Skip to content

Issues: code-423n4/2024-03-abracadabra-money-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

64 Open 197 Closed
64 Open 197 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Gas Optimizations bug Something isn't working edited-by-warden G (Gas Optimization) G-01 grade-a insufficient quality report This report is not of sufficient quality
#242 opened Mar 12, 2024 by c4-bot-9
4
Pool Creation Failure Due to WETH Transfer Compatibility Issue on Some Chains 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#237 opened Mar 12, 2024 by c4-bot-9
7
Tokens yeild can not be set to claimable. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#236 opened Mar 12, 2024 by c4-bot-10
15
Gas Optimizations bug Something isn't working G (Gas Optimization) G-02 grade-b sufficient quality report This report is of sufficient quality
#234 opened Mar 12, 2024 by c4-bot-5
3
When a trader swaps from a smart contract wallet, anyone could make them lose additional value through the trade. bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#232 opened Mar 12, 2024 by c4-bot-5
8
Miscalculation in addLiquidity of Router results in unauthorized spending of tokens 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-03 primary issue Highest quality submission among a set of duplicates 🤖_92_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#231 opened Mar 12, 2024 by c4-bot-7
15
Inconsistent Rounding in _BASE_TARGET_ and _QUOTE_TARGET_ will deviate away from true targets bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#230 opened Mar 12, 2024 by c4-bot-2
6
Anyone making use of the MagicLP's TWAP to determine token prices will be exploitable. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates 🤖_31_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#227 opened Mar 12, 2024 by c4-bot-7
9
Loss of assumed functionality of the Onboarding contract in a highly-sensitive area 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates 🤖_58_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#226 opened Mar 12, 2024 by c4-bot-9
7
A user's tokens could be locked for an extended duration beyond their intention and without their control 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) M-05 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#225 opened Mar 12, 2024 by c4-bot-9
14
MagicLpAggregator always returns lower than correct answer, leading to arbitrage loss 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates 🤖_56_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#223 opened Mar 12, 2024 by c4-bot-2
7
Permanent loss of yield for stakers in reward pools due to precision loss. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-07 primary issue Highest quality submission among a set of duplicates 🤖_44_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#222 opened Mar 12, 2024 by c4-bot-5
7
Attacker can amplify a rounding error in MagicLP to break the I invariant and cause malicious pricing 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) H-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality upgraded by judge Original issue severity upgraded from QA/Gas by judge
#221 opened Mar 12, 2024 by c4-bot-2
24
QA Report bug Something isn't working grade-b Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#214 opened Mar 12, 2024 by c4-bot-5
3
QA Report bug Something isn't working grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#212 opened Mar 12, 2024 by c4-bot-10
3
Factory::create() is vulnerable to reorg attacks 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-08 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#211 opened Mar 12, 2024 by c4-bot-8
15
QA Report bug Something isn't working grade-a Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#210 opened Mar 12, 2024 by c4-bot-2
5
The _rewardPerToken Function performs mainly internal logic but it is marked public instead of internal exposing it to multiple external calls bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#208 opened Mar 12, 2024 by c4-bot-9
7
Gas Optimizations bug Something isn't working G (Gas Optimization) G-03 grade-a sufficient quality report This report is of sufficient quality
#204 opened Mar 12, 2024 by c4-bot-1
5
QA Report bug Something isn't working grade-a Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#201 opened Mar 12, 2024 by c4-bot-4
5
ReardTokens can't be removed bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#199 opened Mar 12, 2024 by c4-bot-8
7
Gas Optimizations bug Something isn't working G (Gas Optimization) G-04 grade-a insufficient quality report This report is not of sufficient quality
#176 opened Mar 12, 2024 by c4-bot-4
4
QA Report bug Something isn't working edited-by-warden grade-b Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#173 opened Mar 12, 2024 by c4-bot-8
3
Adjusting "_I_" will create a sandwich opportunity because of price changes 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-09 primary issue Highest quality submission among a set of duplicates 🤖_36_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#171 opened Mar 12, 2024 by c4-bot-7
7
User are not able to withdraw unlocked that deposited into LLE during contract pausing bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-11 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_40_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#154 opened Mar 12, 2024 by c4-bot-10
7
ProTip! no:milestone will show everything without a milestone.