issues
search
code-423n4
/
2024-07-reserve-findings
5
stars
4
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
in `BackingManagerP1::rebalance` Wrong assertion will lead to panic reverts
#69
howlbot-integration[bot]
closed
2 months ago
2
The supply throttle checking in issuance should be performed after the `_scaleUp`.
#68
howlbot-integration[bot]
closed
2 months ago
2
`rsrRewardsAtLastPayout` is incorrectly updated to a smaller value in `seizeRSR`.
#67
howlbot-integration[bot]
closed
2 months ago
2
If the payout criteria are not met, `payoutLastPaid` should not be updated.
#66
howlbot-integration[bot]
closed
2 months ago
3
rsr can be unregistered from AssetRegistry to prevent seizure of stRSR holdings
#65
howlbot-integration[bot]
closed
2 months ago
3
Fixed#safeMulDiv rounds incorrect when rounding mode is set to ROUND
#64
howlbot-integration[bot]
opened
3 months ago
4
Using endtime for order cancelation deadline of gnosis auction could lead to bait and switch bid tactics
#63
howlbot-integration[bot]
closed
2 months ago
8
Auctioning revenue for rToken when issuance is disabled could lead to limited participation and worse pricing
#62
howlbot-integration[bot]
opened
3 months ago
3
rTokenTrader#distributeTokenToBuy could be bypassed during setDistribution by purposefully providing too little gas
#61
howlbot-integration[bot]
opened
3 months ago
5
The `rateLimiter` functionality in the `Throttle.sol` contract can be bypassed
#60
howlbot-integration[bot]
closed
2 months ago
2
The discrepency in `issuancePremium` accounting, during the `issuance of RTokens` and the `available basket units` calculation in the `BackingManager`, could lead to an `incorrect assessment` of the `collateralization status`
#59
howlbot-integration[bot]
closed
2 months ago
2
Incorrect auction trade execution due to `issuancePremium` being applied in the `RecollateralizationLib.basketRange` computation
#58
howlbot-integration[bot]
closed
2 months ago
2
Potential for Inaccurate Melting Due to Balance Discrepancies
#57
howlbot-integration[bot]
closed
2 months ago
2
Custom Redemption Vulnerability in Reserve Protocol Allows Value Extraction
#56
howlbot-integration[bot]
closed
2 months ago
2
RSR Stakers Unintentionally Slashed During Collateral Depegging Despite Sufficient Collateral Backing
#55
howlbot-integration[bot]
closed
2 months ago
2
Inflated rsrTotal Due to Unchecked DAO Fee Calculation in totals() Function
#54
howlbot-integration[bot]
closed
2 months ago
3
RToken can manipulate distribution to avoid paying DAO fees
#53
c4-bot-6
opened
3 months ago
5
Upgradeability of collateral assets opens up the doors to reentrancy vulnerabilities
#52
c4-bot-5
closed
2 months ago
2
Governance can bypass DAO fee through custom EasyAuction implementation
#51
c4-bot-9
closed
2 months ago
15
Governance can still disable auctions
#50
c4-bot-2
closed
2 months ago
2
QA Report
#49
c4-bot-1
closed
3 months ago
1
Users are unable to bump their nonce
#48
c4-bot-8
closed
3 months ago
2
`BackingManager` is unable to rebalance if RSR is not registered
#47
c4-bot-9
closed
3 months ago
2
Invalid assets can still be used along the protocol
#46
c4-bot-4
closed
3 months ago
2
Protocol does not implement protection against upgradeable ERC-20s
#45
c4-bot-10
closed
3 months ago
2
Stake rate can be updated by functions that should not update it
#44
c4-bot-3
closed
3 months ago
1
`BackingManager` getting blocklisted by one token will result in DoS
#43
c4-bot-5
opened
3 months ago
3
Tokens with callback on transfer could potentially harm the system
#42
c4-bot-3
closed
3 months ago
2
`RevenueTrader` can sell unpriced assets for near zero value
#41
c4-bot-10
closed
3 months ago
5
Governance might be vulnerable during era transitions
#40
c4-bot-10
closed
2 months ago
3
Broken assumptions can lead to the inability to seize RSR
#39
c4-bot-3
opened
3 months ago
11
`GnosisTrade` can incorrectly report a violation due to the auction fee
#38
c4-bot-3
closed
3 months ago
11
Malicious users can DoS honest user redemptions utilizing throttles and flashloans
#37
c4-bot-3
closed
2 months ago
2
The default Governor Anastasius is unable to call `resetStakes`
#36
c4-bot-3
opened
3 months ago
3
Calling beginEra() in the StRSR initializer will incorrectly reset state variables
#35
c4-bot-4
closed
3 months ago
2
QA Report
#34
c4-bot-10
opened
3 months ago
6
Collaterals that become nonfunctional during an auction can DoS an RToken's rebalancing capabilities
#33
c4-bot-10
opened
3 months ago
5
Dutch auctions can fail to settle if any other collateral in the basket behaves unexpectedly
#32
c4-bot-4
opened
3 months ago
11
Issuance rate limit can be bypassed due to compounding effect in throttle mechanism
#31
c4-bot-5
closed
2 months ago
2
Deprecated versions can still be used for RToken upgrades if Main has been upgraded
#30
c4-bot-2
closed
2 months ago
2
Flawed violation reporting in Gnosis auctions can lead to unnecessary trading halts
#29
c4-bot-5
closed
2 months ago
2
No check for sequencer uptime can lead to dutch auctions executing at bad prices
#28
c4-bot-10
closed
3 months ago
1
Dutch auctions are vulnerable to block stuffing on L2s
#27
c4-bot-10
opened
3 months ago
12
Reward accounting functions still vulnerable to bypassing, leading to unintended reward distribution
#26
c4-bot-10
closed
2 months ago
2
RTokens issuances and redemptions at full throttle can fail when Furnace holds a balance
#25
c4-bot-9
closed
2 months ago
2
Dutch auction participants can lose funds in case the auction creation transaction is part of a chain reorg
#24
c4-bot-10
closed
2 months ago
3
RToken depositors can lose funds if their deployment is part of a block reorg
#23
c4-bot-9
closed
2 months ago
2
StRSR era changes can be leveraged for governance attacks
#22
c4-bot-9
closed
2 months ago
5
Users can dodge losses due to StRSR era changes with instant operations
#21
c4-bot-9
opened
3 months ago
14
Collateral tokens upgrades to different decimals break accounting
#20
c4-bot-9
closed
2 months ago
2
Previous
Next