Spectra Finance

Reports by Severity

Medium
  • #44064 [SC-Medium] Dispatcher incorrect validation causes principal tokens to be stuck in inheriting contract allowing attacker to steal user funds

  • #44167 [SC-Medium] Incorrect balance check in PT redemption commands

Low
  • #43729 [SC-Low] Silent execution failure on `Dispatcher::_dispatch` due to unchecked return value on `Dispatcher:TRANSFER_NATIVE` operation

  • #44175 [SC-Low] Missing Success Check for payable(recipient).call

  • #44131 [SC-Low] An attacker can steal frozen user ETH due to Dispatcher error

  • #43274 [SC-Low] `TRANSFER_NATIVE` Command in Dispatcher Does Not Check Return Value of Low-Level Call

  • #44170 [SC-Low] Missing Check for Native ETH Transfer Success Allows Silent Failures and Potential Theft of Funds

  • #44173 [SC-Low] Unchecked Low-Level Call in TRANSFER_NATIVE in `Dispatcher::_dispatch` Can Lead to Locked Ether and Potential Theft

  • #43912 [SC-Low] Lack of ETH Success Transfer Checks in Dispatcher.sol

  • #43408 [SC-Low] Not checking call success in `TRANSFER_NATIVE`

  • #43490 [SC-Low] TRANSFER_NATIVE in Dispatcher can lead to loss of funds due to not checking user can receive ETH

  • #43380 [SC-Low] Missing Error Check in TRANSFER_NATIVE Command

  • #43528 [SC-Low] fund freeze scenario

  • #43611 [SC-Low] Unchecked ETH Transfer in TRANSFER_NATIVE Command Risks Silent Failures

  • #44035 [SC-Low] Lack of validation in native transfer allows attacker to steal user funds

  • #43987 [SC-Low] Unchecked low-level ETH transfer in `Dispatcher.sol` may lead to undetected failures

  • #43856 [SC-Low] Dispatcher._dispatch() does not revert on failure of transfer of funds when called with the TRANSFER_NATIVE command

  • #44158 [SC-Low] Dispatcher does not check if native transfers are successful

  • #44081 [SC-Low] Users ETH could be stuck forever without a way to recover it

  • #43712 [SC-Low] Silent ETH transfer failure in `TRANSFER_NATIVE` command leads to permament locking of user funds

  • #43981 [SC-Low] Silent ETH transfer failure in `TRANSFER_NATIVE` command can permanently lock user funds

  • #44161 [SC-Low] Return value of low level call not ckecked in `Dispatcher.sol` contract

  • #44101 [SC-Low] `_dispatch()` incorrectly assumes revert bubbling when transferring native tokens.

  • #43659 [SC-Low] Silent ETH transfer failure in `Dispatcher.sol` leads to permament freezing of funds

  • #43469 [SC-Low] Return value of low level call not checked can cause silent Reverts

  • #44091 [SC-Low] Lack of ETH transfer check leads to stolen funds

  • #43803 [SC-Low] Boolean success returned from address.call{value: amount}() not checked

Insight
  • #44084 [SC-Insight] Incorrect Nat spec in `calcIBTsToTokenizeForCurvePool` and `calcIBTsToTokenizeForCurvePoolCustomProp`

  • #43195 [SC-Insight] `Dispatcher.sol` uses `initializer` modifier instead of `onlyInitializing`

  • #44083 [SC-Insight] Inconsistency in `CurvePoolUtil`

  • #43402 [SC-Insight] Function `getPTUnderlyingUnit` could be marked external

  • #43464 [SC-Insight] Refactoring `Router.sol` for gas savings and reducing code redundancy from two different `Router::execute()` which can result in undesirable outcomes for potentially delayed tra...

  • #43314 [SC-Insight] Oracle functions mislead integrators as it is not compatible with Chainlink Price feed behaviour

  • #43971 [SC-Insight] Incorrect NatSpec Tag in removeRateOracle() Misrepresents Function Reference

Reports by Type

Smart Contract
  • #43729 [SC-Low] Silent execution failure on `Dispatcher::_dispatch` due to unchecked return value on `Dispatcher:TRANSFER_NATIVE` operation

  • #44175 [SC-Low] Missing Success Check for payable(recipient).call

  • #44084 [SC-Insight] Incorrect Nat spec in `calcIBTsToTokenizeForCurvePool` and `calcIBTsToTokenizeForCurvePoolCustomProp`

  • #43195 [SC-Insight] `Dispatcher.sol` uses `initializer` modifier instead of `onlyInitializing`

  • #44131 [SC-Low] An attacker can steal frozen user ETH due to Dispatcher error

  • #43274 [SC-Low] `TRANSFER_NATIVE` Command in Dispatcher Does Not Check Return Value of Low-Level Call

  • #44170 [SC-Low] Missing Check for Native ETH Transfer Success Allows Silent Failures and Potential Theft of Funds

  • #44173 [SC-Low] Unchecked Low-Level Call in TRANSFER_NATIVE in `Dispatcher::_dispatch` Can Lead to Locked Ether and Potential Theft

  • #44083 [SC-Insight] Inconsistency in `CurvePoolUtil`

  • #43912 [SC-Low] Lack of ETH Success Transfer Checks in Dispatcher.sol

  • #43402 [SC-Insight] Function `getPTUnderlyingUnit` could be marked external

  • #43464 [SC-Insight] Refactoring `Router.sol` for gas savings and reducing code redundancy from two different `Router::execute()` which can result in undesirable outcomes for potentially delayed tra...

  • #43408 [SC-Low] Not checking call success in `TRANSFER_NATIVE`

  • #43490 [SC-Low] TRANSFER_NATIVE in Dispatcher can lead to loss of funds due to not checking user can receive ETH

  • #43380 [SC-Low] Missing Error Check in TRANSFER_NATIVE Command

  • #43528 [SC-Low] fund freeze scenario

  • #43611 [SC-Low] Unchecked ETH Transfer in TRANSFER_NATIVE Command Risks Silent Failures

  • #44035 [SC-Low] Lack of validation in native transfer allows attacker to steal user funds

  • #43987 [SC-Low] Unchecked low-level ETH transfer in `Dispatcher.sol` may lead to undetected failures

  • #43856 [SC-Low] Dispatcher._dispatch() does not revert on failure of transfer of funds when called with the TRANSFER_NATIVE command

  • #44158 [SC-Low] Dispatcher does not check if native transfers are successful

  • #44081 [SC-Low] Users ETH could be stuck forever without a way to recover it

  • #43712 [SC-Low] Silent ETH transfer failure in `TRANSFER_NATIVE` command leads to permament locking of user funds

  • #43981 [SC-Low] Silent ETH transfer failure in `TRANSFER_NATIVE` command can permanently lock user funds

  • #44064 [SC-Medium] Dispatcher incorrect validation causes principal tokens to be stuck in inheriting contract allowing attacker to steal user funds

  • #44161 [SC-Low] Return value of low level call not ckecked in `Dispatcher.sol` contract

  • #44101 [SC-Low] `_dispatch()` incorrectly assumes revert bubbling when transferring native tokens.

  • #43659 [SC-Low] Silent ETH transfer failure in `Dispatcher.sol` leads to permament freezing of funds

  • #43314 [SC-Insight] Oracle functions mislead integrators as it is not compatible with Chainlink Price feed behaviour

  • #43469 [SC-Low] Return value of low level call not checked can cause silent Reverts

  • #44091 [SC-Low] Lack of ETH transfer check leads to stolen funds

  • #43803 [SC-Low] Boolean success returned from address.call{value: amount}() not checked

  • #43971 [SC-Insight] Incorrect NatSpec Tag in removeRateOracle() Misrepresents Function Reference

  • #44167 [SC-Medium] Incorrect balance check in PT redemption commands

Was this helpful?