Computable

Findings · 22

1. 1 Candidate proposal denial of service by front-running transactions Medium
2. 2 Re-parameterization may be abused to exploit markets High
3. 3 increaseApproval and decreaseApproval do not follow ERC20 standard Low
4. 4 Missing check for zero address in setPrivileged Low
5. 5 Staked tokens can be destroyed through a failed challenge High
6. 6 Staked tokens can be destroyed through a challenge re-creation High
7. 7 A successful challenge may force the Maker to lose all tokens Medium
8. 8 Bookkeeping inconsistency in Datatrust in case of price change Low
9. 9 EtherToken/MarketToken owners can drain ether from users High
10. 10 Reporting excess bytes delivered will prevent ongoing purchases Medium
11. 11 Delivering more bytes than purchased can trigger unexpected behavior for third parties Low
12. 12 Request delivery denial of service by front-running transactions Low
13. 13 Attackers can prevent new challenges/listings/backends, parameter changes, and stake retrievals Medium
14. 14 Malicious Backend candidate can exploit submitted url for phishing or denial of service. High
15. 15 Quick buy and sell allows vote manipulation High
16. 16 EtherTokens can be used to increase the price arbitrarily Low
17. 17 Arithmetic rounding might lead to trapped tokens Low
18. 18 Race condition on Reserve buy and sell allows one to steal ethers Medium
19. 19 requestDelivery is prone to a race condition when computing the price Low
20. 20 Lack of timeout to resolve candidates High
21. 21 No quorum in voting allows attack to spam the election with candidates High
22. 22 Lack of timeout to claim listing fees allows price manipulation High

Findings extracted from the published report PDF. See the full report below for details and remediation.