Skip to content

Issues: code-423n4/2023-09-centrifuge-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort

Issues list

QA Report bug Something isn't working grade-a high quality report This report is of especially high quality Q-18 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#548 opened Sep 14, 2023 by c4-submissions
onlyCentrifugeChainOrigin() can't require msg.sender equal axelarGateway 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue high quality report This report is of especially high quality M-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#537 opened Sep 14, 2023 by c4-submissions
Calling of LiquidityPool#requestDepositWithPermit() or LiquidityPool#requestRedeemWithPermit() could be failed due to a frontrun of a call to ERC20PermitLike.permit() bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-a Q-23 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax satisfactory satisfies C4 submission criteria; eligible for awards sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#468 opened Sep 14, 2023 by c4-submissions
QA Report bug Something isn't working edited-by-warden grade-a high quality report This report is of especially high quality Q-29 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#397 opened Sep 14, 2023 by c4-submissions
Unchecked Return Values of PoolManager::isAllowedAsPoolCurrency() bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b low quality report This report is of especially low quality Q-24 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#246 opened Sep 13, 2023 by c4-submissions
LiquidityPool::requestRedeemWithPermit transaction can be front run with the different liquidity pool 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working high quality report This report is of especially high quality M-03 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#227 opened Sep 13, 2023 by c4-submissions
Cached DOMAIN_SEPARATOR is incorrect for tranche tokens potentially breaking permit integrations 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden high quality report This report is of especially high quality M-04 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#146 opened Sep 13, 2023 by c4-submissions
You can deposit for other users really small amount to DoS them 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#143 opened Sep 13, 2023 by c4-submissions
Investors claiming their maxDeposit by using the LiquidityPool.deposit() will cause that other users won't be able to claim their maxDeposit/maxMint 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working high quality report This report is of especially high quality M-06 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#118 opened Sep 12, 2023 by c4-submissions
DelayedAdmin Cannot PauseAdmin.removePauser 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden low quality report This report is of especially low quality M-07 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#92 opened Sep 12, 2023 by c4-submissions
QA Report bug Something isn't working edited-by-warden grade-b high quality report This report is of especially high quality Q-36 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#46 opened Sep 11, 2023 by c4-submissions
trancheTokenAmount should be rounded UP when proceeding to a withdrawal or previewing a withdrawal. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working high quality report This report is of especially high quality M-08 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#34 opened Sep 10, 2023 by c4-submissions
LiquidityPool is not fully compliant with ERC4626 bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b low quality report This report is of especially low quality primary issue Highest quality submission among a set of duplicates Q-39 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#25 opened Sep 10, 2023 by c4-submissions
ProTip! Exclude everything labeled bug with -label:bug.