Skip to content

Issues: code-423n4/2024-03-pooltogether-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
12 Open 0 Closed
12 Open 0 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

The winner can steal claimer fees, and force him to pay for the gas 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-01 primary issue Highest quality submission among a set of duplicates 🤖_78_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#345 opened Mar 11, 2024 by c4-bot-6
15
_maxYieldVaultWithdraw() uses yieldVault.convertToAssets() 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-02 primary issue Highest quality submission among a set of duplicates 🤖_66_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#336 opened Mar 11, 2024 by c4-bot-5
16
maxDeposit() uses yieldVault.maxDeposit() but _depositAndMint() uses yieldVault.mint() 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-03 primary issue Highest quality submission among a set of duplicates 🤖_66_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#335 opened Mar 11, 2024 by c4-bot-10
17
Analysis A-02 analysis-advanced edited-by-warden grade-a high quality report This report is of especially high quality selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#305 opened Mar 11, 2024 by c4-bot-3
5
Lack of Slippage Protection in withdraw/redeem Functions of the Vault 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates 🤖_90_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#274 opened Mar 11, 2024 by c4-bot-6
13
yieldFeeBalance wouldn't be claimed after calling transferTokensOut(). 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-05 🤖_188_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#244 opened Mar 11, 2024 by c4-bot-9
10
Gas Optimizations bug Something isn't working G (Gas Optimization) G-08 grade-a high quality report This report is of especially high quality selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#236 opened Mar 11, 2024 by c4-bot-1
6
Funds locked due to missing transfer check 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden high quality report This report is of especially high quality M-06 primary issue Highest quality submission among a set of duplicates 🤖_90_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#235 opened Mar 11, 2024 by c4-bot-7
13
QA Report bug Something isn't working edited-by-warden grade-a high quality report This report is of especially high quality Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#212 opened Mar 11, 2024 by c4-bot-4
7
PrizeVault.maxDeposit() doesn't take into account produced fees 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-07 primary issue Highest quality submission among a set of duplicates 🤖_66_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#91 opened Mar 8, 2024 by c4-bot-8
11
Any fee claim lesser than the total yieldFeeBalance as unit of shares is lost and locked in the PrizeVault contract 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-01 high quality report This report is of especially high quality primary issue Highest quality submission among a set of duplicates 🤖_10_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#59 opened Mar 8, 2024 by c4-bot-4
10
Permit doesnt work with DAI 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-08 primary issue Highest quality submission among a set of duplicates 🤖_17_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#51 opened Mar 7, 2024 by c4-bot-10
11
ProTip! Updated in the last three days: updated:>2024-10-16.