Skip to content

Issues: code-423n4/2023-09-centrifuge-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
14 Open 465 Closed
14 Open 465 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Analysis A-01 analysis-advanced grade-b low quality report This report is of especially low quality
#782 opened Sep 14, 2023 by c4-submissions
2
The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working low quality report This report is of especially low quality M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#779 opened Sep 14, 2023 by c4-submissions
12
Wards cannot intervene on liquidity pools bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-41 grade-b low quality report This report is of especially low quality Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#761 opened Sep 14, 2023 by c4-submissions
5
Analysis A-02 analysis-advanced edited-by-warden grade-b low quality report This report is of especially low quality
#747 opened Sep 14, 2023 by c4-submissions
2
withApproval modifier is not working as expected bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-41 grade-b low quality report This report is of especially low quality Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#649 opened Sep 14, 2023 by c4-submissions
3
Analysis A-08 analysis-advanced grade-b low quality report This report is of especially low quality
#616 opened Sep 14, 2023 by c4-submissions
3
[M-05] LiquidityPool.withApproval(): Wards not checked, not allowing authorized admin to call functions bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-41 grade-b low quality report This report is of especially low quality Q-17 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#559 opened Sep 14, 2023 by c4-submissions
4
It is not possible to call RestrictionManager.updateMembers through the gateway and update multiple members at the same time bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a low quality report This report is of especially low quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#393 opened Sep 14, 2023 by c4-submissions
11
unlimiting the delay period with minimum threshold allow the delay period to be set too low and allow a malicious ScheduleUpgrade message to be executed on the root contract and gain access on the other contracts. bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a low quality report This report is of especially low quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#298 opened Sep 14, 2023 by c4-submissions
3
Unchecked Return Values of PoolManager::isAllowedAsPoolCurrency() bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b low quality report This report is of especially low quality Q-24 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#246 opened Sep 13, 2023 by c4-submissions
9
Gas griefing of Centrifuge relay gas bot bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-147 grade-a low quality report This report is of especially low quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#232 opened Sep 13, 2023 by c4-submissions
3
Missing check in PoolManager.addTranche() if the decimals for a new tranch are <= MAX_CURRENCY_DECIMALS can lead to stuck stable coins bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-123 grade-a low quality report This report is of especially low quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#219 opened Sep 13, 2023 by c4-submissions
3
DelayedAdmin Cannot PauseAdmin.removePauser 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden low quality report This report is of especially low quality M-07 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#92 opened Sep 12, 2023 by c4-submissions
8
LiquidityPool is not fully compliant with ERC4626 bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b low quality report This report is of especially low quality primary issue Highest quality submission among a set of duplicates Q-39 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#25 opened Sep 10, 2023 by c4-submissions
10
ProTip! Exclude everything labeled bug with -label:bug.