOptionModule calls `removeAsset()` with the wrong value
#159
c4-bot-7
closed
3 months ago
7
`depositRepayAndRemoveCollateralFromMarket` function of MagnetarAssetModule can't be used on behalf of user
#158
c4-bot-9
opened
3 months ago
4
`depositYBLendSGLLockXchainTOLP` function of the MagnetarAssetXChainModule will not work because it transfers Singularity tokens to the user before `_withdrawToChain`
#157
c4-bot-5
opened
3 months ago
10
`_lockOnTOB` function of MagnetarMintCommonModule will not work due to the missing approved asset for YieldBox before depositing
#156
c4-bot-9
opened
3 months ago
4
`_lzCustomWithdraw` function of MagnetarBaseModule will not send any tokens cross-chain
#155
c4-bot-4
closed
2 months ago
12
Missing conversion of deposited assets to borrow parts before repayment in MagnetarAssetModule
#154
c4-bot-9
opened
3 months ago
10
Incorrect return value of function `BaseTapiocaOmnichainEngine._payNative()`
#153
c4-bot-7
opened
3 months ago
7
Attacker can drain all tap token from victim's wallet using function `BaseTapiocaOmnichainEngine::transferFrom()`
#152
c4-bot-9
closed
3 months ago
5
Attacker can create an DOS for every composed messages that contains permit message type by front-running
#151
c4-bot-5
closed
3 months ago
6
The introduction of `__initialUnlockTimeOffset` may allow the attacker to vest more tokens than anticipated
#150
c4-bot-9
closed
3 months ago
3
User can't exercise the option with `paymentToken` that has decimals > 18
#149
c4-bot-4
closed
3 months ago
4
The attacker can exercise the TAP option twice by just locking their position for slightly more than one week
#148
c4-bot-9
closed
3 months ago
5
Incorrect use of `_removeDust()` in function `TapTokenReceiver._claimTwpTapRewardsReceiver()`
#147
c4-bot-7
opened
3 months ago
4
Use safeTransfer/safeTransferFrom consistenly instead of transfer/transferFrom
#146
c4-bot-8
closed
3 months ago
5
The attacker can steal the reward from twTAP by utilizing the function `TapTokenReceiver::_claimTwpTapRewardsReceiver()`
#145
c4-bot-7
closed
3 months ago
3
Unable to decode the `duration` parameter in the function `TapTokenC::decodeLockTwpTapDstMsg()`
#144
c4-bot-8
closed
3 months ago
6
TAP tokens will be lost in the event that no singularities are registered for a week
#143
c4-bot-8
opened
3 months ago
10
Absence of restrictions on the sender of the `twTAP.claimsReward()` function could enable attackers to freeze reward tokens within the Tap token contract
#142
c4-bot-7
opened
3 months ago
10
QA Report
#141
c4-bot-10
opened
3 months ago
1
[M15] Magnetar's `mintBBLendSGLLockTOLP` reverts when `lock` is set to false
#140
c4-bot-3
opened
3 months ago
4
[M14] Missing approval in Mangetar's `_lockOnTOB` function results in broken functionality
#139
c4-bot-1
closed
3 months ago
3
[M13] Magnetar's `depositYBLendSGLLockXchainTOLP` fails if deposit is skipped
#138
c4-bot-3
closed
3 months ago
5
Next