forked from x676f64/secureum-mind_map
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0xTaylor
committed
Nov 14, 2021
1 parent
4151971
commit 7ef4576
Showing
101 changed files
with
1,717 additions
and
0 deletions.
There are no files selected for viewing
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/A new malicious adapter can access users’ tokens.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 19 - [A new malicious adapter can access users’ tokens](./A%20new%20malicious%20adapter%20can%20access%20users’%20tokens.md) | ||
|
|
||
| The purpose of the `MetaSwap` contract is to save users gas costs when dealing with a number of different aggregators. They can just approve() their tokens to be spent by `MetaSwap` (or in a later architecture, the Spender contract). They can then perform trades with all supported aggregators without having to reapprove anything. A downside to this design is that a malicious (or buggy) adapter has access to a large collection of valuable assets. Even a user who has diligently checked all existing adapter code before interacting with `MetaSwap` runs the risk of having their funds intercepted by a new malicious adapter that’s added later. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...7. Audit Findings 101/A reverting fallback function will lock up all payouts.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 25 - [A reverting fallback function will lock up all payouts](./A%20reverting%20fallback%20function%20will%20lock%20up%20all%20payouts.md) | ||
|
|
||
| In `BoxExchange.sol`, the internal function `_transferEth`() reverts if the transfer does not succeed. The `_payment`() function processes a list of transfers to settle the transactions in an `ExchangeBox`. If any of the recipients of an ETH transfer is a smart contract that reverts, then the entire payout will fail and will be unrecoverable. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...bles to multi-level inherited upgradeable contracts may break storage layout.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 83 - [Adding new variables to multi-level inherited upgradeable contracts may break storage layout](./Adding%20new%20variables%20to%20multi-level%20inherited%20upgradeable%20contracts%20may%20break%20storage%20layout.md) | ||
|
|
||
| The Notional protocol uses the OpenZeppelin/SDK contracts to manage upgradeability in the system, which follows the unstructured storage pattern. When using this upgradeability approach, and when working with multi-level inheritance, if a new variable is introduced in a parent contract, that addition can potentially overwrite the beginning of the storage layout of the child contract, causing critical misbehaviors in the system. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Anyone can liquidate on behalf of another account.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 97 - [Anyone can liquidate on behalf of another account](./Anyone%20can%20liquidate%20on%20behalf%20of%20another%20account.md) | ||
|
|
||
| The Perpetual contract has a public liquidateFrom function that bypasses the checks in the liquidate function. This means that it can be called to liquidate a position when the contract is in the `SETTLED` state. Additionally, any user can set an arbitrary from address, causing a third-party user to confiscate the under-collateralized trader’s position. This means that any trader can unilaterally rearrange another account’s position. They could also liquidate on behalf of the Perpetual Proxy, which could break some of the Automated Market Maker invariants, such as the condition that it only holds LONG positions. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Assimilators use a deprecated Chainlink API.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 58 - [Assimilators use a deprecated Chainlink API](./Assimilators%20use%20a%20deprecated%20Chainlink%20API.md) | ||
|
|
||
| The old version of the Chainlink price feed API (`AggregatorInterface`) is used throughout the contracts and tests. For example, the deprecated function `latestAnswer` is used. This function is not present in the latest API reference (`AggregatorInterfaceV3`). However, it is present in the deprecated API reference. In the worst-case scenario, the deprecated contract could cease to report the latest values, which would very likely cause liquidity providers to incur losses. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Assimilators’ balance functions return raw values.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 56 - [Assimilators’ balance functions return raw values](./Assimilators’%20balance%20functions%20return%20raw%20values.md) | ||
|
|
||
| The system converts raw values to numeraire values for its internal arithmetic. However, in one instance it uses raw values alongside numeraire values. Interchanging raw and numeraire values will produce unwanted results and may result in loss of funds for liquidity provider. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...nt honest users from performing an instant withdraw from the Wallet contract.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 80 - [Attackers can prevent honest users from performing an instant withdraw from the Wallet contract](./Attackers%20can%20prevent%20honest%20users%20from%20performing%20an%20instant%20withdraw%20from%20the%20Wallet%20contract.md) | ||
|
|
||
| An attacker who sees an honest user’s call to `MessageProcessor.instantWithdraw` in the mempool can grab the `oracleMessage` and `oracleSignature` parameters from the user’s transaction, then submit their own transaction to `instantWithdraw` using the same parameters, a higher gas price (so as to frontrun the honest user’s transaction), and carefully choosing the gas limit for their transactions such that the internal call to the `callInstantWithdraw` will fail on line 785 with an out-of-gas error, but will successfully execute the `if(!success)` block. The result is that the attacker’s instant withdraw will fail (so the user will not receive their funds), but the `userInteractionNumber` will be successfully reserved by the `ReplayTracker`. As a result, the honest user’s transaction will revert because it will be attempting to use a `userInteractionNumber` that is no longer valid. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...ng of transaction execution and order matching may lead to exchange griefing.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 64 - [Batch processing of transaction execution and order matching may lead to exchange griefing](./Batch%20processing%20of%20transaction%20execution%20and%20order%20matching%20may%20lead%20to%20exchange%20griefing.md) | ||
|
|
||
| Batch processing of transaction execution and order matching will iteratively process every transaction and order, which all involve filling. If the asset being filled does not have enough allowance, the asset’s transferFrom will fail, causing `AssetProxyDispatcher` to revert. NoThrow variants of batch processing, which are available for filling orders, are not available for transaction execution and order matching. So if one transaction or order fails this way, the entire batch will revert and will have to be re-submitted after the reverting transaction is removed. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Blacklisting Bypass via `transferFrom()` Function.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 71 - [Blacklisting Bypass via `transferFrom()` Function](./Blacklisting%20Bypass%20via%20`transferFrom()`%20Function.md) | ||
|
|
||
| The `transferFrom()` function in the `TokenImpl` contract does not verify that the sender (i.e. the from address) is not blacklisted. As such, it is possible for a user to allow an account to spend a certain allowance regardless of their blacklisting status. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
... set invalid values and produce unexpected behavior in the staking contracts.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 66 - [Calls to `setParams` may set invalid values and produce unexpected behavior in the staking contracts](./Calls%20to%20`setParams`%20may%20set%20invalid%20values%20and%20produce%20unexpected%20behavior%20in%20the%20staking%20contracts.md) | ||
|
|
||
| Certain parameters of the contracts can be configured to invalid values, causing a variety of issues and breaking expected interactions between contracts. `setParams` allows the owner of the staking contracts to reparameterize critical parameters. However, reparameterization lacks sanity/threshold/limit checks on all parameters. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Certain functions lack input validation routines.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 23 - [Certain functions lack input validation routines](./Certain%20functions%20lack%20input%20validation%20routines.md) | ||
|
|
||
| The functions should first check if the passed arguments are valid first. These checks should include, but not be limited to: 1) uint should be larger than 0 when 0 is considered invalid 2) uint should be within constraints 3) int should be positive in some cases 4) length of arrays should match if more arrays are sent as arguments 5) addresses should not be 0x0 | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...gs 101/Contract Owner Can Arbitrarily Change Minting Fees and Interest Rates.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 69 - [Contract Owner Can Arbitrarily Change Minting Fees and Interest Rates](./Contract%20Owner%20Can%20Arbitrarily%20Change%20Minting%20Fees%20and%20Interest%20Rates.md) | ||
|
|
||
| The `issueFeeRate` and `interestRate` variables can both be changed by the `EtherCollateral` contract owner after loans have been opened. As a result, the owner can control fees such as they equal/exceed the collateral for any given loan. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Creating proposal is not trustless.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 27 - [Creating proposal is not trustless](./Creating%20proposal%20is%20not%20trustless.md) | ||
|
|
||
| Usually, if someone submits a proposal and transfers some amount of tribute tokens, these tokens are transferred back if the proposal is rejected. But if the proposal is not processed before the emergency processing, these tokens will not be transferred back to the proposer. This might happen if a tribute token or a deposit token transfers are blocked. Tokens are not completely lost in that case, they now belong to the LAO shareholders and they might try to return that money back. But that requires a lot of coordination and time and everyone who ragequits during that time will take a part of that tokens with them. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Delegate assignment front-running.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 33 - [Delegate assignment front-running](./Delegate%20assignment%20front-running.md) | ||
|
|
||
| Any member can front-run another member’s `delegateKey` assignment. If you try to submit an address as your `delegateKey`, someone else can try to assign your delegate address to themselves. While incentive of this action is unclear, it’s possible to block some address from being a delegate forever. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
.... Audit Findings 101/ERC20 tokens with no return value will fail to transfer.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 17 - [ERC20 tokens with no return value will fail to transfer](./ERC20%20tokens%20with%20no%20return%20value%20will%20fail%20to%20transfer.md) | ||
|
|
||
| Although the ERC20 standard suggests that a transfer should return true on success, many tokens are non-compliant in this regard. In that case, the .transfer() call here will revert even if the transfer is successful, because solidity will check that the `RETURNDATASIZE` matches the ERC20 interface. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/ERC20 transfers can misbehave.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 95 - [ERC20 transfers can misbehave](./ERC20%20transfers%20can%20misbehave.md) | ||
|
|
||
| The `_transferFromERC20` function is used throughout `ACOToken.sol` to handle transferring funds into the contract from a user. It is called within mint, within `mintTo`, and within `_validateAndBurn`. In each case, the destination is the ACOToken contract. Such transfers may behave unexpectedly if the token contract charges fees. As an example, the popular USDT token does not presently charge any fees upon transfer, but it has the potential to do so. In this case the amount received would be less than the amount sent. Such tokens have the potential to lead to protocol insolvency when they are used to mint new ACOTokens. In the case of `_transferERC20`, similar issues can occur, and could cause users to receive less than expected when collateral is transferred or when exercise assets are transferred. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/ETH could get trapped in the protocol.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 86 - [ETH could get trapped in the protocol](./ETH%20could%20get%20trapped%20in%20the%20protocol.md) | ||
|
|
||
| The Controller contract allows users to send arbitrary actions such as possible flash loans through the `_call` internal function. Among other features, it allows sending ETH with the action to then perform a call to a `CalleeInterface` type of contract. To do so, it saves the original `msg.value` sent with the operate function call in the `ethLeft` variable and it updates the remaining ETH left after each one of those calls to revert in case that it is not enough. Nevertheless, if the user sends more than the necessary ETH for the batch of actions, the remaining ETH (stored in the ethLeft variable after the last iteration) will not be returned to the user and will be locked in the contract due to the lack of a `withdrawEth` function. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Emergency processing can be blocked.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 28 - [Emergency processing can be blocked](./Emergency%20processing%20can%20be%20blocked.md) | ||
|
|
||
| The main reason for the emergency processing mechanism is that there is a chance that some token transfers might be blocked. For example, a sender or a receiver is in the USDC blacklist. Emergency processing saves from this problem by not transferring tribute token back to the user (if there is some) and rejecting the proposal. The problem is that there is still a deposit transfer back to the sponsor and it could be potentially blocked too. If that happens, proposal can’t be processed and the LAO is blocked. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...mpound’s `Comptroller.enterMarket`, `Comptroller.exitMarket` are not checked.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 4 - [Error codes of Compound’s `Comptroller.enterMarket`, `Comptroller.exitMarket` are not checked](./Error%20codes%20of%20Compound’s%20`Comptroller.enterMarket`,%20`Comptroller.exitMarket`%20are%20not%20checked.md) | ||
|
|
||
| Compound’s `enterMarket`/`exitMarket` functions return an error code instead of reverting in case of failure. DeFi Saver smart contracts never check for the error codes returned from Compound smart contracts. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/Expired and-or paused options can still be traded.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 94 - [Expired and/or paused options can still be traded](./Expired%20and/or%20paused%20options%20can%20still%20be%20traded.md) | ||
|
|
||
| Option tokens can still be freely transferred when the Option contract is either paused or expired (or both). This would allow malicious option holders to sell paused / expired options that cannot be exercised in the open market to exchanges and users who do not take the necessary precautions before buying an option minted by the Primitive protocol. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
content/7. Audit Findings 101/External Call Reverts if Period Has Not Elapsed.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 74 - [External Call Reverts if Period Has Not Elapsed](./External%20Call%20Reverts%20if%20Period%20Has%20Not%20Elapsed.md) | ||
|
|
||
| The function `notifyRewardAmount()` will revert if `block.timestamp >= periodFinish`. However this function is called indirectly via the `Synthetix.mint()` function. A revert here would cause the external call to fail and thereby halt the mint process. `Synthetix.mint()` cannot be successfully called until enough time has elapsed for the period to finish. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
17 changes: 17 additions & 0 deletions
17
...t/7. Audit Findings 101/External calls in loop can lead to denial of service.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| # 39 - [External calls in loop can lead to denial of service](./External%20calls%20in%20loop%20can%20lead%20to%20denial%20of%20service.md) | ||
|
|
||
| Several function calls are made in unbounded loops. This pattern is error-prone as it can trap the contracts due to the gas limitations or failed transactions. | ||
|
|
||
|
|
||
| ___ | ||
| ## Slide Screenshot | ||
|  | ||
| ___ | ||
| ## Slide Text | ||
| - | ||
| ___ | ||
| ## References | ||
| - Youtube Reference | ||
| ___ | ||
| ## Tags |
Oops, something went wrong.