Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

contract has the tendency to mint more tokens than it actually has

Lines of code Vulnerability details Impact If the contract does not have enough esLBR tokens to mint and transfer as rewards, users will not be able to claim their rewards even if they have earned them. Proof of Concept There is no check to ensure that the contract's balance of esLBR tokens is...

buy() method of Tray.sol may exceed Block Limit

Lines of code Vulnerability details Impact DOS in buy method. Proof of Concept File: Tray.sol function buyuint256 amount external uint256 startingTrayId = nextTokenId; if prelaunchMinted == typeuint256.max // Still in prelaunch phase if msg.sender != owner revert OnlyOwnerCanMintPreLaunch; if...

Upgraded Q -> 2 from #293 [1676241639792]

Judge has assessed an item in Issue 293 as 2 risk. The relevant finding follows: 01 USER CAN POSSIBLY TRANSFER NO token0 OR token1 TO TimeswapV2Option CONTRACT IF CORRESPONDING token0 OR token1 IS A REBASING TOKEN When calling the following TimeswapV2Option.mint function, msg.sender uses the...

Upgraded Q -> 3 from #648 [1675725284542]

Judge has assessed an item in Issue 648 as 3 risk. The relevant finding follows: 1. Incorrect Minter Address Validation in Mint Function Link : Summary: The mint function in the RabbitHoleReceipt contract does not correctly check the msg.sender address for minter permissions. The onlyMinter...

Griefing risk in mint

Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...

ONLYMINTER MODIFIER WILL NOT REVERT WHEN MSG.SENDER IS NOT MINTERADDRESS

Lines of code Vulnerability details Impact onlyMinter in RabbitHoleReceipt.sol and RabbitHoleTickets.sol is noted to be housing only msg.sender == minterAddress in its code logic. RabbitHoleReceipt.solL58-L61 RabbitHoleTickets.solL47-L50 modifier onlyMinter msg.sender == minterAddress; ; It will...

RuniverseLand mint function does not work

Lines of code Vulnerability details Impact The function mint of RuniverseLand will not work and seemingly unnecessary Proof of Concept RuniverseLand.sol has a public function mint that can be used to mint a new plot. Note that this function uses numMinted as a new token ID while numMinted denotes...

[NAZ-H1] Reentrancy From Use of _safeMint()

Lines of code Vulnerability details Impact The mint function is used to mint a new position NFT and is only callable by minter. This function uses safeMint to mint these position NFTs which has been known in the past to have Reentrancy issues. Proof of Concept The dangers of surprising code by...

Mint might result in too few tokens minted

Lines of code Vulnerability details mint of PrePOMarket.sol allows the team to mint new short and long tokens in exchange for collateral tokens. Long and short tokens are default ERC20 tokens with 18 decimals, while the collateral ERC20 token uses the decimals of the underlying base token. Howeve...

Loss of user funds by balance manipulation

Lines of code Vulnerability details Impact Breaking of the accounting logic, loss of user funds Proof of Concept The project uses LBPair's mint function to mint LBTokens to the user with additional safety checks when the user provides liquidity to the pair...

admin still can mint token even if limit is reached

Lines of code Vulnerability details Impact In VariableSupplyERC20Token.sol theres a mint function that can be operate only by admin. The function should operate in 2 ways. IF maxSupplywas declared inconstructor, the admincan only mint as long as the token less thanmaxSupply/mintableSupply. OR IF...

VariableSupplyERC20Token cannot be deployed due to wrong access control

Lines of code Vulnerability details Impact VariableSupplyERC20Token contract cannot be deployed resulting in not functioning contract. Proof of Concept mint function is called in the constructor of VariableSupplyERC20Token contract. constructorstring memory name, string memory symbol, uint256...

Previously nominated delegate can reset the delegation

Lines of code Vulnerability details burn allows for previously recorded delegate to set himself to be contributor's delegate even if another one was already chosen. This can be quite material as owner choice for the whole voting power is being reset this way to favor the old delegate. Proof of...

Mint function on the simplefeidaiPSM() might DOS

Lines of code Vulnerability details Impact While a user call mint function it imediately mint fei token by supplying DAI and when a user redeem a token the fei will be transfered to this contract without burning the fei token, this could lead DOS if the total supply of the fei token reach the...

The mint function is missing the minAmountOut control, this will cause the user to lose their funds.

Lines of code Vulnerability details Impact The mint function of the SimpleFeiDaiPSM contract receives DAI from the user, mints the FEI and sends it to the user. amountIn argument ; the amount of DAI received from the user, minAmountOut argument ; requests output for the amount of FEI given to the...

FEI Minter can drain SimpleFeiDaiPSM contract DAI balance

Lines of code Vulnerability details Impact The FEI token contract contain a mint function which allow the MINTER to mint a given amount of FEI tokens to any account including his own address. So the Minter can mint to his own account an amount of FEI tokens equivalent to the SimpleFeiDaiPSM...

Buyout Module: redeeming before the update of totalSupply will make buyout's current state success

Lines of code Vulnerability details Impact MED - a hypothetical attack path with stated assumptions, but external requirements. Attacker can create a vault with successful buyout status and non zero supply. The attacker can sell the fractions and then simply withdraw the assets. Proof of Concept...

function mint() in FERC1155 don't follow check-effect-interact pattern, it's possible to call protocol contracts after tokens minted and before totalSupply updated

Lines of code Vulnerability details Impact Function mint mints new fractions for an ID and is only callable by VaultRegistry. code mints tokens then updates totalSupply value. when minting contract may make external call to target address, in that external call contract state is wrong, tokens are...

Yieldy._totalSupply has different upper bounds.

Lines of code Vulnerability details Impact Yieldy.totalSupply has different upper bounds. Yieldy.mint will revert when totalSupply is exactly same as MAXSUPPLY. Proof of Concept From L91-L98, we can see totalSupply can be same as MAXSUPPLY and I think "totalSupply = MAXSUPPLY" is reasonable also...