code-423n4 redacted-bug-bounty issues

code-423n4 / redacted-bug-bounty

13 stars 9 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Update README.md

#88 kartoonjoy closed 5 days ago
0
Passing an arbitrary from address to transferFrom

#89 c4-bot-10 closed 1 week ago
2
PirexFees contract has Reentrancy External Call to User-Supplied Address on distributeFees function

#86 c4-bot-7 closed 2 months ago
2
Lack of Zero Address Check in transfer Function Allows Token Transfers to Zero Address

#87 c4-bot-8 closed 2 months ago
2
Reentrancy in RewardRecipient.sol::harvest() Function

#82 c4-bot-10 closed 2 months ago
2
Reentrancy Attack on RewardRecipient.sol::dissolveValidator Function

#83 c4-bot-7 closed 2 months ago
2
Reentrancy Attack in PirexEth:: emergencyWithdraw()

#84 c4-bot-10 closed 2 months ago
2
Reentrancy Risk on PirexEth :: instantRedeemWithPxEth(uint256 _assets, address _receiver)

#85 c4-bot-8 closed 2 months ago
2
Arbitrary transferfrom

#80 c4-bot-10 closed 3 months ago
1
This audit identifies and documents bugs on the Dinero website, ensuring compliance. The objective is to evaluate the website's functionality, security, and compliance with relevant regulations.

#81 c4-bot-3 closed 3 months ago
2
High-Risk Vulnerabilities in AutoPxEth Contract: Unchecked External Calls, Reentrancy, and Potential Underflow

#79 c4-bot-5 closed 4 months ago
1
Reentrancy Vulnerability in deposit Function Allowing Repeated ETH Deposits and pxETH Minting

#77 c4-bot-7 closed 4 months ago
1
Inaccurate Rewards Calculation During harvest

#78 c4-bot-6 closed 4 months ago
1
the most dangerous vulnerability

#76 c4-bot-7 closed 4 months ago
3
3 vonalblity

#75 c4-bot-5 closed 4 months ago
2
Integer Overflow and Underflow in initiateRedemption Function

#74 c4-bot-6 closed 4 months ago
2
Reentrancy Attack in `initiateRedemption` Function

#73 c4-bot-1 closed 4 months ago
1
This could potentially lead to a re-entrancy attack.

#72 c4-bot-3 closed 4 months ago
2
This can lead to inconsistencies in the contract's state, as an attacker may attempt to dissolve an unrelated validator by providing an invalid public key.

#71 c4-bot-6 closed 4 months ago
2
"ensure the oracle has the authority to dissolve the validator."

#70 c4-bot-6 closed 4 months ago
2
This can lead to inconsistencies in the contract's state.

#69 c4-bot-2 closed 4 months ago
2
consuming unnecessary storage space and causing the contract to become more expensive to interact with.

#68 c4-bot-3 closed 4 months ago
2
Denial of Service (DoS) attack

#67 c4-bot-9 closed 4 months ago
2
it does not perform any checks on the burner accounts' balance before attempting to burn the specified amount of pxETH.

#66 c4-bot-3 closed 4 months ago
1
The initiateRedemption function does not correctly calculate the postFeeAmount when the autoPxEth contract is involved.

#65 c4-bot-10 closed 4 months ago
1
integer overflow attack

#64 c4-bot-6 closed 4 months ago
1
unauthorized withdrawal

#63 c4-bot-1 closed 4 months ago
1
I found another potential vulnerability in the setPirexEth() function.

#62 c4-bot-6 closed 4 months ago
1
I found a vulnerability that could potentially be exploited by an attacker. The vulnerability lies in the setPlatformFee() function, which is used to set the platform fee.

#61 c4-bot-7 closed 4 months ago
1
Unauthorized Fee Distribution

#60 c4-bot-5 closed 5 months ago
2
Arbitrary from Address Parameter in PirexFees.distributeFees Function Allows Unauthorized Token Transfers

#59 c4-bot-1 closed 5 months ago
2
'harvest' function in the 'AutoPxEth' contract is vulnerable to reentrancy attack

#57 c4-bot-9 closed 5 months ago
2
Lack of check in the Harvest, will allow Platform to be siphoned

#58 c4-bot-2 closed 5 months ago
2
The check against sending ETH (if (_useBuffer && msg.value > 0) revert Errors.NoETHAllowed();) in the slashValidator function of the RewardRecipient contract the logic may be reversed

#54 c4-bot-3 closed 5 months ago
2
There is no indication that The OPERATOR_ROLE for managing sensitive operations, is being assigned to any entity upon contract deployment

#55 c4-bot-7 closed 5 months ago
2
The distributeFees function does not have explicit access controls, any address can trigger it.

#56 c4-bot-8 closed 5 months ago
2
Case Sensitivity Discrepancy in Event Emission Leads to Misinterpretation

#48 c4-bot-7 closed 6 months ago
2
Unnecessary Increment of `outstandingRedemptions` in `slashValidator` Function

#49 c4-bot-9 closed 6 months ago
2
Address Validation and SafeMath Usage

#50 c4-bot-3 closed 6 months ago
2
Potential Loss of Deposited Assets Due to Incorrect Rounding in `AutoPxEth` Contract

#51 c4-bot-2 closed 6 months ago
2
Privileged Role Vulnerabilities in DineroERC20 Contract

#52 c4-bot-5 closed 6 months ago
2
Website UI/UX QA

#53 c4-bot-1 closed 6 months ago
2
shares in previewWithdraw() is not calculated correctly

#46 c4-bot-6 closed 6 months ago
1
Asset to shares conversion allows asset withdrawal without share burning leading to loss of funds

#47 c4-bot-3 closed 6 months ago
3
[PirexFees.sol] - Event Emission Before Action in PirexFees Contract

#40 c4-bot-7 closed 6 months ago
2
[PirexEthValidators.sol] - Potential Reentrancy in slashValidator Function

#41 c4-bot-4 closed 6 months ago
2
Conditional ETH Handling and Buffer Usage in slashValidator Function

#42 c4-bot-1 closed 6 months ago
2
Event Emission Order in Fee Distribution Functionality

#43 c4-bot-5 closed 6 months ago
2
Static Reward Rate Calculation Leads to Inaccurate Reward Distribution

#44 c4-bot-9 closed 6 months ago
1
Incorrect Reward Balance Calculation

#45 c4-bot-8 closed 6 months ago
2