Skip to content

Issues: code-423n4/2023-07-pooltogether-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

109 Open 370 Closed
109 Open 370 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#472 opened Jul 14, 2023 by code423n4
1
Analysis A-01 analysis-advanced grade-b sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#471 opened Jul 14, 2023 by code423n4
3
IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#470 opened Jul 14, 2023 by code423n4
10
Gas Optimizations bug Something isn't working G (Gas Optimization) G-01 grade-b
#469 opened Jul 14, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-02 grade-b
#467 opened Jul 14, 2023 by code423n4
2
Unintended or Malicious Use of Prize Winners' Hooks 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#465 opened Jul 14, 2023 by code423n4
8
TwabLib::getTwabBetween can return innacurate balances if _startTime and _endTime aren't safely bounded 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#464 opened Jul 14, 2023 by code423n4
5
deposit function does not check for the maxMint amount. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#458 opened Jul 14, 2023 by code423n4
7
Balance invariant between individual and total twabs can be broken 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#452 opened Jul 14, 2023 by code423n4
3
Gas Optimizations bug Something isn't working G (Gas Optimization) G-03 grade-a sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#449 opened Jul 14, 2023 by code423n4
3
Gas Optimizations bug Something isn't working G (Gas Optimization) G-04 grade-a sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#448 opened Jul 14, 2023 by code423n4
3
The binarySearch exit condition is missing and may go into DOS or revert bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#445 opened Jul 14, 2023 by code423n4
4
The _currentExchangeRate of the Vault contract can't increase, and always be lower than or equal to _assetUnit 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#443 opened Jul 14, 2023 by code423n4
9
Analysis A-02 analysis-advanced grade-b sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#441 opened Jul 14, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-05 grade-a selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#440 opened Jul 14, 2023 by code423n4
5
Malicious user can steal other user's deposits from Vault.sol 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#439 opened Jul 14, 2023 by code423n4
5
Gas Optimizations bug Something isn't working G (Gas Optimization) G-06 grade-a sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#432 opened Jul 14, 2023 by code423n4
3
drawManager CAN BE SET TO A MALICIOUS ADDRESS 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#431 opened Jul 14, 2023 by code423n4
4
Analysis A-03 analysis-advanced grade-a selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#429 opened Jul 14, 2023 by code423n4
3
_amountOut is representing assets and shares at the same time in the liquidate function 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-03 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#427 opened Jul 14, 2023 by code423n4
5
In a scenario with unexpectedly many prizes, the auction will fail to adjust bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-a primary issue Highest quality submission among a set of duplicates Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#424 opened Jul 14, 2023 by code423n4
6
In important libraries of PoolTogether, the pow() function of PRBMath is used, which exhibits inconsistent return values 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-07 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#423 opened Jul 14, 2023 by code423n4
8
QA Report bug Something isn't working grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#422 opened Jul 14, 2023 by code423n4
2
Unchecked PERIOD_OFFSET, could be set in the future bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#421 opened Jul 14, 2023 by code423n4
3
Analysis A-04 analysis-advanced grade-b sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#420 opened Jul 14, 2023 by code423n4
2
ProTip! Find all open issues with in progress development work with linked:pr.