Skip to content

Issues: code-423n4/2022-12-gogopool-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

56 Open 849 Closed
56 Open 849 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#876 opened Jan 3, 2023 by code423n4
3
QA Report bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#854 opened Jan 3, 2023 by code423n4
4
RewardsPool.sol : It is safe to have the startRewardsCycle with WhenNotPaused modifier 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working fix security (sponsor) Security related fix, should be fixed prior to launch M-01 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#823 opened Jan 3, 2023 by code423n4
5
Gas Optimizations bug Something isn't working G (Gas Optimization) G-01 grade-b
#821 opened Jan 3, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-02 grade-b
#793 opened Jan 3, 2023 by code423n4
2
QA Report bug Something isn't working grade-b Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#791 opened Jan 3, 2023 by code423n4
3
Coding logic of the contract upgrading renders upgrading contracts impractical 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue fix security (sponsor) Security related fix, should be fixed prior to launch M-02 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#742 opened Jan 3, 2023 by code423n4
9
QA Report bug Something isn't working edited-by-warden grade-a Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
#728 opened Jan 3, 2023 by code423n4
8
Gas Optimizations bug Something isn't working G (Gas Optimization) G-03 grade-a
#727 opened Jan 3, 2023 by code423n4
7
NodeOp funds may be trapped by a invalid state transition 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue fix security (sponsor) Security related fix, should be fixed prior to launch M-03 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#723 opened Jan 3, 2023 by code423n4
7
QA Report bug Something isn't working grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#710 opened Jan 3, 2023 by code423n4
3
requireNextActiveMultisig will always return the first enabled multisig which increases the probability of stuck minipools 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) fix security (sponsor) Security related fix, should be fixed prior to launch M-04 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#702 opened Jan 3, 2023 by code423n4
7
QA Report bug Something isn't working grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#693 opened Jan 3, 2023 by code423n4
3
Bypass whenNotPaused modifier 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working fix security (sponsor) Security related fix, should be fixed prior to launch M-05 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#673 opened Jan 3, 2023 by code423n4
3
Inflation rate can be reduce by half at most if it get called every 1.99 interval. 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) downgraded by judge Judge downgraded the risk level of this issue fix security (sponsor) Security related fix, should be fixed prior to launch M-06 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#648 opened Jan 3, 2023 by code423n4
9
Rialto may not be able to cancel minipools created by contracts that cannot receive AVAX 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working fix security (sponsor) Security related fix, should be fixed prior to launch M-07 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#623 opened Jan 3, 2023 by code423n4
5
Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-08 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#620 opened Jan 3, 2023 by code423n4
15
Gas Optimizations bug Something isn't working G (Gas Optimization) G-04 grade-a
#582 opened Jan 3, 2023 by code423n4
2
State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue fix security (sponsor) Security related fix, should be fixed prior to launch M-09 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#569 opened Jan 3, 2023 by code423n4
11
AVAX Assigned High Water is updated incorrectly 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working fix security (sponsor) Security related fix, should be fixed prior to launch H-01 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#566 opened Jan 3, 2023 by code423n4
7
QA Report bug Something isn't working grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#565 opened Jan 3, 2023 by code423n4
3
Functions cancelMinipool() doesn't reset the value of the RewardsStartTime for user when user's minipoolcount is zero 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-10 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#555 opened Jan 3, 2023 by code423n4
7
ProtocolDAO lacks a method to take out GGP 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor duplicate Sponsor deemed duplicate upgraded by judge Original issue severity upgraded from QA/Gas by judge
#532 opened Jan 3, 2023 by code423n4
8
MultisigManager may not be able to add a valid Multisig 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working fix security (sponsor) Security related fix, should be fixed prior to launch M-11 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#521 opened Jan 3, 2023 by code423n4
8
Cancellation of minipool may skip MinipoolCancelMoratoriumSeconds checking if it was cancelled before 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden fix security (sponsor) Security related fix, should be fixed prior to launch M-12 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#519 opened Jan 3, 2023 by code423n4
5
ProTip! Adding no:label will show everything without a label.