Skip to content

Issues: code-423n4/2023-04-rubicon-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

104 Open 1,280 Closed
104 Open 1,280 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-a Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1373 opened Apr 13, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-01 grade-b
#1351 opened Apr 13, 2023 by code423n4
1
Gas Optimizations bug Something isn't working G (Gas Optimization) G-02 grade-b
#1328 opened Apr 13, 2023 by code423n4
2
QA Report bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1325 opened Apr 13, 2023 by code423n4
2
RubiconMarket._buys will not work for V1 offers due to the reversion in cancel method. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#1324 opened Apr 13, 2023 by code423n4
4
Fee inclusivity calculations are inaccurate in RubiconMarket 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working high quality report This report is of especially high quality M-01 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1312 opened Apr 13, 2023 by code423n4
8
FeeWrapper fails to handle ETH payment refunds 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 high quality report This report is of especially high quality primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#1301 opened Apr 13, 2023 by code423n4
7
Low level calls to accounts with no code will succeed in FeeWrapper 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working high quality report This report is of especially high quality M-02 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1298 opened Apr 13, 2023 by code423n4
5
Rewards for initial period may be lost in BathBuddy contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-03 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1295 opened Apr 13, 2023 by code423n4
3
BathBuddy contract should implement methods to pause and unpause contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1286 opened Apr 13, 2023 by code423n4
3
Reward accounting is incorrect in BathBuddy contract 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-03 high quality report This report is of especially high quality primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1279 opened Apr 13, 2023 by code423n4
7
QA Report bug Something isn't working edited-by-warden grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1275 opened Apr 13, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-03 grade-a
#1264 opened Apr 13, 2023 by code423n4
4
No deadline parameter in sellAllAmount() and buyAllAmount() functions: 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) M-05 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#1257 opened Apr 13, 2023 by code423n4
7
The _matcho() is not implemented properly 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#1243 opened Apr 13, 2023 by code423n4
2
QA Report bug Something isn't working grade-b Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1231 opened Apr 13, 2023 by code423n4
2
QA Report bug Something isn't working grade-a Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1215 opened Apr 13, 2023 by code423n4
2
Some positions will get liquidated immediately 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-04 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report upgraded by judge Original issue severity upgraded from QA/Gas by judge
#1180 opened Apr 13, 2023 by code423n4
4
Missing a check for minimum sell amount at make function 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-07 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1167 opened Apr 13, 2023 by code423n4
3
REENTRANCY ATTACK POSSIBLE IF THE _feeTo IS A MALICIOUS CONTRACT IN FeeWrapper._chargeFeePayable() FUNCTION 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-08 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report
#1166 opened Apr 13, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-04 grade-b
#1161 opened Apr 13, 2023 by code423n4
1
Use of block.number leads to incorrect interest calculations 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-09 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#1141 opened Apr 13, 2023 by code423n4
3
Gas Optimizations bug Something isn't working edited-by-warden G (Gas Optimization) G-05 grade-a high quality report This report is of especially high quality selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#1135 opened Apr 13, 2023 by code423n4
5
QA Report bug Something isn't working grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1133 opened Apr 13, 2023 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-06 grade-b
#1088 opened Apr 13, 2023 by code423n4
2
ProTip! Updated in the last three days: updated:>2025-02-19.