Upgraded Q -> 2 from #49 [1704028025372]

Judge has assessed an item in Issue 49 as 2 risk. The relevant finding follows: L-05 Some tokens revert on 0 amount transfer ParticlePositionManager::liquidatePosition: File: protocol/ParticlePositionManager.sol 376: // reward liquidator 377: TransferHelper.safeTransfercloseCache.tokenFrom,...

Upgraded Q -> 2 from #175 [1699029356616]

Judge has assessed an item in Issue 175 as 2 risk. The relevant finding follows: L-02 Initial values for GovernorSettings are very low ODGovernor is a OZ Governor with some plugins. It sets up its parameters in the constructor: ODGovernor::constructor: File: src/contracts/gov/ODGovernor.sol 41:...

Upgraded Q -> 2 from #193 [1699029806458]

Judge has assessed an item in Issue 193 as 2 risk. The relevant finding follows: Missing functions in the BasicActions to reach ODSafeManager Description Both functions allowing other users and handlers to manage the safe are restricted with access control. Only callable by the owner of the safe...

Upgraded Q -> 2 from #28 [1686212158430]

Judge has assessed an item in Issue 28 as 2 risk. The relevant finding follows: L-9 Griefer can DoS lender NFT withdrawals --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #5 [1685528763875]

Judge has assessed an item in Issue 5 as 2 risk. The relevant finding follows: L-03 Host that owns Party NFTs can circumvent reentrancy guard --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #284 [1683017290576]

Judge has assessed an item in Issue 284 as 3 risk. The relevant finding follows: NFT tokens sent to the EthRouter contract by mistake can be drained by pool contracts. When someone calls sell, deposit or change functions on EthRouter contract, the contract gives the particular pool full approval...

Upgraded Q -> 2 from #245 [1681331462696]

Judge has assessed an item in Issue 245 as 2 risk. The relevant finding follows: 3. Insecure random number generation: Link : The current implementation of the drawing function uses a simple modulo operation with the seed as an argument, which can be easily predicted by attackers. I recommend usi...

Upgraded Q -> 2 from #206 [1676531414343]

Judge has assessed an item in Issue 206 as 2 risk. The relevant finding follows: Issue 2: receipts are not burned upon claiming reward. In my opinion, current system of just claiming some tokens to be "used" has some downsides: in any claim check, users spend gas to iterate over these tokens too...

Upgraded Q -> 2 from #251 [1675573596034]

Judge has assessed an item in Issue 251 as 2 risk. The relevant finding follows: L-03 The claim function might use an amount of gas greater than the block gas limit. Description: The claim function at the Quest.sol contract can consume an amount of gas greater than the block gas limit if the user...

Upgraded Q -> 2 from #854 [1675461747744]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: When the protocol is paused, all the multisigs are disabled:, However, it is still possible to call startRewardsCycle in the RewardsPool, however, the execution will revert because the enabled count is 0: --- The tex...

Upgraded Q -> M from #22 [1671528533640]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: NC-2 Return values of approve not checked --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 696 [1666361742731]

Judge has assessed an item in Issue 696 as Medium risk. The relevant finding follows: L05 - Usage of trasfer over call to send Ether could cause unexpected Reverts payablepayAddress.transferpayAmt; // royalty transfer to royaltyaddress The function payEther sends ether via transfer which passes a...

Upgraded Q -> M from 306 [1657954489063]

Judge has assessed an item in Issue 306 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656341460011]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 137 [1654449389324]

Judge has assessed an item in Issue 137 as Medium risk. The relevant finding follows: It does not even check the return value and a low-level call succeeds if the address is empty or non-existent. dexMapping is a manually operated config so it may not contain info for all collateral tokens, and i...

Upgraded Q -> M from 104 [1654442859269]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: Check transfer receiver is not 0 to avoid burned money Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address. Code...