Skip to content

Issues: code-423n4/2024-04-noya-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

123 Open 1,520 Closed
123 Open 1,520 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Contract does not earn any boosted position rewards in Maverick Connector 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working grade-b M-01 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_1235_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1561 opened May 17, 2024 by c4-bot-3
11
Extra rewards are not updated in curve connector when harvestConvexRewards is called 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-02 primary issue Highest quality submission among a set of duplicates 🤖_1111_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1554 opened May 17, 2024 by c4-bot-7
12
Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden M-03 primary issue Highest quality submission among a set of duplicates 🤖_397_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#1548 opened May 17, 2024 by c4-bot-9
12
When calling DolomiteConnector::transferBetweenAccounts, the positions of the deposited token are not updated bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-862 grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_1023_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#1542 opened May 17, 2024 by c4-bot-1
10
performanceFeeReceiver cannot mint any performance fee shares even if TVL is dropped by only a very tiny amount 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_28_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
#1532 opened May 17, 2024 by c4-bot-5
16
AccountingManager contract's previewDeposit, previewMint, previewWithdraw, and previewRedeem functions are not compliant with EIP-4626 standard 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 primary issue Highest quality submission among a set of duplicates 🤖_16_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1522 opened May 17, 2024 by c4-bot-3
10
maxDeposit, maxMint, maxWithdraw, and maxRedeem functions do not return 0 when they should 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#1517 opened May 17, 2024 by c4-bot-3
10
Value of asset token can be incorrect when usage of ETH/USD Chainlink oracle is needed 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_803_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality upgraded by judge Original issue severity upgraded from QA/Gas by judge
#1509 opened May 17, 2024 by c4-bot-4
14
Stale price can be used in getValueFromChainlinkFeed function 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-07 primary issue Highest quality submission among a set of duplicates 🤖_59_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1501 opened May 17, 2024 by c4-bot-7
12
QA Report bug Something isn't working grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1498 opened May 17, 2024 by c4-bot-2
3
Lack of Slippage Controls in retrieveTokensForWithdraw Function 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality M-08 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_139_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#1490 opened May 17, 2024 by c4-bot-2
6
Incorrect modifier condition 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-09 primary issue Highest quality submission among a set of duplicates 🤖_08_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1488 opened May 17, 2024 by c4-bot-4
6
QA Report bug Something isn't working grade-a high quality report This report is of especially high quality Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1481 opened May 17, 2024 by c4-bot-2
2
First depositor can make subsequent depositor lose all of her or his deposit 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-10 primary issue Highest quality submission among a set of duplicates 🤖_115_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1473 opened May 17, 2024 by c4-bot-10
7
QA Report bug Something isn't working edited-by-warden grade-b high quality report This report is of especially high quality Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1458 opened May 17, 2024 by c4-bot-9
2
Base tokens like USDT, USDC having different decimals on different chains can have their TVL updated incorrectly 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-02 primary issue Highest quality submission among a set of duplicates 🤖_945_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1438 opened May 17, 2024 by c4-bot-10
6
Watchers::verifyRemoveLiquidity is missing implementation logic bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-1520 grade-a insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_385_group AI based duplicate group recommendation
#1434 opened May 17, 2024 by c4-bot-8
4
NoyaValueOracle.getValue returns an incorrect price when a multi-token route is used 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-03 primary issue Highest quality submission among a set of duplicates 🤖_22_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1430 opened May 17, 2024 by c4-bot-6
6
Keepers does not implement EIP712 correctly on multiple occasions 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-11 primary issue Highest quality submission among a set of duplicates 🤖_37_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1428 opened May 17, 2024 by c4-bot-6
7
executeWithdraw may be blocked if any of the users are blacklisted from the baseToken 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-04 primary issue Highest quality submission among a set of duplicates 🤖_55_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality upgraded by judge Original issue severity upgraded from QA/Gas by judge
#1426 opened May 17, 2024 by c4-bot-1
8
QA Report bug Something isn't working grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#1424 opened May 17, 2024 by c4-bot-9
2
AccountingManager is not ERC4626 compliant bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-136 grade-a partial-25 Incomplete articulation of vulnerability; eligible for partial credit only (25%) QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_16_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
#1419 opened May 17, 2024 by c4-bot-2
6
Chainlink connector doesn’t check for the Min / Max prices returned 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-12 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_185_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1415 opened May 17, 2024 by c4-bot-1
7
Missing calls to _updateTokenInRegistry leads to incorrect state of tokens in registry 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-13 primary issue Highest quality submission among a set of duplicates 🤖_335_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1404 opened May 17, 2024 by c4-bot-9
6
In the BalancerConnector, unclaimed rewards are not included in the calculation of the connectors TVL 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-14 primary issue Highest quality submission among a set of duplicates 🤖_primary AI based primary recommendation 🤖_441_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#1402 opened May 17, 2024 by c4-bot-9
6
ProTip! Follow long discussions with comments:>50.