issues
search
code-423n4
/
2024-03-pooltogether-findings
5
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Function
#309
c4-bot-6
closed
5 months ago
1
Deposits can take more assets than
#308
c4-bot-9
closed
5 months ago
1
Calculations for `PrizeVault:totalAsset` incorrect and can lead to Dos in peculiar cases
#307
c4-bot-9
closed
5 months ago
3
Gas Optimizations
#306
c4-bot-9
opened
5 months ago
3
Analysis
#305
c4-bot-3
opened
5 months ago
5
the PrizeVault.sol doesnt check if yieldFeeRecipient_ is the zero address before setting it
#304
c4-bot-8
closed
5 months ago
3
Gas Optimizations
#303
c4-bot-8
opened
5 months ago
4
Incorrect Deduction of '_yieldFeeBalance' from 'yieldFeeBalance'.
#302
c4-bot-5
closed
5 months ago
4
QA Report
#301
c4-bot-10
closed
5 months ago
3
Gas Optimizations
#300
c4-bot-4
closed
5 months ago
3
Analysis
#299
c4-bot-10
opened
5 months ago
3
Analysis
#298
c4-bot-7
opened
5 months ago
3
No slippage protection on withdrawals
#297
c4-bot-2
closed
5 months ago
4
ERC20 weird tokens with blacklisting / whitelisting and pause by the owner mechanism are not supported by the protocol and even not exclude by it.
#296
c4-bot-1
closed
5 months ago
4
Precision per dollars check missing for the yield buffer strategy
#295
c4-bot-1
closed
5 months ago
6
Analysis
#294
c4-bot-8
closed
5 months ago
2
yielVault might not be reachable or paused, which can lead to the prize vault not minting shares correctly
#293
c4-bot-8
closed
5 months ago
4
QA Report
#292
c4-bot-8
closed
5 months ago
3
Decimal mismatch prevents deposits, eroding trust and causing financial discrepancies.
#291
c4-bot-8
closed
5 months ago
4
Failure of `PrizeVault::depositWithPermit` Function on Tokens Without EIP-2612 Permit Feature
#290
c4-bot-6
closed
5 months ago
4
Analysis
#289
c4-bot-1
opened
5 months ago
2
Analysis
#288
c4-bot-8
opened
5 months ago
2
Potential Deployment and Functional Failure of The Contracts on L2s Due to Dencun Opcodes
#287
c4-bot-9
closed
5 months ago
6
QA Report
#286
c4-bot-10
closed
5 months ago
5
No check on ERC20 transfer
#285
c4-bot-9
closed
5 months ago
3
Both `deposit`/`mint` use 1:1 ratio even if vault has less assets than debts
#284
c4-bot-1
closed
5 months ago
4
`TwabERC20.permit()` can be easily griefed by anyone
#283
c4-bot-3
closed
5 months ago
3
`depositWithPermit` can only be called by the permit creator
#282
c4-bot-3
closed
5 months ago
3
`YieldFeebalance` can be non-withdrawable in specific edge case
#281
c4-bot-1
closed
5 months ago
6
Prize Vault can overinflate contributions to the Prize Pool
#280
c4-bot-1
closed
5 months ago
5
# Potential reward manipulation
#279
c4-bot-4
closed
5 months ago
10
In times of negative yield, the faster withdrawers can prevent other people from withdrawing, resulting in stuck funds
#278
c4-bot-9
closed
5 months ago
4
QA Report
#277
c4-bot-4
closed
5 months ago
3
Winners call on hook may exceed the hardcoded gas limit
#276
c4-bot-4
closed
5 months ago
9
QA Report
#275
c4-bot-4
closed
5 months ago
3
Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault
#274
c4-bot-6
opened
5 months ago
13
Gas Optimizations
#273
c4-bot-7
opened
5 months ago
6
Loss of Funds Due to Incorrect Deduction in `claimYieldFeeShares` Function
#272
c4-bot-2
closed
5 months ago
4
Invalid validation for liquidationPair in `PrizeVaultsetLiquidationPair()` function. The protocol may not perform its role due to invalid validation of `liquidationPair` in the `PrizeVault.sol#setLiquidationPair()` function.
#271
c4-bot-4
closed
5 months ago
4
No slippage control in the `PrizeVault.sol#withdraw()` and `PrizeVault.sol#redeem()` functions. The lack of slippage control for `PrizeVault.sol#withdraw()`, `PrizeVault.sol#redeem()` function can lead to a loss of assets for the affected users.
#270
c4-bot-9
closed
5 months ago
4
Incorrect handling of yieldFeeBalance in `PrizeVault.sol#claimYieldFeeBalance()` function. Because `yieldFeeBalance` was processed incorrectly in the `PrizeVault.sol#claimYieldFeeBalance()` function, the `recipient` of the `yieldFee` suffers a loss.
#269
c4-bot-8
closed
5 months ago
4
Liquidation of `_availableYield` could lead to a temporary DoS due to unclaimed `YieldFees`
#268
c4-bot-2
closed
5 months ago
3
The sponsored amount can be revoked by prize vault owner to deceive users
#267
c4-bot-1
closed
5 months ago
4
Incorrect yield fee calculation will charge more on transferring tokens out than expected
#266
c4-bot-7
closed
5 months ago
1
Fee recipient may block users withdrawal if yieldFee is calculated within a certain range
#265
c4-bot-10
closed
5 months ago
5
function claimYieldFeeShares doesnt update yieldFeeBalance accurately
#264
c4-bot-3
closed
5 months ago
5
A Malicious Prize Winner Can Steal the ClaimReward From the Claimer Using the BeforeClaimPrize Hook
#263
c4-bot-1
closed
5 months ago
15
When a user sponsors with a certain amount, all his previous delegate will also be cleared
#262
c4-bot-8
closed
5 months ago
3
YieldFee in PrizeVault is calculated incorrectly
#261
c4-bot-6
closed
5 months ago
3
Return value of ERC20::transfer function is not checked in withdraw
#260
c4-bot-2
closed
5 months ago
3
Previous
Next