code-423n4/2024-05-loop-findings

Issues

• QA Report

  #117 opened 2 years ago by howlbot-integration
  4

• Gas Optimizations

  #126 opened 2 years ago by howlbot-integration
  5

• QA Report

  #121 opened 2 years ago by howlbot-integration
  4

• QA Report

  #115 opened 2 years ago by howlbot-integration
  4

• QA Report

  #118 opened 2 years ago by howlbot-integration
  7

• QA Report

  #104 opened 2 years ago by howlbot-integration
  5

• QA Report

  #105 opened 2 years ago by howlbot-integration
  3

• QA Report

  #111 opened 2 years ago by howlbot-integration
  3

• QA Report

  #112 opened 2 years ago by howlbot-integration
  3

• QA Report

  #113 opened 2 years ago by howlbot-integration
  3

• QA Report

  #114 opened 2 years ago by howlbot-integration
  3

• QA Report

  #116 opened 2 years ago by howlbot-integration
  3

• QA Report

  #119 opened 2 years ago by howlbot-integration
  3

• QA Report

  #120 opened 2 years ago by howlbot-integration
  3

• QA Report

  #103 opened 2 years ago by howlbot-integration
  3

• QA Report

  #127 opened 2 years ago by howlbot-integration
  3

• User can frontrun claiming and steal all of the locked ethers for himself

  #134 opened a year ago by howlbot-integration
  3

• Upgraded Q -> 3 from #117 [1718034766745]

  #137 opened a year ago by c4-judge
  3

• Ethers sent to the contract can be stolen from any user

  #136 opened a year ago by howlbot-integration
  5

• Out-of-Bounds Access in `_decodeUniswapV3Data`

  #100 opened a year ago by howlbot-integration
  9

• Tracking the points through the emitted event on lock is incorrect for LRT tokens

  #135 opened a year ago by howlbot-integration
  13

• `recoverERC20` token Failure if Owner is Blacklisted

  #95 opened a year ago by howlbot-integration
  4

• Lack of Functionality to Disallow Tokens from the allowed list

  #96 opened a year ago by howlbot-integration
  6

• Gas Optimizations

  #123 opened a year ago by howlbot-integration
  2

• It's possible for an user to withdraw ERC20 tokens even at non-allowed periods

  #99 opened a year ago by howlbot-integration
  3

• Whitelisting Prevents Recovery of Mistakenly Sent Tokens via `recoverERC20`

  #94 opened a year ago by howlbot-integration
  2

• LRT token can only be allowed

  #101 opened a year ago by howlbot-integration
  3

• UniV3 Feature unusable due to incorrect encoding

  #106 opened a year ago by howlbot-integration
  4

• Claiming with `UniswapV3` as the Exchange Parameter and `msg.sender` as the Recipient Won't Deposit into lpETH, and the Wrong Event Will Be Emitted

  #110 opened a year ago by howlbot-integration
  3

• QA Report

  #122 opened a year ago by howlbot-integration
  3

• QA Report

  #124 opened a year ago by howlbot-integration
  3

• QA Report

  #125 opened a year ago by howlbot-integration
  3

• QA Report

  #128 opened a year ago by howlbot-integration
  3

• QA Report

  #129 opened a year ago by howlbot-integration
  3

• Lenders cannot claim their tokens in some cases

  #102 opened a year ago by howlbot-integration
  3

• Assumption that if the swap is purely on `UniswapV3` then the selector is the `UNI_SELECTOR` is incorrect causing the `_validateData()` function to revert

  #109 opened a year ago by howlbot-integration
  3

• Vulnerable tokens cannot be removed from the isTokenAllowed map

  #90 opened a year ago by howlbot-integration
  3

• Missing Token Removal Functionality

  #84 opened a year ago by howlbot-integration
  3

• Tokens cannot be disallowed nnce allowed

  #85 opened a year ago by howlbot-integration
  3

• Lack of Token De-listing Functionality

  #86 opened a year ago by howlbot-integration
  3

• The contract lacks of a setter to disallow a token

  #87 opened a year ago by howlbot-integration
  3

• [M-02] Once a token is allowed using `PrelaunchPoints::allowToken` function, there is no way to disallow

  #88 opened a year ago by howlbot-integration
  3

• If allowed token have vulnerability been found, there is no way to remove it, which could harm the protocol

  #89 opened a year ago by howlbot-integration
  3

• Lack of method for removing allowedTokens can brick the system

  #91 opened a year ago by howlbot-integration
  4

• Tokens cannot be removed from Allowedlist once added

  #92 opened a year ago by howlbot-integration
  4

• Permanent Whitelisting in PrelaunchPoints Contract Poses Security Risks

  #93 opened a year ago by howlbot-integration
  4

• Consider adding disallowToken instead of only allowToken function

  #98 opened a year ago by howlbot-integration
  6

• Protocol Cannot Disallow Unwanted or Blacklist Tokens After it has been Allowed

  #97 opened a year ago by howlbot-integration
  4

• `claim()` and `claimAndStake()` Will Not Work with UniswapV3 as the Exchange Parameter

  #108 opened a year ago by howlbot-integration
  3

• `claim` and `claimAndStake` will always revert when 0x API uses Uniswap_V3

  #107 opened a year ago by howlbot-integration
  4