-
Notifications
You must be signed in to change notification settings - Fork 1
Issues: code-423n4/2022-09-y2k-finance-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
timewindow
can be changed unexpectedly that blocks users from calling deposit
function
2 (Med Risk)
#483
opened Sep 19, 2022 by
code423n4
User fund lost because they can't withdraw() their funds before epoch startTime and they have to stuck in positions that become unprofitable even when epoch is not started
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#447
opened Sep 19, 2022 by
code423n4
Data returned by Oracles don't correctly represent their underlying meanings
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#425
opened Sep 19, 2022 by
code423n4
ethValue
should be reasonable to avoid overflow in FuzzTest
bug
#412
opened Sep 19, 2022 by
code423n4
High centralisation risk in the protocol
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#381
opened Sep 19, 2022 by
code423n4
Sensitivity to rapid price change
old-submission-method
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#287
opened Sep 19, 2022 by
code423n4
A design flaw in the case of using 2 oracles (aka PegOracle)
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
old-submission-method
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#283
opened Sep 19, 2022 by
code423n4
Oracle is tracked per token instead of per pair, leading to surprise results
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#100
opened Sep 16, 2022 by
code423n4
Rewards are not rolled over
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#93
opened Sep 16, 2022 by
code423n4
It's possible to change for Vault and lost control on it
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#66
opened Sep 16, 2022 by
code423n4
After the vault expires, users may still receive rewards through the StakingRewards contract
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#57
opened Sep 16, 2022 by
code423n4
StakingRewards reward rate can be dragged out and diluted
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#52
opened Sep 16, 2022 by
code423n4
StakingRewards.setRewardsDuration allows setting near zero or enormous rewardsDuration, which breaks reward logic
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#51
opened Sep 16, 2022 by
code423n4
StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#50
opened Sep 16, 2022 by
code423n4
StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#49
opened Sep 16, 2022 by
code423n4
Fees are taken on risk collateral
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#44
opened Sep 16, 2022 by
code423n4
StakingRewards.sol#stake is intended to be pausable but isn't
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
selected for report
This submission will be included/highlighted in the audit report
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#38
opened Sep 16, 2022 by
code423n4
ProTip!
Exclude everything labeled
bug
with -label:bug.