code-423n4 2024-07-reserve-findings issues

code-423n4 / 2024-07-reserve-findings

5 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #111 [1725087164029]

#120 c4-judge closed 2 months ago
2
Upgraded Q -> 2 from #34 [1724972088801]

#119 c4-judge closed 2 months ago
2
DutchAuction and BatchAuction is suspected to reorg attack

#117 howlbot-integration[bot] closed 3 months ago
1
Incorrect Exchange Rate Calculation in `_scaleUp()` Function Allows Inflated RToken Supply and Insufficient Collateral Backing

#116 howlbot-integration[bot] closed 2 months ago
5
Reentrancy Vulnerability in bidWithCallback(bytes) in the DutchTrade contract

#115 howlbot-integration[bot] closed 2 months ago
3
Critical Bug in prepareTradeToCoverDeficit Function Causing Zero Sell Amount in TradeLib Contract

#114 howlbot-integration[bot] closed 2 months ago
3
RSR holders could get less staked stRSR than expected

#113 howlbot-integration[bot] opened 3 months ago
4
RSR Unstake Denial of Service Due to Underflow Error

#112 howlbot-integration[bot] closed 2 months ago
12
QA Report

#111 howlbot-integration[bot] opened 3 months ago
3
QA Report

#110 howlbot-integration[bot] opened 3 months ago
1
QA Report

#109 howlbot-integration[bot] opened 3 months ago
1
QA Report

#108 howlbot-integration[bot] opened 3 months ago
3
QA Report

#107 howlbot-integration[bot] opened 3 months ago
1
`BackingManager#grantRTokenAllowance()` & `AllowanceLib#safeApproveFallbackToMax()` would be non-functional for some supported tokens

#106 howlbot-integration[bot] closed 3 months ago
1
StRSRVotes owners can block token burning and transfers.

#105 howlbot-integration[bot] closed 3 months ago
1
Running external rebalancing might be delayed even after a Dutch auction has already been settled

#104 howlbot-integration[bot] closed 2 months ago
3
Some tokens revert if approval amounts are > type(uint96).max

#103 howlbot-integration[bot] closed 3 months ago
1
Reentrancy in RToken may lead to complete loss of funds

#102 howlbot-integration[bot] closed 3 months ago
1
dutchAuctionLength & batchAuctionLength are allowed set to zero.

#101 howlbot-integration[bot] closed 3 months ago
3
Volatile exchange rates cause slippage loss to users during issuance and rebalancing the collateral

#100 howlbot-integration[bot] closed 3 months ago
1
No check for sequencer uptime will lead dutch auctions executing at worst prices

#99 howlbot-integration[bot] closed 3 months ago
1
Delegation to the `zero address` can lead to permanent loss of the user's voting power

#98 howlbot-integration[bot] closed 3 months ago
3
Rounding Errors in distribute Function Cause Undistributed Tokens and Potential Fund Loss

#97 howlbot-integration[bot] closed 3 months ago
1
`PermitLib#requireSignature()`would fail even for valid signatures from counterfactual wallets

#96 howlbot-integration[bot] closed 2 months ago
3
Not enough gas might still pass on Arbitrum breaking the logic

#95 howlbot-integration[bot] closed 2 months ago
3
Lack of sequencer uptime checks can lead to dutch auctions executing at bad prices or failing

#94 howlbot-integration[bot] closed 2 months ago
6
delegateBySig() does not validate the delegatee address, malicious user can lock other user's NFT(funds)

#93 howlbot-integration[bot] closed 2 months ago
3
Precision loss when calculating the transfer amount inside the distribute function of the Distributor contract

#92 howlbot-integration[bot] closed 2 months ago
3
Potential Risk that Deprecated Assets can be Used as Valid Ones

#91 howlbot-integration[bot] closed 2 months ago
3
Admin can't set throttle amount as zero.

#90 howlbot-integration[bot] closed 2 months ago
2
Throttle rate is applied incorrectly.

#89 howlbot-integration[bot] opened 3 months ago
7
Attacker can manipulate auction outcome by exploiting rounding in clearingPrice calculation (`GnosisTrade::settle`)

#88 howlbot-integration[bot] closed 2 months ago
2
BackingManager can seize more RSR than intended due to calculation error (`StRSRP1::seizeRSR()`)

#87 howlbot-integration[bot] closed 2 months ago
3
Malicious users can extract excess RSR due to incorrect rate calculations (`StRSRP1::unstake` and `StRSRP1::withdraw`)

#86 howlbot-integration[bot] closed 2 months ago
2
Exchange rate calculation exploit via Stake/Unstake

#85 howlbot-integration[bot] closed 2 months ago
2
Unintended Token Transfer Can Disrupt Distribution Process (`RevenueTraderP1::returnTokens`)

#84 howlbot-integration[bot] closed 2 months ago
2
Silent Failure in `settleTrade` Can Lead to Incomplete Operations and Stuck Funds (`RevenueTraderP1::settleTrade`)

#83 howlbot-integration[bot] closed 2 months ago
3
Incorrect Balance Update in `FurnaceP1::melt()` Will Lead to Reduced RToken Melting Over Time

#82 howlbot-integration[bot] closed 2 months ago
2
Attacker can force basket disabling during asset unregistration (`AssetRegistryP1::unregister`)

#81 howlbot-integration[bot] closed 2 months ago
3
Users will be unable to redeem tokens when unregistered assets exist in old baskets (`RTokenP1::redeemCustom`)

#80 howlbot-integration[bot] closed 2 months ago
2
Hyperinflation of RSR tokens during withdrawal

#79 howlbot-integration[bot] closed 2 months ago
6
`BasketHandler::price` returns the wrong lower end of the price estimate

#78 howlbot-integration[bot] closed 2 months ago
2
Revert on type(uint256).max on some tokens

#77 howlbot-integration[bot] closed 2 months ago
2
Unexpected loss of funds due to missing of the return value check

#76 howlbot-integration[bot] closed 2 months ago
3
The Loss of Fund of the protocol due to Incorrect Boundary Check of Loop

#75 howlbot-integration[bot] closed 2 months ago
2
Lack of Slippage Protection in `issueTo()` functions of the `RToken` contract

#74 howlbot-integration[bot] closed 2 months ago
2
Potential Manipulation of Draft RSR During Mass Unstaking Events

#73 howlbot-integration[bot] closed 2 months ago
2
Potential Bypass of Era Consistency Check in Proposal Execution

#72 howlbot-integration[bot] closed 2 months ago
2
The net issuance or net redemption may exceeds the per hour limit.

#71 howlbot-integration[bot] closed 2 months ago
2
First depositer in rToken can ensure that second always suffers a loss of funds

#70 howlbot-integration[bot] closed 2 months ago
3