Skip to content

Issues: code-423n4/2023-12-ethereumcreditguild-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

87 Open 1,202 Closed
87 Open 1,202 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1258 opened Dec 28, 2023 by c4-bot-1
4
No check for sequencer uptime can lead to dutch auctions failing or executing at bad prices 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#1253 opened Dec 28, 2023 by c4-bot-3
8
Inability to withdraw funds for certain users due to whenNotPaused modifier in RateLimitedMinter 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1249 opened Dec 28, 2023 by c4-bot-1
6
Analysis A-01 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#1239 opened Dec 28, 2023 by c4-bot-4
2
The term can be re-onboarded using a not allowed implementation bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#1231 opened Dec 28, 2023 by c4-bot-3
8
User may make their loss to be unburnable by anyone bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-152 grade-b Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1215 opened Dec 28, 2023 by c4-bot-7
4
The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#1194 opened Dec 28, 2023 by c4-bot-7
4
totalBorrowedCredit can revert, breaking gauges. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue M-03 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1170 opened Dec 28, 2023 by c4-bot-3
9
Analysis A-02 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#1169 opened Dec 28, 2023 by c4-bot-9
2
PnL system can be broken by large users intentionally or unintentionally. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue high quality report This report is of especially high quality M-04 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1166 opened Dec 28, 2023 by c4-bot-5
11
The user guild amount is not updated if the mintRatio is updated, causing users to get more rewards in the SurplusGuildMinter contract bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-937 grade-a high quality report This report is of especially high quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1160 opened Dec 28, 2023 by c4-bot-4
7
Replay attack to suddenly offboard the re-onboarded lending term 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue high quality report This report is of especially high quality M-05 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1147 opened Dec 28, 2023 by c4-bot-9
15
Propose Poll To OffBoard Would Expire Way Quicker In L2s bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-816 grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1144 opened Dec 28, 2023 by c4-bot-9
7
Re-triggering the canOffboard[term] flag to bypass the DAO vote of the lending term offboarding mechanism 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue high quality report This report is of especially high quality M-06 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1141 opened Dec 28, 2023 by c4-bot-5
17
QA Report bug Something isn't working grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1136 opened Dec 28, 2023 by c4-bot-7
4
Analysis A-03 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#1098 opened Dec 28, 2023 by c4-bot-10
2
Analysis A-04 analysis-advanced edited-by-warden grade-a high quality report This report is of especially high quality sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#1089 opened Dec 28, 2023 by c4-bot-1
4
QA Report bug Something isn't working edited-by-warden grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1085 opened Dec 28, 2023 by c4-bot-1
5
QA Report bug Something isn't working grade-a Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report sufficient quality report This report is of sufficient quality
#1061 opened Dec 28, 2023 by c4-bot-9
6
QA Report bug Something isn't working grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1058 opened Dec 28, 2023 by c4-bot-6
4
There is no way to liquidate a position if it breaches maxDebtPerCollateralToken value creating bad debt. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden high quality report This report is of especially high quality M-07 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1057 opened Dec 28, 2023 by c4-bot-4
12
Analysis A-05 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#1054 opened Dec 28, 2023 by c4-bot-6
2
QA Report bug Something isn't working edited-by-warden grade-b Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1048 opened Dec 28, 2023 by c4-bot-1
5
unchecked { ++i; } is misplaced inside _decrementWeightUntilFree bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-152 grade-b Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1042 opened Dec 28, 2023 by c4-bot-8
4
Repayers using EOA accounts can be affected if baddebt is generated when they are repaying loans 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-08 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1041 opened Dec 28, 2023 by c4-bot-8
1
8
ProTip! Mix and match filters to narrow down what you’re looking for.