NATIVE TOKENS COULD GET STUCK INSIDE THE LlamaCore CONTRACT SINCE THERE IS NO WITHDRAWAL MECHANISM

Lines of code Vulnerability details Impact The LlamaCore contract has a single payable function LlamaCore.executeAction. It is used to execute actions by calling the executor.execute function. But the native token recieved by this contract is passed on to the executor.execute function call. Only...

expirationPeriod in the strategy contracts is not checked when calling LlamaCore.execute

Lines of code Vulnerability details Impact If executionPeriod is set to an extremely short time or even 0, then all actions can never be executed. Proof of Concept There are 7 states in an Action flow: Active, Canceled, Failed, Approved, Queued, Expired, Executed. Generally, the sequence goes lik...

Clone LlamaCore and LlamaPolicy in LlamaFactory.sol may fail or DOS

Lines of code Vulnerability details Impact LlamaFactory uses Clones.cloneDeterministic to create new LlamaCore and LlamaPolicy contracts. The address of the new PrivatePool depends solely on the name parameter keccak256abi.encodePackedname provided by the administrator when calling the deploy...

Executing a script action with non-zero value results in frozen funds

Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...

Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().

Lines of code Vulnerability details Impact Delegatecall to targets which have storage access will read/write each other's storage variables. Although slot 0 is protected from modification by delegatecall, reading slot 0 is not protected. Modifying storage slot other than 0 is not protected. It's...

Llama Core and Policy implementation not only minimal proxy should not be allowed to be authorized as scripts

Lines of code Vulnerability details Impact authorizeScript function will be used to authorize any contract to be delegatecalled by executor's context. To be qualified as script, it should not access storage but immutable storage, because script's storage layout can be overlapped each other. I...