GSquared

Findings · 16

1. 1 Unbounded loop can cause denial of service High
2. 2 Lack of two-step process for contract ownership changes Informational
3. 3 Non-zero token balances in the GRouter can be stolen Informational
4. 4 Uninformative implementation of maxDeposit and maxMint from EIP-4626 Informational
5. 5 moveStrategy runs of out gas for large inputs Informational
6. 6 GVault withdrawals from ConvexStrategy are vulnerable to sandwich attacks Medium
7. 7 Stop loss primer cannot be deactivated Medium
8. 8 getYieldTokenAmount uses convertToAssets instead of convertToShares Medium
9. 9 convertToShares can be manipulated to block deposits Medium
10. 10 Harvest operation could be blocked if eligibility check on a strategy reverts Informational
11. 11 Incorrect rounding direction in GVault Medium
12. 12 Protocol migration is vulnerable to front-running and a loss of funds High
13. 13 Incorrect slippage calculation performed during strategy investments and divestitures Medium
14. 14 Potential division by zero in _calcTrancheValue Informational
15. 15 Token withdrawals from GTranche are sent to the incorrect address Informational
16. 16 Solidity compiler optimizations can be problematic Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.