code-423n4 loopfi-bug-bounty issues

code-423n4 / loopfi-bug-bounty

5 stars 6 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Update bounty guidelines link

#48 CloudEllie opened 2 months ago
0
Incorrect Withdrawal Handling Before Loop Activation Allows Unintended Withdrawals

#50 c4-bot-6 closed 2 months ago
2
Missing Emergency Mode Check in lockETH Function

#51 c4-bot-10 closed 2 months ago
2
Potential Overflow in totalSupply Calculation in lock Function

#52 c4-bot-4 closed 2 months ago
2
Potential Denial of Service (DoS) Attack via ExchangeProxy

#53 c4-bot-4 closed 2 months ago
2
Unchecked External Calls (Potential Critical)

#54 c4-bot-4 closed 2 months ago
2
Ownership Takeover

#55 c4-bot-3 closed 2 months ago
2
Unrestricted Asset Withdrawals

#56 c4-bot-6 closed 2 months ago
2
Potential Backdoor in `setEmergencyMode`

#57 c4-bot-10 closed 2 months ago
2
Insufficient Validation for Owner Update

#58 c4-bot-6 closed 2 months ago
2
Lack of Access Control on Emergency Mode Activation

#59 c4-bot-9 closed 2 months ago
2
Insufficient Validation in `_validateData` Function

#60 c4-bot-5 closed 2 months ago
2
Reentrancy Risk on `_fillQuote` Function

#61 c4-bot-6 closed 2 months ago
2
User can use his own referral code and earn unfair advantage

#62 c4-bot-1 closed 2 months ago
2
Inconsistent Claim Behavior with Different Tokens

#63 c4-bot-3 closed 2 months ago
2
Partial Claims Not Properly Tracked

#64 c4-bot-10 closed 2 months ago
2
Ownership Transfer Edge Cases Not Handled

#65 c4-bot-1 closed 2 months ago
2
Malicious Input Handling in Claim Function

#66 c4-bot-9 closed 2 months ago
2
Precision Loss in Partial Claims

#67 c4-bot-8 closed 2 months ago
2
Emergency Withdrawal After Conversion Fails

#49 c4-bot-1 closed 2 months ago
2
Reentrancy Vulnerability in Withdraw Function

#68 c4-bot-3 closed 2 months ago
2
Claim any token other than WETH will fail.

#69 c4-bot-7 closed 2 months ago
3
Reentrancy on claim() and claimAndStake() functions

#70 c4-bot-7 closed 2 months ago
2
CDPVault Contract: Using wrong interest rate

#71 c4-bot-5 closed 2 months ago
2
The _referral has not undergone validity verification.

#72 c4-bot-9 closed 2 months ago
2
Code Redundancy

#73 c4-bot-8 closed 2 months ago
2
code redundancy

#74 c4-bot-2 closed 2 months ago
2
Claim any token other than WETH will fail.

#47 crypt0nX closed 3 months ago
0
Reentrancy attack, Fallback Function, etc

#75 c4-bot-9 closed 2 months ago
2
Weights in Balancer Managed Pools Can Change

#46 c4-bot-6 closed 3 months ago
1
Method _claim() has hard check on _percentage > 0 while in case of WETH it's not needed

#45 c4-bot-8 closed 3 months ago
1
Uninitialized Local Variables (`uninitialized-local`)

#44 c4-bot-5 closed 3 months ago
1
Arbitrary ETH Sending (`arbitrary-send-eth`)

#43 c4-bot-1 closed 3 months ago
1
Sandwhich Attack on Claim Transaction

#42 c4-bot-8 closed 3 months ago
2
LoopFi PrelaunchPoints.sol Audit Report

#34 c4-bot-6 closed 3 months ago
2
Insufficient Checks in Token Recovery Function

#33 c4-bot-8 closed 3 months ago
2
No Check for Validity of _token Address

#32 c4-bot-8 closed 3 months ago
2
Unintended Distribution of Extra lpETH Tokens

#31 c4-bot-9 closed 3 months ago
1
users could lockETH() and lockETHFor(), but claim() with ETH token addr will revert

#41 c4-bot-5 closed 3 months ago
2
Extra lpETH (sent by external actor) is not distributed among all users

#40 c4-bot-8 closed 3 months ago
2
This audit identifies and documents bugs on the LoopFi website, ensuring compliance with ISO 27001 standards. The objective is to evaluate the website's functionality, security, and compliance with relevant regulations.

#30 c4-bot-3 closed 3 months ago
1
Lack of validate `minBuyAmount` in `calldata` can cause lost protocol funds

#29 c4-bot-2 closed 3 months ago
2
Lack of validate `minBuyAmount` in `calldata` can cause lost protocol funds

#28 c4-bot-3 closed 3 months ago
2
Claim any token other than WETH will fail.

#27 c4-bot-9 closed 3 months ago
4
Invalid Percentage Input in _claim Function Can Cause Underflow

#26 c4-bot-2 closed 3 months ago
1
Users still able to get lpETH tokens from depositing WETH after startClaimDate despite fix from previous C4 audit

#39 c4-bot-5 closed 3 months ago
2
Temporary/Permanent loss of funds if user can still deposit in an Emergency mode

#25 c4-bot-1 closed 3 months ago
2
When user overpays when locking ETH there will be no refund to them causing loss of funds

#24 c4-bot-1 closed 3 months ago
2
Insecure Usage of block.timestamp

#23 c4-bot-2 closed 3 months ago
1
User can't `withdraw` his tokens even in `emergencyMode`

#22 c4-bot-1 closed 4 months ago
1