Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

All code4rena fixes #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

All code4rena fixes #6

wants to merge 1 commit into from

Conversation

0xMaharishi
Copy link
Contributor

@0xMaharishi 0xMaharishi commented May 30, 2022
edited
Loading

Findings & resolution

Code4rena findings, post filter, and ordered by contract name.

Proposed severity ratings are in the second column as per code4rena guidelines.

Note: This PR also contains a number of changes that are not directly related to c4 (e.g. RewardPoolDepositWrapper)

Contract Severity ID Note/Fix URL
Aura.sol 1 34 Add protection on updateOperator code-423n4/2022-05-aura-findings#34
Aura.sol 1 125 Add second variable code-423n4/2022-05-aura-findings#125
Aura.sol 0 24 Remove libs from aura token code-423n4/2022-05-aura-findings#24
AuraBalRewardPool.sol 1   Withdraw to treasuryDAO before rewards start. Also mutate AuraLocker. Backup incase bug is found in system, to prevent auraBAL locking  
AuraBalRewardPool.sol 0 123 Protections on constructor code-423n4/2022-05-aura-findings#123
AuraBalRewardPool.sol 0 167 Remove safemath from AuraBalRewardPool code-423n4/2022-05-aura-findings#167
AuraClaimZap.sol 2 108 Fix as per comment code-423n4/2022-05-aura-findings#108
AuraLocker.sol 2 261 maxRewardRate code-423n4/2022-05-aura-findings#261
AuraLocker.sol 2 278 Add blacklisting code-423n4/2022-05-aura-findings#278
AuraLocker.sol 2 178 max reward tokens on aura locker Add method to “claimExtras” w/ overload code-423n4/2022-05-aura-findings#178
AuraLocker.sol 1 1 Make queueNewRewards generic and update calls code-423n4/2022-05-aura-findings#1
AuraLocker.sol 0 28 Remove ABIEncoder code-423n4/2022-05-aura-findings#28
AuraLocker.sol 0 156 Just change this to amount code-423n4/2022-05-aura-findings#156
AuraLocker.sol 0 212 Just add code-423n4/2022-05-aura-findings#212
AuraMerkleDrop.sol 1   Allow withdraw to treasuryDAO within first week before it has started  
AuraMerkleDrop.sol 1 316 Subtract pending penalty code-423n4/2022-05-aura-findings#316
AuraMerkleDrop.sol 0 95 Add check for non zero addr code-423n4/2022-05-aura-findings#95
AuraMerkleDrop.sol 0 268 move penalty forwarder to constructor code-423n4/2022-05-aura-findings#268
AuraMinter.sol 0 10 Comment code-423n4/2022-05-aura-findings#10
AuraVestedEscrow.sol 1 133 Fix as per comment. ALSO check for mismatching array lengths code-423n4/2022-05-aura-findings#133
AuraVestedEscrow.sol 0 126 Simple check to disallow funding code-423n4/2022-05-aura-findings#126
BalLiquidityProvider.sol 1 90 Add check code-423n4/2022-05-aura-findings#90
BalLiquidityProvider.sol 0 285 add ≥ code-423n4/2022-05-aura-findings#285
BaseRewardPool.sol 2 178 max reward tokens on baserewardpool - just add if(max) then do nothing. To avoid bricking, don’t revert. Only called from 2 places: Booster & ExtraRewardsStashV3. StashV3: avoid bricking by limiting manual reward addition. Booster: manual check, will never need more than 10 code-423n4/2022-05-aura-findings#178
BaseRewardPool4626.sol 1 39 SafeMath usage code-423n4/2022-05-aura-findings#39
Booster.sol 1 243 owner sets vote delegate & feeManager code-423n4/2022-05-aura-findings#243
ConvexMasterChef.sol 2 313 Add reentrancyguard code-423n4/2022-05-aura-findings#313
ConvexMasterChef.sol 1 147 remove with update arg, add limit && for add, disable rewardToken or duplicates code-423n4/2022-05-aura-findings#147
CrvDepositor.sol 2 341 consider disabling minting if cooldown to avoid bpt getting locked code-423n4/2022-05-aura-findings#341
CrvDepositor.sol 1 343 If the lock is > 1 week old, increase lock time code-423n4/2022-05-aura-findings#343
CrvDepositorWrapper.sol 2 115 Temporary measure to avoid system freezing is to allow the keeper to set a minOut override code-423n4/2022-05-aura-findings#115
EstraRewardsDistributor.sol 2 50 Add validation code-423n4/2022-05-aura-findings#50
ExtraRewardsDistributor.sol 1 240 Whitelisted accs only can add code-423n4/2022-05-aura-findings#240
ExtraRewardsDistributor.sol 1 180 Whitelisted accs only can add code-423n4/2022-05-aura-findings#180
ExtraRewardsDistributor.sol 1 5 Simply add > 0. Doesn’t do much tbh but already changing smth else code-423n4/2022-05-aura-findings#5
ExtraRewardsDistributor.sol 0 230 Make fn private & add reentrancyguard code-423n4/2022-05-aura-findings#230
Interfaces.sol 0 249 remove abicoderv2 code-423n4/2022-05-aura-findings#249
Many 0 172 compiler and comments code-423n4/2022-05-aura-findings#172
Many 0 107 mass update and lock compiler v code-423n4/2022-05-aura-findings#107
PenaltyForwarder.sol 0 49 Mutate ExtraRewardsDistributor code-423n4/2022-05-aura-findings#49
StashFactoryV2.sol 0 362 add non zero gauge check code-423n4/2022-05-aura-findings#362

This was referenced May 30, 2022
Open
Open
Open
Open
Open
Closed
Open
Closed
Closed
Open
Open
Closed
Open
Open
Open
Open
Open
Closed
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@0xMaharishi