20 matches found
[H-02] Mitigation error: Null Votium withdrawal requests are queued last
Lines of code Vulnerability details Description When a request to withdraw is placed such that VotiumStrategy.requestWithdraw0 is called, this queues it to the end of all previous withdrawal requests as if an infinitesimal amount is to be withdrawn, incurring an artificially prolonged withdrawal...
M-07 Unmitigated
Lines of code Vulnerability details Mitigation of M-07: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings38 Comments The changes related to this issue are: Access control has been added to AfEth::depositRewards using the onlyVotiumOrRewarder modifier. This functi...
Null VotiumStrategy deposits revert
Lines of code Vulnerability details Impact Deposits which attempt to deposit 0 in VotiumStrategy revert. Proof of concept The issue is similar to H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process. Depositing in AfEth might call VotiumStrategy.deposit1 if the ratio ...
Price inflation pump
Lines of code Vulnerability details Impact AfEth price can be inflated until severe rounding errors occur. Proof of concept Deposit in AfEth such that totalValue == 1 and thus 1 afEth is minted. Then AfEth.price will be in the open interval $1,2$ AfEth.price $= 1$ is extremely unlikely. Deposit i...
[ADRIRO-NEW-M-02] AfEth withdrawals are delayed even if the vAfEth withdrawal amount is zero
Lines of code Vulnerability details Summary While zero amount withdrawals of SafEth have been prevented, the updated codebase still executes the withdrawal process for zero amount withdrawals of vAfEth, creating an unnecessary delay in AfEth withdrawals. Impact In AfEth, the withdrawal process is...
M-06 Unmitigated
Lines of code Vulnerability details Mitigation of M-06: Issue NOT mitigated Mitigated issue M-06: Missing deadline check for AfEth actions The issue was missing deadline checks for deposits and withdrawals. Mitigation review - missing deadline for rewards Deadline parameters have been added to...
[ADRIRO-NEW-H-02] Users loses their share of rewards while waiting for withdrawal
Lines of code Vulnerability details Summary Withdrawals in AfEth undergo a delay until the underlying CVX tokens can be withdrawn. Depositors need to request a withdrawal and wait until the required withdrawal epoch before making their withdrawal effective. During this period of time, they will...
M-07 Unmitigated
Lines of code Vulnerability details Mitigation of M-07: Issue NOT fully mitigated with ERROR Mitigated issue M-07: Lack of access control and value validation in the reward flow exposes functions to public access The issue was that anyone can deposit rewards to AfEth, and that if AfEth or...
Intrinsic arbitrage from price discrepancy
Lines of code Vulnerability details Impact The up to 2 % price discrepancy from Chainlink creates an intrinsic arbitrage. Especially, it makes withdrawals worth more than deposits in the sense that one can immediately withdraw more than just deposited. Proof of Concept When depositing ETH into...
Zero amount withdrawals of SafEth or Votium will brick the withdraw process
Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...
AfEth collaterals cannot be balanced after ratio is changed
Lines of code Vulnerability details Summary The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio. Impact The AfEth contract contains a configurable parameter ratio that indicates the intended balance between the two...
VotiumStrategy.price() does not validate Chainlink response
Lines of code Vulnerability details Impact AfEth.deposit may mint an incorrect amount of afEth. VotiumStrategy.price may return an incorrect price of vAfEth. AfEth.price may return an incorrect price of afEth. Proof of Concept VotiumStrategy.price function price external view override returns...
Incorrect AfEth.price() calculation
Lines of code Vulnerability details Impact AfEth.price may be calculated as too low. Proof of Concept AfEth.requestWithdraw does not burn the afEth but only transfers it to itself. Hence the withdrawRatio is calculated using only the free supply of afEth: AfEth.solL180-L185 // ratio of afEth bein...
Unsafe use of balanceOf(address(this))
Lines of code Vulnerability details Impact AfEth.deposit can be bricked. Proof of Concept AfEth makes use of its own balance of afEth as a temporary store of afEth for withdrawal requests. On requestWithdraw afEth is transferred to the AfEth contract and these are then burned on withdraw. The...
sellCVX(0) reverts
Lines of code Vulnerability details Impact A withdrawal cannot be finalised if requested at a time when AfEth had only safEth, and that owed share of safEth is permanently lost. Proof of Concept It is possible that AfEth holds at most dust amounts of vAfEth if ratio = 100 %. The amounts of vAfEth...
AfEth deposits could use price data from an invalid Chainlink response
Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...
Missing deadline check for AfEth actions
Lines of code Vulnerability details Summary AfEth main actions execute on-chain swaps and lack an expiration deadline, which enables pending transactions to be maliciously executed at a later point. Impact Both AfEth deposits and withdrawals include on-chain swaps in AMM protocols as part of thei...
Lack of access control and value validation in the reward flow exposes functions to public access
Lines of code Vulnerability details Summary Some functions that are part of the Votium reward flow are left unprotected and can be accessed by anyone to spend resources held by the contract. Impact Rewards coming from the Votium protocol are claimed and compounded back in AfEth. This flow consist...
AfEth price calculation doesn't factor locked tokens held in contract balance
Lines of code Vulnerability details Summary When withdrawals are enqueued in AfEth, the implementation will remove the tokens from the caller and lock these in the contract until the withdrawal is made effective. These tokens still count in the supply, and must not be considered during price...
AfEth withdrawing will not work when ratio will be 0
Lines of code Vulnerability details Impact AfEth withdrawing will not work when ratio will be 0. It will be not possible to withdraw. Proof of Concept Any ratio for the 2 tokens of afEth can be set by owner. AfEth.withdraw function will not work in case if ratio will be 0, which means that safEth...