Issues
- 6
If a STRATEGY TOKEN is "Toggled off" STRATEGIES will still be able to withdraw but returning of tokens with replenishReserves will be disabled.
#882 opened by code423n4 - 2
- 2
Gas Optimizations
#888 opened by code423n4 - 2
Gas Optimizations
#896 opened by code423n4 - 5
Although `ERC20Boost.decrementGaugesBoostIndexed` function would require user to remove all of her or his boost from a deprecated gauge at once, such user can instead call `ERC20Boost.decrementGaugeBoost` function for multiple times to utilize such deprecated gauge and decrement its `userGaugeBoost` for multiple times
#904 opened by code423n4 - 2
- 2
- 2
- 2
- 2
- 3
- 3
- 3
- 1
Gas Optimizations
#877 opened by code423n4 - 1
Gas Optimizations
#878 opened by code423n4 - 1
Gas Optimizations
#879 opened by code423n4 - 1
- 5
The `getUserBoost` state variable can get out-of-sync in `ERC20Boost` which can cause miscalculations and prevent transfers and burns
#885 opened by code423n4 - 3
Calling `BaseV2Gauge.detachUser` function does not update user's `getUserBoost` when it should be updated
#900 opened by code423n4 - 3
The function setBooster() within FlywheelCore.sol is unreachable from inside the owner contract under the current layout.
#898 opened by code423n4 - 5
Slippage controls for calling `bHermes` contract's `ERC4626DepositOnly.deposit` and `ERC4626DepositOnly.mint` functions are missing
#901 opened by code423n4 - 10
When `totalSupply` is low `getProposalThresholdAmount()` and `getQuorumVotesAmount()` can return zero
#876 opened by code423n4 - 3
Upgraded Q -> 2 from #727 [1689056911947]
#919 opened by c4-judge - 4
Upgraded Q -> 2 from #835 [1689085140858]
#920 opened by c4-judge - 3
Missing deadline checks allow pending transactions to be maliciously executed
#899 opened by code423n4 - 6
- 5
Potential Loss of Funds Due to Zero Slippage Hardcoding in TalosBaseStrategy#deposit
#907 opened by code423n4 - 5
- 2
Upgraded Q -> 2 from #727 [1689056893075]
#918 opened by c4-judge - 3
Despite the check in the constructor, weights can still be set to zero which would prevent user withdrawals
#887 opened by code423n4 - 8
Functionalities for burning bHermesVotes, bHermesGauges, and bHermesBoost tokens are unavailable even though related functions, which are inaccessible externally, for burning these tokens do exist to indicate needs for such functionalities
#897 opened by code423n4 - 3
- 4
Analysis
#916 opened by CloudEllie - 3
Upgraded Q -> 2 from #198 [1688918565387]
#917 opened by c4-judge - 1
BranchPort.toggleStrategyToken used on unregistered STRATEGY TOKEN will allow STRATEGIES to drain full token balance
#915 opened by code423n4 - 2
- 1
the mint function in erc4626 will mint incorrect amount
#913 opened by code423n4 - 1
- 2
Although `ERC20Boost.transfer` and `ERC20Boost.transferFrom` functions try to prevent sender from transferring her or his gauge boost amount that is not free to receiver, such sender can still call `UtilityManager.forfeitBoost` and `bHermes.transfer` or `bHermes.transferFrom` functions to bypass such prevention
#910 opened by code423n4 - 1
Reward clarinets can claim rewards multiple times
#909 opened by code423n4 - 2
- 1
MALICIOUS USER CAN CALL THE `FlywheelBribeRewards.setRewardsDepot()` FUNCTION INDEFINITELY TO PUSH `ethereum` INTO `STATE BLOAT`
#906 opened by code423n4 - 1
- 1
- 1
Calculation during rebalancing can overflow
#892 opened by code423n4 - 1
Gas Optimizations
#890 opened by code423n4 - 2
In case a token added to ERC4626MultiToken.sol/UlyssesToken.sol gets compromised, it will not be possible to add or remove any asset
#889 opened by code423n4 - 3
`FlywheelGaugeRewards.queueRewardsForCycle()` will not revert even if no tokens are received leaving the contract susceptible to data corruption
#886 opened by code423n4 - 1
Reactivated gauges can’t queue up rewards
#883 opened by code423n4 - 2
`UlyssesToken.updateAssetBalances()` might revert on some unexpected conditions
#891 opened by code423n4