-
Notifications
You must be signed in to change notification settings - Fork 14
Issues: code-423n4/2023-09-centrifuge-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
QA Report
bug
Something isn't working
grade-a
high quality report
This report is of especially high quality
Q-18
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#548
opened Sep 14, 2023 by
c4-submissions
onlyCentrifugeChainOrigin() can't require msg.sender equal axelarGateway
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
high quality report
This report is of especially high quality
M-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#537
opened Sep 14, 2023 by
c4-submissions
Calling of LiquidityPool#requestDepositWithPermit() or LiquidityPool#requestRedeemWithPermit() could be failed due to a frontrun of a call to ERC20PermitLike.permit()
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-a
Q-23
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#468
opened Sep 14, 2023 by
c4-submissions
QA Report
bug
Something isn't working
edited-by-warden
grade-a
high quality report
This report is of especially high quality
Q-29
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#397
opened Sep 14, 2023 by
c4-submissions
Unchecked Return Values of PoolManager::isAllowedAsPoolCurrency()
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
low quality report
This report is of especially low quality
Q-24
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#246
opened Sep 13, 2023 by
c4-submissions
LiquidityPool::requestRedeemWithPermit
transaction can be front run with the different liquidity pool
2 (Med Risk)
#227
opened Sep 13, 2023 by
c4-submissions
Cached Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
high quality report
This report is of especially high quality
M-04
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
DOMAIN_SEPARATOR
is incorrect for tranche tokens potentially breaking permit integrations
2 (Med Risk)
#146
opened Sep 13, 2023 by
c4-submissions
You can deposit for other users really small amount to DoS them
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-05
primary issue
Highest quality submission among a set of duplicates
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#143
opened Sep 13, 2023 by
c4-submissions
Investors claiming their maxDeposit by using the LiquidityPool.deposit() will cause that other users won't be able to claim their maxDeposit/maxMint
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
high quality report
This report is of especially high quality
M-06
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#118
opened Sep 12, 2023 by
c4-submissions
DelayedAdmin Cannot Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
low quality report
This report is of especially low quality
M-07
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
PauseAdmin.removePauser
2 (Med Risk)
#92
opened Sep 12, 2023 by
c4-submissions
QA Report
bug
Something isn't working
edited-by-warden
grade-b
high quality report
This report is of especially high quality
Q-36
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#46
opened Sep 11, 2023 by
c4-submissions
trancheTokenAmount
should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.
2 (Med Risk)
#34
opened Sep 10, 2023 by
c4-submissions
LiquidityPool is not fully compliant with ERC4626
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
Q-39
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#25
opened Sep 10, 2023 by
c4-submissions
ProTip!
Exclude everything labeled
bug
with -label:bug.