-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2021-11-vader-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Unused imported contract in xVader
bug
Something isn't working
G (Gas Optimization)
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
XVader
#269
opened Nov 16, 2021 by
code423n4
inconsistent use of msg.sender and _msgSender()
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
Vader
#267
opened Nov 16, 2021 by
code423n4
setComponents function specs and logic mismatch
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#262
opened Nov 16, 2021 by
code423n4
Users Can Reset Bond Depositor's Vesting Period
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
VaderBond
#259
opened Nov 16, 2021 by
code423n4
Mixing different types of LP shares can lead to losses for Synth holders
3 (High Risk)
Assets can be stolen/lost/compromised directly
BasePoolV2
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
VaderPoolV2
#257
opened Nov 15, 2021 by
code423n4
Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings
3 (High Risk)
Assets can be stolen/lost/compromised directly
BasePoolV2
bug
Something isn't working
duplicate
This issue or pull request already exists
VaderMath
VaderPoolV2
VaderReserve
VaderRouterV2
#255
opened Nov 15, 2021 by
code423n4
Unused slippage params
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderRouter
#253
opened Nov 15, 2021 by
code423n4
VaderPoolV2.rescue results in loss of funds rather than recoverability
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
VaderPoolV2
#251
opened Nov 15, 2021 by
code423n4
Add method to migrate from fungible to nonfungible liquidity
bug
Something isn't working
G (Gas Optimization)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
VaderPoolV2
#237
opened Nov 15, 2021 by
code423n4
safe transfer of tokens
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#234
opened Nov 15, 2021 by
code423n4
block times 13s -> 12s
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
VaderBond
#231
opened Nov 15, 2021 by
code423n4
Unsupported tokens can be given fungible LP support
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderPoolV2
#230
opened Nov 15, 2021 by
code423n4
Contracts VaderPoolFactory and VaderReserve can be initialized multiple times
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
#228
opened Nov 15, 2021 by
code423n4
LinearVesting missing events
0 (Non-critical)
#225
opened Nov 15, 2021 by
code423n4
Store VaderPoolV2 address as immutable in LPWrapper
bug
Something isn't working
G (Gas Optimization)
LPWrapper
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#224
opened Nov 15, 2021 by
code423n4
Disregarding Check Effects in Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderBond
VaderBond.redeem()
0 (Non-critical)
#219
opened Nov 15, 2021 by
code423n4
Missing events for critical operations
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
VaderPoolV2
#214
opened Nov 15, 2021 by
code423n4
Wrong design of Assets can be stolen/lost/compromised directly
bug
Something isn't working
question
Further information is requested
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderMath
swap() results in unexpected and unfavorable outputs
3 (High Risk)
#213
opened Nov 15, 2021 by
code423n4
Wrong design/implementation of Assets can be stolen/lost/compromised directly
bug
Something isn't working
question
Further information is requested
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderPoolV2
addLiquidity() allows attacker to steal funds from the liquidity pool
3 (High Risk)
#212
opened Nov 15, 2021 by
code423n4
mintSynth() and burnSynth() can be front run
3 (High Risk)
#209
opened Nov 15, 2021 by
code423n4
Changing function visibility from public to external can save gas
bug
Something isn't working
G (Gas Optimization)
Timelock
#207
opened Nov 15, 2021 by
code423n4
SwapQueue.sol Incomplete implementation
0 (Non-critical)
#206
opened Nov 15, 2021 by
code423n4
USDV.sol Incomplete implementation
0 (Non-critical)
#205
opened Nov 15, 2021 by
code423n4
Lack of access control allow attacker to Assets can be stolen/lost/compromised directly
bug
Something isn't working
VaderPoolV2
mintFungible() and mintSynth() with other user's wallet balance
3 (High Risk)
#204
opened Nov 15, 2021 by
code423n4
VaderBond insufficient validation of max payout may prevent redeeming valid payout
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
VaderBond
#202
opened Nov 15, 2021 by
code423n4
Previous Next
ProTip!
no:milestone will show everything without a milestone.