Vulnerability: Setting the userClaimedEpoch to a wrong Epoch / Contract: LendingLedger / Function: claim

Lines of code Vulnerability details Impact The userClaimedEpoch is setted to a different epoch week more than the actual epoch of the claim. Proof of Concept In the function to claim the canto for a market, the claiming can only be made for a prior epoch and the function does it in that way, but...

RngRelayAuction can be bricked or used to specify arbitrary winning random numbers

Lines of code Vulnerability details Impact The RngRelayAuction contract deployed on each chain has a rngComplete method that is supposed to be called by the relayer in order to close/complete a prize draw. However this method doesn't have any access control and can therefore be called by anyone...

Loss of Funds when user wants to repay debt and underflow in _repay () function

Lines of code Vulnerability details Impact There is no check for if userBorrowPartto is greater than or equal to part before subtraction which can lead to loss of funds for user or underflow, incase a user inputs more amount than the user is in debt for. Proof of Concept Provide direct links to a...

liquidateBorrow() mTokens that do not enter the market can still be liquidated as collateral

Lines of code Vulnerability details Impact borrower's mTokens that do not join the market, but it still be Liquidation as collateral Proof of Concept If user wants to use mToken as collateral, the user needs to enter market with enterMarket function. / @notice Add assets to be included in account...

possible revert due to improper subtraction in _extendableMsgData() of LSP17Extension.sol

Lines of code Vulnerability details Impact in extendableMsgData of LSP17Extension.sol there is an arithmetic calculation msg.data:msg.data.length - 52; msg.data.length may be smaller than 52 in some instances. this can cause reverts in solidity Proof of Concept function extendableMsgData internal...

Vetoed proposals still can be execute or queued

Lines of code Vulnerability details Impact Function veto does not change the state of the proposal. This means, that when a proposal is in a ProposalState.Queued state and then vetoed - it, still can be executed. The same occurs for proposals in ProposalState.Succeeded state - even after being...

The admin is a single point of failure and a centralization risk

Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Consider...

DoS by cancelling newly created proposals

Lines of code Vulnerability details Impact Malicious user can cancel any freshly created proposal, thus making the goverence not usuable to anyone. Whenever new proposal is being created, a malicious actor can cancel it. Proof of Concept Function cancel is external, thus it can be called by anyon...

LSP8CompatibleERC721._checkOnERC721Received return value is incorrect

Lines of code Vulnerability details Impact Can be transferred to EOA through safeTransferFrom Proof of Concept problematic code call path safeTransferFrom-safeTransfer-checkOnERC721Received safeTransferFrom annotate / @inheritdoc ILSP8CompatibleERC721 @dev Compatible with ERC721 safeTransferFrom...

Potential draining Well via slippage imprecision and swapping the same token

Lines of code Vulnerability details Impact According to Well.sol comment: // Note: The rounding approach of the Well function determines whether // slippage from imprecision goes to the Well or to the User. imprecision can either goes to the Well or User. In this scenario we will assume that Well...

The code uses arithmetic operations without explicitly checking for possible overflows or underflows

Lines of code Vulnerability details Impact The impact of the Integer Overflow/Underflow vulnerability can be summarized as follows: Data Inaccuracy: The vulnerability can lead to incorrect calculations and inaccurate data, potentially compromising the integrity of voting processes and other...

If a STRATEGY TOKEN is "Toggled off" STRATEGIES will still be able to withdraw but returning of tokens with replenishReserves will be disabled.

Lines of code Vulnerability details Impact BranchPort.manage allows a registered Strategy to withdraw certain amounts of enabled strategy tokens. It validates access rights ie. if called by a strategy registered for the requested token. It however doesn't check if the token itself is currently...

Missing require statements in onlyRole/checkRole modifiers

Lines of code Vulnerability details In LybraConfigurator.sol, there are two modifiers, checkOnlyRole and checkRole from GovernanceTimelock, designed to verify whether the msg.sender is authorized. However, these modifiers lack "require" statements to enforce the condition that the returned boolea...

FreeBSD : SoftEtherVPN -- multiple vulnerabilities (d821956f-1753-11ee-ad66-1c61b4739ac9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d821956f-1753-11ee-ad66-1c61b4739ac9 advisory. - Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and...

SoftEtherVPN -- multiple vulnerabilities

Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code. The risk of exploitation of any of the fixed vulnerabilities ...

Pre-defined limit is different from the spec.

Lines of code Vulnerability details Impact In the spec, the pre-defined limit of ETH is 0.01 ETHs. But the actual limit in the code is not 0.01 ETH which could result in misleading. Proof of Concept In the spec, it said that the pre-defined limit of ETH is 0.01 ETHs For risk management purposes, ...

potential arithmetic overflow in the code under review.

Lines of code Vulnerability details Summary This report highlights a high vulnerability related to potential arithmetic overflow in the code under review. Vulnerability Details The code performs arithmetic operations, such as addition, subtraction, multiplication, and division, on sdk.Int values...

Gas griefing/thief in LlamaAccount execute()

Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...

Role might be granted and revoked at the same block to manipulate the role supply and result in incorrect behavior of relative strategy

Lines of code Vulnerability details Impact There is a potential issue where a role can be granted, votes can be cast, and then the role can be revoked in the same block. This can lead to incorrect behavior of relative strategy in manipulating the vote supply. The problem arises because the role...

auctionBuyNft() borrower can block the bidding

Lines of code Vulnerability details Impact borrower can block the bidding Proof of Concept auctionBuyNft When the bid is successful and there is an extra amount, it will be refunded to borrower The code is as follows: function auctionBuyNft Lien calldata lien, uint256 lienId, uint256 tokenId,...