ConvexityProtocol
ConvexityProtocol copied to clipboard
opynfinance
Reentrancy in oToken.addERC20CollateralOption(uint256,uint256,address) (oToken.sol#160-167): External calls: - addERC20Collateral(msg.sender,amtCollateral) (oToken.sol#165) - require(bool,string)(collateral.transferFrom(msg.sender,address(this),amt),Could not transfer in collateral tokens) (OptionsContract.sol#362-365) State variables written after the call(s): - issueOTokens(amtToCreate,receiver) (oToken.sol#166) - _balances[account] = _balances[account].add(amount)...
Reentrancy in oToken.addAndSellERC20CollateralOption(uint256,uint256,address) (oToken.sol#197-211): External calls: - addERC20Collateral(msg.sender,amtCollateral) (oToken.sol#202) - require(bool,string)(collateral.transferFrom(msg.sender,address(this),amt),Could not transfer in collateral tokens) (OptionsContract.sol#362-365) State variables written after the call(s): - issueOTokens(amtToCreate,address(this)) (oToken.sol#203) - _balances[account] = _balances[account].add(amount)...
Reentrancy in [OptionsContract.addERC20Collateral(address,uint256)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L357-L370): External calls: - [require(bool,string)(collateral.transferFrom(msg.sender,address(this),amt),Could not transfer in collateral tokens)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L362-L365) State variables written after the call(s): - [_addCollateral(vaultOwner,amt)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L369) - [vault.collateral = vault.collateral.add(amt)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L836) Apply the [check-effects-interactions pattern](http://solidity.readthedocs.io/en/v0.4.21/security-considerations.html#re-entrancy).
[OptionsContract.isSafe(uint256,uint256)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L847-L885) performs a multiplication on the result of a division: -[rightSideVal = (collateralAmt.mul(collateralToEthPrice)).div(strikeToEthPrice)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L868-L870) -[stillSafe = leftSideVal
[OptionsContract.calculateOTokens(uint256,OptionsContract.Number)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L908-L943) performs a multiplication on the result of a division: -[numeratorVal = (collateralAmt.mul(collateralToEthPrice)).div(strikeToEthPrice)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L926-L928) -[numOptions = numeratorVal.mul(10 ** exp).div(denomVal)](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsContract.sol#L939) Consider ordering multiplication prior division.
[OptionsFactory.constructor(OptionsExchange,address)._oracleAddress](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsFactory.sol#L29) lacks a zero-check on : - [oracleAddress = _oracleAddress](https://github.com/opynfinance/OptionsProtocol/blob/dev/contracts/OptionsFactory.sol#L33) Check that the address is not zero.
Truffle scripts for: - create option - set option details - add, change and delete asset from options factory - create uniswap exchange
