Skip to content

Issues: code-423n4/2023-08-verwa-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
13 Open 0 Closed
13 Open 0 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working edited-by-warden Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
#448 opened Aug 10, 2023 by code423n4
2
Analysis A-06 analysis-advanced grade-a high quality report This report is of especially high quality selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#446 opened Aug 10, 2023 by code423n4
10
User don't have to deposit for a week into the market to get his weekly reward from the LendingLedger 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#416 opened Aug 10, 2023 by code423n4
7
Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#396 opened Aug 10, 2023 by code423n4
11
Users can front-run calls to change_gauge_weight to gain extra voting power 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-01 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#294 opened Aug 10, 2023 by code423n4
13
When adding a gauge, its initial value has to be set by an admin or all voting power towards it will be lost 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-03 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") upgraded by judge Original issue severity upgraded from QA/Gas by judge
#288 opened Aug 10, 2023 by code423n4
14
Delegated votes are locked when owner lock is expired 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-04 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#268 opened Aug 10, 2023 by code423n4
13
It is possible to DoS all the functions related to some gauge in GaugeController 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-05 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#206 opened Aug 10, 2023 by code423n4
5
Users may be forced into long lock times to be able to undelegate back to themselves. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-06 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#182 opened Aug 10, 2023 by code423n4
12
Upon IncreaseAmount the lock may not align to the nearest weekly increment 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#145 opened Aug 9, 2023 by itsmetechjay
8
lack of access control in LendingLedger.sol#checkpoint_lender and function checkpoint_market 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-07 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#142 opened Aug 9, 2023 by itsmetechjay
8
Replace old_sum_bias by old_bias 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#140 opened Aug 9, 2023 by itsmetechjay
8
If governance removes a gauge, user's voting power for that gauge will be lost. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-08 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") upgraded by judge Original issue severity upgraded from QA/Gas by judge
#62 opened Aug 9, 2023 by code423n4
10
ProTip! Mix and match filters to narrow down what you’re looking for.