-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2024-10-ronin-validation
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Lack of Price Impact & Slippage Protection in quoteExactInput
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
π€_17_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#266
opened Oct 30, 2024 by
c4-bot-4
No way for governance to properly update Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
feeProtocolNum and feeProtocolDen
2 (Med Risk)
#252
opened Oct 30, 2024 by
c4-bot-4
Unvalidated Assets can be stolen/lost/compromised directly
bug
Something isn't working
π€_50_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
msg.value in AggregateRouter::execute() Allows Unauthorized WRAP_ETH and UNWRAP_WETH Operations, Potentially Leading to Contract Fund Drain
3 (High Risk)
#208
opened Oct 30, 2024 by
c4-bot-10
Insufficient input validation may lead to loss of funds due to invalid or malicious input data.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_00_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#183
opened Oct 30, 2024 by
c4-bot-8
Precision Loss in Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
getAmountOut Function Leads to Incorrect Price Calculations
2 (Med Risk)
#174
opened Oct 30, 2024 by
c4-bot-6
katanaV3SwapCallback and _swap() do not deal with the recurisve base case of empty path well, leading to non-function for v3SwapExactOutput.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
π€_19_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#170
opened Oct 30, 2024 by
c4-bot-4
V3SwapRouter.V3SwapExactOutput() has the wrong implementation since it applies the
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
π€_19_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#169
opened Oct 30, 2024 by
c4-bot-4
Missing Fee Parameter in pairFor Function Leads to Incorrect Pair Address Calculation
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#148
opened Oct 28, 2024 by
c4-bot-6
require nextId to be zero will always revert due to nextId already initialized to 1
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#143
opened Oct 28, 2024 by
c4-bot-3
Incorrect handling of Fee Accounting
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#140
opened Oct 28, 2024 by
c4-bot-8
Handling External Calls to IERC20Metadata.decimals() Failing Silently
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#136
opened Oct 27, 2024 by
c4-bot-4
ETH Dust Accumulation in Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_24_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
createAndInitializePoolIfNecessary
2 (Med Risk)
#128
opened Oct 27, 2024 by
c4-bot-9
KatanaV3Pool.observe() will likely revert when the current timestamp wraps around the 2**32 boundary, and after time >= 2**32, observations before < 2**32 all become not available to observe,
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
#122
opened Oct 26, 2024 by
c4-bot-6
Oracle.transform() calculates the wrong secondsPerLiquidityCumulativeX128 in the transform() functions during zero liquidity period, which affects the results for functions in KatanaV3Pool.sol.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_89_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#121
opened Oct 26, 2024 by
c4-bot-6
Divide-before-multiplication loss in Oracle.observseSingle() leads to inaccurate results for tickCumulative for the KatanaV3Pool contract.
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_primary
AI based primary recommendation
π€_29_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#120
opened Oct 26, 2024 by
c4-bot-3
NonfungiblePositionManager.increaseLiquidity() has missed the Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_07_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
isAuthorizedForToken(params.tokenId) modifier.
2 (Med Risk)
#117
opened Oct 26, 2024 by
c4-bot-3
Wrong implementation of accesss control for KatanaGovernance._authorized()
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
π€_18_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#116
opened Oct 25, 2024 by
c4-bot-8
Permission denied by frontrunning permit
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_53_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#115
opened Oct 25, 2024 by
c4-bot-6
NonFungiblePositionManager Is Liable To Underflow
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
π€_30_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#112
opened Oct 25, 2024 by
c4-bot-9
Missing Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
π€_10_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
address(0) while initializing the PeripheryImmutableState in his constructor.
2 (Med Risk)
#111
opened Oct 25, 2024 by
c4-bot-3
initialize will never execute in KatanaV3Factory and KatanaV3Pool
2 (Med Risk)
#106
opened Oct 24, 2024 by
c4-bot-6
Use of Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
π€_03_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
slot0 to get sqrtPriceX96 can lead to price manipulation.
3 (High Risk)
#102
opened Oct 24, 2024 by
c4-bot-9
Missing Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
sufficient quality report
This report is of sufficient quality
address(0) check in the Payments::pay function.
2 (Med Risk)
#101
opened Oct 24, 2024 by
c4-bot-9
When minting or increasing liquidity through NonfungiblePositionManager, excess ETH sent to the contract is not refunded
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
π€_74_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#98
opened Oct 24, 2024 by
c4-bot-8
Functions in AggregateRouter dont allow reverts
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
π€_primary
AI based primary recommendation
π€_54_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
#75
opened Oct 22, 2024 by
c4-bot-6
Previous Next
ProTip!
Mix and match filters to narrow down what youβre looking for.