-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2024-03-dittoeth-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Analysis
A-01
analysis-advanced
grade-a
sufficient quality report
This report is of sufficient quality
#299
opened Apr 5, 2024 by
c4-bot-8
QA Report
bug
Something isn't working
grade-b
Q-01
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#290
opened Apr 5, 2024 by
c4-bot-1
A successfully disputed redemption proposal has still increased the redemption fee base rate; exploit to depeg dUSD
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-01
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#274
opened Apr 5, 2024 by
c4-bot-9
Analysis
A-02
analysis-advanced
grade-a
high quality report
This report is of especially high quality
#273
opened Apr 5, 2024 by
c4-bot-6
Analysis
A-03
analysis-advanced
edited-by-warden
grade-b
sufficient quality report
This report is of sufficient quality
#271
opened Apr 5, 2024 by
c4-bot-10
QA Report
bug
Something isn't working
grade-b
Q-02
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#269
opened Apr 5, 2024 by
c4-bot-8
QA Report
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
grade-b
Q-03
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#266
opened Apr 5, 2024 by
c4-bot-9
The Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
M-01
primary issue
Highest quality submission among a set of duplicates
🤖_156_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
shortOrder
verification bug on the RedemptionFacet::proposeRedemption()
allows an attacker to leave a small shortOrder
on the order book, leading to the protocol's bad debt
2 (Med Risk)
#262
opened Apr 5, 2024 by
c4-bot-9
Analysis
A-04
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#257
opened Apr 5, 2024 by
c4-bot-1
Analysis
A-05
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#237
opened Apr 5, 2024 by
c4-bot-2
Can manipulate the C.SHORT_STARTING_ID ShortRecord of the TAPP
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
primary issue
Highest quality submission among a set of duplicates
🤖_174_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#236
opened Apr 5, 2024 by
c4-bot-8
QA Report
bug
Something isn't working
grade-b
Q-04
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#233
opened Apr 5, 2024 by
c4-bot-2
Analysis
A-06
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#229
opened Apr 5, 2024 by
c4-bot-2
Analysis
A-07
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#225
opened Apr 5, 2024 by
c4-bot-6
QA Report
bug
Something isn't working
grade-b
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#222
opened Apr 5, 2024 by
c4-bot-7
The Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-03
primary issue
Highest quality submission among a set of duplicates
🤖_89_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
colRedeemed
variable is wrongly retrieved in LibBytes::readProposalData
function
2 (Med Risk)
#221
opened Apr 5, 2024 by
c4-bot-2
Analysis
A-08
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#213
opened Apr 5, 2024 by
c4-bot-10
Analysis
A-09
analysis-advanced
grade-b
sufficient quality report
This report is of sufficient quality
#207
opened Apr 5, 2024 by
c4-bot-2
QA Report
bug
Something isn't working
grade-a
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#201
opened Apr 5, 2024 by
c4-bot-2
QA Report
bug
Something isn't working
grade-b
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#182
opened Apr 5, 2024 by
c4-bot-10
An attacker can cancel other people's short orders
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
H-02
primary issue
Highest quality submission among a set of duplicates
🤖_52_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
#178
opened Apr 5, 2024 by
c4-bot-1
transferShortRecord: Can transfer a newly created ShortRecord using a previously minted NFT
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
downgraded by judge
Judge downgraded the risk level of this issue
insufficient quality report
This report is not of sufficient quality
M-04
primary issue
Highest quality submission among a set of duplicates
🤖_174_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#174
opened Apr 4, 2024 by
c4-bot-5
oracleCircuitBreaker: Not checking if price information of asset is stale
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
insufficient quality report
This report is not of sufficient quality
M-05
primary issue
Highest quality submission among a set of duplicates
🤖_08_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
#164
opened Apr 4, 2024 by
c4-bot-9
QA Report
bug
Something isn't working
grade-a
Q-08
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
#152
opened Apr 4, 2024 by
c4-bot-6
Analysis
A-10
analysis-advanced
edited-by-warden
grade-b
sufficient quality report
This report is of sufficient quality
#142
opened Apr 3, 2024 by
c4-bot-9
Previous Next
ProTip!
Follow long discussions with comments:>50.