Missing Validations for the return values of Chainlink Price feeds

Lines of code Vulnerability details Impact You check only the answerThe price after calling the chainlink Chainlink Price feeds in the following lines. In addition, you need to check whether the data is really updated. Proof of Concept Tools Used code review Recommended Mitigation Steps Please ad...

Removing Provider could lead to no provider at all

Lines of code Vulnerability details Impact When removing a provider you don't verify that there is at least one provider left. If no provider is left, then no price data can be reported. Proof of Concept 1 Tools Used hardhat test Recommended Mitigation Steps Add a checks on the length of the...

In Funding.sol#getAmountOut(), citadelAmount_ doesnot account for case of discount

Lines of code Vulnerability details Impact Function getAmountOutassetAmountIn fails to handle the case for funding.discount == 0 Proof of Concept function getAmountOutuint256 assetAmountIn public view returns uint256 citadelAmount uint256 citadelAmountWithoutDiscount = assetAmountIn...

Chainlink oracle might return stale data

Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...

Governor Infinitely Extend To Vesting Period

Lines of code Vulnerability details Impact During the review of StakedCitadelVester contract, It has been noticed governor role can extend vesting period indefinitely. There is no upper bound defined in the vesting period. Although, It is dependent on the governor, If governor private key is...

Use of deprecated Chainlink API

Lines of code Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...

Inconsistent use of oracle

Lines of code Vulnerability details Impact Throughout the protocol, oracles are relied upon to keep Volt stable, calculate payouts to users, and judge whether actions are eligible to be carried out. On the NonCustodialPSM contract, oracle is updated with the updateOracle function. However, there ...

XSS affecting "Logs" Page

Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboard. In a default installation organizr is set to log failed login attempts. In these attempts, the...

Chain ID Is Not Resistant To Hard Fork and Other Token Supports In The Oracle Contract

Lines of code Vulnerability details Impact During the code review, It has been observed only the following chain ids are supported for the chainlink. 1 and 42 - The contracts are not upgradeable therefore If there is any hard fork or new chain support, the contract should be deployed again with...

No reentrancy guard on mint() function that has a callback

Lines of code Vulnerability details Impact the mint function calls mint which has a callback to the "to" address argument. Functions with callbacks should have reentrancy guards in place for protection against possible malicious actors both from inside and outside the protocol. Proof of Concept...

Non unique token ID might lead to collusion

Lines of code Vulnerability details Impact Token IDs are defined as concatenation of points, total supply + 1. The total supply can decrease when split process in progress. This means that the contract might try to mint a token with an ID which already exists. Proof of Concept 1. Navigate to the...

GenericSwapFacet misuses _lifiData

Lines of code Vulnerability details Impact https://github.com/code-423n4/2022-03-lifinance/blob/main/docs/GenericSwapFacet.md stated that lifiData is strictly for analytics purposes. But lifiData is used to set receivingAsset. Proof of Concept In GenericSwapFacet.swapTokensGeneric,...

Withdrawal Requests Can Be Bypassed

Lines of code Vulnerability details Impact Withdrawals can be initiated by accounts by calling the initiateWithdrawal function. A block delay is enforced with an expiration to prevent flash loan attacks on the protocol. However, because withdrawal requests are conducted on the account's token...

Atlassian Fisheye and Crucible Brute Force Exploits

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. Atlassian Fisheye and Crucible are vulnerable to a brute force vulnerability due to a failure to check whether a user has exceeded their maximum failed login limit. An attacker...

FUNCTION SETBASEGAS LACKS BOUNDS CHECK AND EVENT EMIT AFFECTS TRANSFER

Lines of code Vulnerability details Impact Executors can, unintentionally, send a huge amount of ETH Proof of Concept The function setBaseGasuint128 gasLiquidityPool.sol should have bounds like MAXBASEGAS. Even worse this function lacks of event emit. As a result, executors can call sendFundsToUs...

Atlassian Fisheye和Crucible 安全漏洞

Atlassian Fisheye is a suite of source code depth viewers.Crucible is a suite of code review tools. Atlassian Fisheye and Crucible contain a security vulnerability that can be exploited by an attacker to view arbitrary files on a system...

Users Can Frontrun Token Distributions Using Flashloans

Lines of code Vulnerability details Impact The collector suite of contracts will actively send ANC token distributions to staked ANC token holders. However, because it is known beforehand that a distribution will be made to the governance contract, users can abuse this to frontrun distributions b...

Whitelisting is Disabled in CrossAnchorBridge.sol

Lines of code Vulnerability details Impact Upon deployment/initialisation, an array of collateral tokens are added to a whitelist, meaning that these tokens are the only tokens that should be deposited/redeemed. Any unsupported tokens should correctly revert so as to avoid instances where Terra...

Possible Wrong bAsset Rewards/Borrow limits Calculation

Lines of code Vulnerability details Impact During the code review, It has been observed that reward calculation has been done with executeepochoperations function. However, the config are stored in the storage. When the ancpurchasefactor is updated by the owner, the executeepochoperations is not...

Whitelist check commented out on the Cross Chain Stable tokens

Lines of code Vulnerability details Impact During the code review, It has been observed that the whitelisted token check is commented out. That will cause to user fund lost on the bridge. The related function only should allow white-listed tokens. Proof of Concept 1. Navigate to the the following...