Back

1inch Fusion v1

12/28/2022Published
ID
Severity
Status
Title 23 Findings
2.1.1
MAJOR
NO ISSUE

There is no validation of podCallGasLimit_ in ERC20Pods

2.1.2
MAJOR
NO ISSUE

There is no possibility to customize _POD_CALL_GAS_LIMIT in DelegatedShare

2.1.3
MAJOR
ACKNOWLEDGED

There is no validation of maxUserFarms in RewardableDelegationPod

2.1.4
MAJOR
FIXED

There is no value for feeReceiver in the constructor in St1Inch

2.1.5
MAJOR
NO ISSUE

There is no value for maxLoss in the constructor of the St1Inch contract

2.1.6
MAJOR
NO ISSUE

podCallGasLimit can not be customized in ERC20Pods

2.2.1
WARNING
FIXED

There is no validation that Pod has a valid token in ERC20Pods.

2.2.2
WARNING
NO ISSUE

The promote function is not authorized in WhitelistRegistry

2.2.3
WARNING
FIXED

There is no validation of promoted addresses in WhitelistRegistry

2.2.4
WARNING
FIXED

feeReceiver can be zero address in St1Inch

2.2.5
WARNING
NO ISSUE

Pod is not removed after withdrawal of all tokens from St1Inch

2.2.6
WARNING
ACKNOWLEDGED

Incorrect comparison in WhitelistRegistry

2.3.1
INFO
NO ISSUE

There is no validation of variables in Settlement

2.3.2
INFO
NO ISSUE

There is a possibility of overflow in Settlement

2.3.3
INFO
NO ISSUE

Orders with fee can be reverted in Settlement

2.3.4
INFO
NO ISSUE

The delegate function does not revert when prevDelegatee equals new delegatee in BasicDelegationPod

2.3.5
INFO
NO ISSUE

The withdraw and withdrawTo functions do not revert when lock amount equals 0 in St1inch

2.3.6
INFO
FIXED

The _DEFAULT_INITIAL_RATE_BUMP and _DEFAULT_DURATION constants are not used in Settlement

2.3.7
INFO
ACKNOWLEDGED

rateBump is not calculated in tests

2.3.8
INFO
NO ISSUE

Redundant allowance after resolve of the order in Settlement

2.3.9
INFO
NO ISSUE

Promoted address can not be removed in WhitelistRegistry

2.3.10
INFO
NO ISSUE

It is possible to call _mint with zero value in St1Inch

2.3.11
INFO
FIXED

There is no validation of constructor parameters in FeeBank

Please select finding