Dexter

Findings · 14

1. 1 updateTokenPool can be abused to drain Dexter’s assets High
2. 2 tokenToXtz sends the tokens to the user High
3. 3 The allowance is incorrectly updated ater removing liquidity High
4. 4 Morley contracts are not properly tested Medium
5. 5 dexter.Approve is not compatible with FA1.2.Approve Low
6. 6 Discrepancy between the informal specification and the Morley contract on approve Low
7. 7 Improper use of Haskell type system to enforce type correctness in the stack Informational
8. 8 Call injection allows price corruption High
9. 9 Arithmetic rounding allows minting of liquidity tokens without payment of tokens Medium
10. 10 Arithmetic rounding might allow funds to be drained Undetermined
11. 11 Lack of “amount sent” protection can lead to trapped tezos Medium
12. 12 User-provided inputs are not properly validated in the frontend High
13. 13 Users can be tricked into adding liquidity for a baker that immediately changes Low
14. 14 Deadline for transactions are fixed at two hours from now Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.