Comments (1)
The recommendation is significantly impacting the applicability of the contract and business flow.
Malicious tokens can safeTransferFrom() results
this lacks example of how this would allow to steal funds. Yes, user can do something with his/her own malicious token, but he could make the same play in e.g. Uniswap.
The contract also does not check the soundness of _token
Example of soundness check would be appreciated, otherwise it is of little practical value.
from 2022-10-mover-judging.
Related Issues (20)
- ak1 - Lack for sanity check while setting the exchangeProxyContract, trustedRegistryContract could cause the protocol to misbehave. HOT 1
- WATCHPUG - The value of `to` parameter in `_bridgeTxData` can be malicious HOT 2
- ignacio - LACK OF REENTRANCY GUARDS ON EXTERNAL FUNCTIONS HOT 1
- WATCHPUG - `exchangeFee` can be escaped HOT 3
- WATCHPUG - `_expectedMinimumReceived` should consider `topupFee` HOT 1
- WATCHPUG - Lack of sanity checks in the setter functions can result in malfunctions HOT 1
- WATCHPUG - Slippage tolerance for Synapse should not be specified as constant values of `0.95`, `0.91` HOT 1
- ak1 - _processTopup will not work when SYNAPSE bridge is paused. All other process could not function. HOT 1
- ignacio - ABI.ENCODEPACKED() SHOULD NOT BE USED WITH DYNAMIC TYPES WHEN PASSING THE RESULT TO A HASH FUNCTION SUCH AS KECCAK256()
- ignacio - <ARRAY>.LENGTH SHOULD NOT BE LOOKED UP IN EVERY LOOP OF A FOR-LOOP and Increments can be unchecked
- ak1 - checkAllowance could not work as intended when the token decimal value is not 18 HOT 1
- ignacio - Miners can influence the value of block.timestamp to perform Maximal Extractable Value (MEV) attacks.
- Chom - setYieldDistributor doesn't reset allowance for old yield distributor HOT 1
- ak1 - No clarity on the amount of fee set by admin. Could lead to loss of fund to protocol user. Lack of decentalisation
- vlad - Unprotected initialize function of the implementation contract
- vlad - Reuse of the signature for CardTopupTrusted
- vlad - Reuse of the same input parameters in CardTopupMPTProof HOT 1
- vlad - Invalid logic of checkApprove when input data is not long enough HOT 1
- ak1 - Implementation of own signing and verifying mechanism is more dangerous. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2022-10-mover-judging.