764 matches found
token.transferFrom signaling failure by returning false may allow for funds to be stolen
Lines of code Vulnerability details Impact ERC20MultiDelegate is expected to work with any ERC20-compliant tokens as long as they provide the same functionality and interface as ERC20Votes from OpenZeppelin. This makes it possible for ERC20MultiDelegate to work with a token that signals...
Some ERC20Votes tokens will not work if you set approve() to any value without setting to zero first
Lines of code Vulnerability details Impact Not setting allowance to Zero before changing the allowance can hinder the deployment of the ERC20ProxyDelegator contract for some ERC20 tokens Proof of Concept Some ERC20 tokens like USDT with Voting enabled will not work when changing the allowance fro...
Unbounded approval in ERC20ProxyDelegator allows potential token theft; limit approvals.
Lines of code Vulnerability details Impact The proxy contract ERC20ProxyDelegator approves maximum possible tokens to the ERC20MultiDelegate contract. This could allow the ERC20MultiDelegate to steal all tokens from the proxy contracts. The approval amount should be limited to only what is...
_reimburse and createProxyDelegatorAndTransfer uses ERC20Votes.transferFrom with user as msg.sender, but allowance is given for ERC20MultiDelegate contract.
Lines of code Vulnerability details Description The delegateMulti external method is called by user. This function call some internal functions like reimburse and transferBetweenDelegators, which doesn't change the msg.sender because they are internal. So, when these functions try to use...
Mismatch of decimals for some underlying tokens across chains could cause a huge loss of funds
Lines of code Vulnerability details Impact The issue is, some ERC20 underlying tokens could have different decimals on other chains. For example, USDC in BNB chain has 18 decimals where it has 6 decimals in other chains such as Ethereum, Polygon ...etc. The root chain doesn't account for decimals...
Cross-Chain Token Cap Disparity
Lines of code Vulnerability details Impact Potential loss of token value when minted values exceed the uint capacity of target chains, leading to incorrect token representation and financial discrepancies. Proof of Concept This function mints tokens or at least a representation of other chain...
Lack of Access Control in public function VirtualAccount.payableCall
Lines of code Vulnerability details Description The VirtualAccount contract allows users to manage assets and perform interactions remotely while maintaining an encapsulated user balance. The contract includes a payableCall function that aggregates and executes a batch of calls to external...
USDT tokens should approve to zero first otherwise it may cause other tokens to get stuck in the case of aprooveMultipleTokens
Lines of code Vulnerability details Impact Unsafe ERC20 approve that do not handle non-standard erc20 behavior. Some token contracts do not return any value. Some token contracts revert the transaction when the allowance is not zero. Proof of Concept When receiving tokens to the destination chain...
Potential Blacklisting from Accepting Tainted Tokens
Lines of code Vulnerability details Impact The contract can store practically any token, the problem is that some tokens have to be compliant with authorities and because of that they can and probably will add the contract's address to their blacklist if any tainted token is sent to it, here it i...
Restriction Manager does not check the source address
Lines of code Vulnerability details Impact The detectTransferRestriction takes in all the necessary parameters: function detectTransferRestrictionaddress from, address to, uint256 value public view returns uint8 However it only performs a check on the address to The restriction used here is...
SafeTransferLib's safeApprove() does not set allowance 0 first which would lead to the escrow encountering issues when dealing with tether's USDT or tokens like it.
Lines of code Vulnerability details Impact Medium... a number of features within the protocol will not work if an approval reverts in the escrow or anywhere else NB: Report mainly focuses on the usage of the SafeTransferLib's safeApprove, but bug is attached to the underlying call made to approve...
InvestmentManager.requestDeposit Arbitrary send erc20
Lines of code Vulnerability details Impact InvestmentManager.requestDeposit. In this function, the SafeTransferLib.safeTransferFrom function is called with an arbitrary from address. This means that the attacker can control who the tokens are transferred from. Proof of Concept Tools Used manual...
approve function can be frontrun and funds will be stolen as a result
Lines of code Vulnerability details Impact The user that gives allowances will lose funds. Proof of Concept In the file ERC20.sol there is a function approve. This function is problematic as it is susceptible to frontrunning attacks. PoC: Consider the following scenario: Alice calls the function...
https://github.com/code-423n4/2023-09-centrifuge/blob/main/src/InvestmentManager.sol#L467-L480
Lines of code Vulnerability details Impact In this function InvestmentManager.deposit, the require statement calls the lPool.transferFrom function with an arbitrary from address. This means that the attacker can control who the tokens are transferred from. Proof of Concept Tools Used manuel revie...
Signature malleability in permit function
Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...
Incorrent approval for escrow tokens, not allowing to burn on redeem
Lines of code Vulnerability details Impact Liquidity pool approval for burning escrow tokens is not correctly assigned when pool is deployed on PoolManager deployLiquidityPool lines: EscrowLikeescrow.approveliquidityPool, addressinvestmentManager, typeuint256.max; // Approve investment manager on...
An attacker can use the flashloan function with an invalid collateral asset
Lines of code Vulnerability details Impact Function flashloan - allows delegate token owner or approved operator to borrow their underlying tokens for the duration of a single atomic transaction. The function uses Structs.FlashInfo calldata info as an input parameter. Failure to call...
Protocols does not work with fee-on-transfer ERC20 tokens
Lines of code Vulnerability details Impact The protocol does not work with fee-on-transfer ERC20 tokens. When this type of token is escrowed, the amount is sent to the DelegateToken contract. After that the underlying amount delegateInfo.amount is stored in the...
The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller
Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...
User funds may be blocked if tokens with a transfer fee are used as the underlyingToken
Lines of code Vulnerability details Impact The user can create rights token pair pulling underlying token. To do this, it calls the create function . During the execution of the function, the user sends tokens to the contract address . If an ERC20 token is used as a tokenContract, then the...