64 matches found
Intrinsic arbitrage between assets due to price feed deviation threshold
Lines of code Vulnerability details Impact Withdrawals have not yet been implemented but I assume it will be implemented in the usual way such that the fraction of total supply of rsETH a user redeems gives him an equal fraction of total assets held, i.e. received = sharesToRedeem totalAssets /...
In for a penny, in for ten quadrillion dollars
Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...
It is possible to prematurely unlock assets that should still be locked up by setting the cooldown duration to 0.
Lines of code Vulnerability details Impact It undermines the security of the cooldown period. Specifically: • Users who have assets locked up in the cooldown period could immediately withdraw them if the admin sets the duration to 0. This violates the intent of having a cooldown period to begin...
DoS of the staking functionality due to the check of minimum total supply
Lines of code Vulnerability details Impact The StakedUSDe contract can be accidentally blocked if the all shares will be redeemed before the VESTINGPERIOD end. The checkMinShares function will then revert for any eligible deposits. The same result will be in case of asset transferring to the...
Lack of functionality to distribute the yield to the USDe stakers.
Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...
Upgraded Q -> 2 from #2037 [1698131784473]
Judge has assessed an item in Issue 2037 as 2 risk. The relevant finding follows: L‑01 Early users can modify the underlying assets’ unit share price Summary: ERC4626, an extension of ERC20, is a standard that is mostly used in yield-bearing tokens. The contract of an ERC4626 token itself is an...
Incorrect AfEth.price() calculation
Lines of code Vulnerability details Impact AfEth.price may be calculated as too low. Proof of Concept AfEth.requestWithdraw does not burn the afEth but only transfers it to itself. Hence the withdrawRatio is calculated using only the free supply of afEth: AfEth.solL180-L185 // ratio of afEth bein...
Unsafe use of balanceOf(address(this))
Lines of code Vulnerability details Impact AfEth.deposit can be bricked. Proof of Concept AfEth makes use of its own balance of afEth as a temporary store of afEth for withdrawal requests. On requestWithdraw afEth is transferred to the AfEth contract and these are then burned on withdraw. The...
LiquidityPool.sol doesn't respect fully EIP 4626
Lines of code Vulnerability details Impact The EIP-4626 states that the function previewMint and previewWithdraw should be rounded up always, but that is not the case in the InvestmentManager.sol which makes it not fully compliant. Proof of Concept As can be seen by EIP-4626 the function...
previewWithdraw doesn't round up the asset amount leading to confusion when external protocols integrate with the vaults of the protocol
Lines of code Vulnerability details Impact Protocols, that integrate with Centrifuge liquidity pools may wrongly assume that withdraw rounds the amount up as per the ERC-4626 specification leading to a wide array or issues for both parties. Proof of Concept The following is stated in the EIP's...
GeVault LP calculations do not use scaling and are vulnerable to deposit attacks
Lines of code Vulnerability details Impact Currently, getTVL counts all token balances in GeVault, and attackers can manipulate getTVL to implement deposit attacks. Secondly, since the calculation of LP does not use scaling, because there is a precision error in the division, the cost for the...
Upgraded Q -> 3 from #16 [1691315821722]
Judge has assessed an item in Issue 16 as 3 risk. The relevant finding follows: L-04: MorphoTokenisedDeposit override decimalsOffset ==0 increase ERC4626 inflation attack risk --- The text was updated successfully, but these errors were encountered: All reactions...
Potential Early Exploit in Morho-Aave ERC4626 Implementation
Lines of code Vulnerability details Impact The issue discovered can be exploited when a vault is initially empty. A malicious actor could frontrun a legitimate user's deposit, contributing a negligible amount to the vault. This allows the actor to own shares while the total asset in the vault is...
Depositors might lose funds due to the lack of zero share check
Lines of code Vulnerability details Impact Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial...
Malicious yield vault owners can manipulate the interaction between the vault and yield vault
Lines of code Vulnerability details Impact Malicious yield vault owners can steal depositor's assets. Proof of Concept yieldVault is the Address of the ERC4626 vault in which assets are deposited to generate yield. After tokens are deposited into the vault, the deposit function of yieldVault is...
the mint function in erc4626 will mint incorrect amount
Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...
wxETH.sol Inflation Attack
Lines of code Vulnerability details Impact The first staker may suffer an Inflation Attack and lose the funds Proof of Concept Currently wxETH still has the common ERC4626 'Inflation Attack' malicious users can front-run the first staker, raise exchange rates through donations, then achieve...
Inflation attack by drip
Lines of code Vulnerability details Impact The drip might inflate the exchange rate on an initial stake such that that subsequent stakers get minted zero wxETH. Their stake can then be unstaked by the first staker, together with their own first stake and inflation investment. Effectively, the fir...
VToken mint -- Inflation attack
Lines of code Vulnerability details Impact The token could be impacted by an inflation attack. Proof of Concept At present, vToken is still susceptible to the well-known ERC4626 'Inflation Attack'. This vulnerability allows the total asset count to be inflated by making donations. This means that...
high risk issue
Lines of code Vulnerability details Submitting a high risk issue! Assessed type ERC4626 --- The text was updated successfully, but these errors were encountered: All reactions...