-
Notifications
You must be signed in to change notification settings - Fork 4
Issues: code-423n4/2024-03-pooltogether-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
The winner can steal claimer fees, and force him to pay for the gas
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-01
primary issue
Highest quality submission among a set of duplicates
🤖_78_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#345
opened Mar 11, 2024 by
c4-bot-6
_maxYieldVaultWithdraw()
uses yieldVault.convertToAssets()
2 (Med Risk)
#336
opened Mar 11, 2024 by
c4-bot-5
maxDeposit()
uses yieldVault.maxDeposit()
but _depositAndMint()
uses yieldVault.mint()
2 (Med Risk)
#335
opened Mar 11, 2024 by
c4-bot-10
Analysis
A-02
analysis-advanced
edited-by-warden
grade-a
high quality report
This report is of especially high quality
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#305
opened Mar 11, 2024 by
c4-bot-3
Lack of Slippage Protection in Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-04
primary issue
Highest quality submission among a set of duplicates
🤖_90_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
withdraw
/redeem
Functions of the Vault
2 (Med Risk)
#274
opened Mar 11, 2024 by
c4-bot-6
yieldFeeBalance
wouldn't be claimed after calling transferTokensOut()
.
2 (Med Risk)
#244
opened Mar 11, 2024 by
c4-bot-9
Gas Optimizations
bug
Something isn't working
G (Gas Optimization)
G-08
grade-a
high quality report
This report is of especially high quality
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#236
opened Mar 11, 2024 by
c4-bot-1
Funds locked due to missing transfer check
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
high quality report
This report is of especially high quality
M-06
primary issue
Highest quality submission among a set of duplicates
🤖_90_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#235
opened Mar 11, 2024 by
c4-bot-7
QA Report
bug
Something isn't working
edited-by-warden
grade-a
high quality report
This report is of especially high quality
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#212
opened Mar 11, 2024 by
c4-bot-4
PrizeVault.maxDeposit()
doesn't take into account produced fees
2 (Med Risk)
#91
opened Mar 8, 2024 by
c4-bot-8
Any fee claim lesser than the total Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-01
high quality report
This report is of especially high quality
primary issue
Highest quality submission among a set of duplicates
🤖_10_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
yieldFeeBalance
as unit of shares is lost and locked in the PrizeVault
contract
3 (High Risk)
#59
opened Mar 8, 2024 by
c4-bot-4
Permit doesnt work with DAI
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-08
primary issue
Highest quality submission among a set of duplicates
🤖_17_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#51
opened Mar 7, 2024 by
c4-bot-10
ProTip!
Updated in the last three days: updated:>2024-10-16.