Simply want to collect reports which i read day in and out.
- [M] Schain owners can rug pull users' funds
- [M] Centralisation risk: admin role of
TokenManagerEthcan rug pull all Eth from the bridge - [M] compromised
ownercan drain funds fromVeTokenMinter.sol - [M]
VoterProxyincorrectly assumes a 1-1 mapping between the gauge and the LP tokens.
- [M] NPM Dependency confusion. Unclaimed NPM Package and Scope/Org
- [M] No use of upgradeable SafeERC20 contract in Controller.sol
- [M] Inconsistency between constructor and setting method for slippageTolerance
- [M] ERC721SeaDrop owner can choose an address they control as the admin when the constructor is
- [M] Use safeTransferFrom instead of transferFrom for ERC721 transfers
- QSP-1 Max supply of 500 is not enforced at the token level
- QSP-2 Minter can burn token on any address
- [M]Possibility of DOS due to overflow
- [M] Possible DOS in 'allVestingRecipients()' function because of unbounded gas consumption.
- [M] [Denial-of-Service] Contract Owner Could Block Users From Withdrawing Their Strike
- [H] Denial of Service
- [M] Malicious users could block liquidation or perform DOS
- Vault can be placed back into vulnerable low supply state
- Potential funds locked due low token decimal and long stream duration
- [M] Unhandled chainlink revert would lock all price oracle access
- [H] PEUSD.CONVERTTOPEUSD() CALL COULD CAUSE A DENIAL OF SERVICE IN THE DISTRIBUTEREWARDS FUNCTION
- [M] !_account.isContract() can be bypassed
- Passing multiple ETH deposits in orders array will use the same
msg.valuemany times
- [M] Unsafe call to
ERC20::transfercan result in stuck funds. - [H] First vault depositor can steal subsequent depositors’ tokens.
- [M] UniswapV3’s path issue for swapExactOutput
- [M] https://solodit.xyz/auth?next=/issues/m-01-code4rena-blockswap-blockswap-formal-verification-contest-with-certora-git
- [M] Cancellation refunds should return tokens to order creator, not recipient
- [M] M-2: Because of rounding issues, users may not be able to withdraw airdrop tokens if their claim has been adjust()'ed upwards
- [M] Gas stipend for external call might be insufficient and lead to stuck ETH
- [WP-H3] L1Migrator.sol#migrateETH() Improper implementation of L1Migrator causing migrateETH() always reverts, can lead to ETH in BridgeMinter getting stuck in the contract
- [M] Gas stipend for external call might be insufficient and lead to stuck ETH
- [M] Any native assets in the LiFiDiamond can be took by anyone
- [M] Ether can be locked in the
PoolFactorycontract without a way to retrieve it - Stop Using Solidity's transfer() Now
- [M] BLOCK_PERIOD is incorrect
- keccak123 - abi.encodePacked Allows Hash Collision
- XSS via SVG Construction contract
- 'onlyEOAEx' modifier that ensures call is from EOA might not hold true in the future
- THORChain_Router’stransferOut does not check transfer return values No 8
- getUserInfo() returns incorrect values for locked and stakedAmount
- Maximal approvals remain for the AssetManager's adapters and tokens after removal
- CURVEPOOL.EXCHANGEUNDERLYING() CALL COULD CONSTANTLY REVERT IN THE DISTRIBUTEREWARDS FUNCTION
- [M]
UNISWAP_FEEis hardcoded which will lead to significant losses compared to optimal routing - [M]
SWAP_ROUTERinAutoPxGmx.solis hardcoded and not compatible on Avalanche - [M] AddLiquidity and decreaseLiquidity missing slippage protection
- [M] Duplicate LP token could lead to incorrect reward distribution
- Missing
fromToken != toTokencheck inMarginRouter.crossSwapExactTokensForTokens/MarginRouter.crossSwapTokensForExactTokens - [H] swapTokens Function Is Unusable
- LP tokens can be transferred to empty address
- _updateTwav() and _getTwav() will revert when cumulativePrice overflows
- [M] Chainlink’s latestRoundData might return stale or incorrect results
- Should check return data from Chainlink aggregators
- ChainlinkAdapterOracle use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs
.latestRoundData()does not update the oracle -ExchangeRate.sol- MISUSE OF AN ORACLE
- ChainlinkAdapterOracle will return the wrong price for asset if underlying aggregator hits minAnswer
- Oracle periodSize = 0 which is as same as not using any oracle.
- latestRoundData() has no check for round completeness
- MISSING STALENESS CHECKS IN THE CHAINLINK.LATESTROUNDDATA() CALLS
- Interest accrued could be zero for small decimal tokens
- WithdrawPeriphery uses incorrect value for MAX_BPS which will allow much higher slippage than intended
- Basis points constant BPS_MAX is used as minimal fee amount requirement
- [M] IMPRECISE INTEREST RATE CALCULATIONS
- Permanent freeze of vested tokens due to overflow in _baseVestedAmount
- Lack of sanity check on _initialTokenSupply and _initialTokenPrice can lead to a seller losing his NFT
- Unsafe downcasting arithmetic operation in UserManager related contract and in UToken.sol
- FRAX admin can adjust fee rate to harm Napier and its users
- Incorrect unlockTime can DOS withdrawGovernanceAsset
- Any public vault without a delegate can be drained
- Malicious actors can lock all FEI and TRIBE in the GenesisGroup
- onlyOwner Role Can Unintentionally Influence "settleAuction()"
- [M]Hackers can deploy token with respective name as the stable one to impersonate the stable token
- [C] Slot Collision
- [M] It Will Not Be Possible to Bridge DAI to Blast
- [L] Error-Prone Initialization of Blast_Adapter.sol
- [L] Permit2 Witness Is Not Fully Compliant With EIP-712
- [L] Users May Lose Assets if They Specify an Empty Address as a Call Target 5. MintCap Check Missing in Cross-Chain Transfer
- Transfer token without user approval
- Potential locking of funds due to non standard ERC20 transfers
- [C] INCORRECT ERC-20 TOKEN VALUATION
- [C] MAINTAINERS MAY NOT BE ABLE TO PERFORM LIQUIDATIONS
- [C] POSSIBLE ACCOUNT TAKEOVER BY A MALICIOUS USER
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent