Contest: https://code4rena.com/contests/2023-04-caviar-private-pools
- M-01 Private Pool creation in Factory contract should check implementation is initialized
- M-02 Flash loans can be used by attackers to claim rewards over token ownership
- M-03
changeFeeQuotewill fail for low decimal ERC20 tokens - M-04 Checking for interface support while fetching royalties might revert operation
- M-05
sellfunction in EthRouter doesn't check pool base token is ETH - M-06 Incorrect ETH amount sent to
changefunction in EthRouter - M-07 Flash loan fee is incorrect in Private Pool contract
- M-08 Deposit function should be only accessible by the pool owner
- M-09 Royalty fees may be incorrectly accounted in the
buyandsellfunctions of the PrivatePool contract - M-10 Users cannot control slippage in buy and sell operations
- M-11 PrivatePool creation may be front-runned or be recreated by an attacker during a chain reorganization