6 matches found
Upgraded Q -> M from 190 [1654475279061]
Judge has assessed an item in Issue 190 as Medium risk. The relevant finding follows: L-02 Fee in Cally.setFee should be upper-bounded A malicious owner or owner account compromise can set the fee very high, up to 100%, siphoning all profits from the protocol. Consider implementing a reasonable...
Upgraded Q -> M from 268 [1654474507101]
Judge has assessed an item in Issue 268 as Medium risk. The relevant finding follows: High feeRate can break core protocol function PROBLEM There is no maximum input value on setFee in Cally.sol. But if the owner sets it to a uint greater than 1e18, the users will not be able to call exercice as...
Upgraded Q -> M from 74 [1654474712630]
Judge has assessed an item in Issue 74 as Medium risk. The relevant finding follows: Use of transferFrom instead of safeTransferFrom Cally.solL295 When buyers exercise the transferFrom function is used instead of safeTransferFrom. In the very unlikely event the receiving contract is somehow not...
Upgraded G -> M from 164 [1654114758938]
Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: File:Cally.sol224 requiremsg.value = premium, "Incorrect ETH amount sent"; Using == operator is 3 gas cheaper than =. This also keeps people from acedently overpaying when buying an option. Summary Implementing...
Loss of funds due to premiums and proceeds accruing to address(0) by default
Lines of code Vulnerability details Premiums and proceeds earned will accrue to the zero address by default, instead of the vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is not set during createVault, so any call to getVaultBeneficiary will return...
Inefficiency in the Dutch Auction due to lower duration
Lines of code Vulnerability details The vulnerability or bug is in the implementation of the function getDutchAuctionStrike The AUCTIONDURATION is defined as 24 hours, and consider that the dutchAuctionReserveStrike or reserveStrike will never be set to 0 by user. Now if a vault is created with...