Stableswap - Deadline do not work

Lines of code Vulnerability details Impact The ensure modifier is commented, so deadlines will not work when passing orders, breaking this functionnality. --- The text was updated successfully, but these errors were encountered: All reactions...

Missing notBoughtOut modifier

Lines of code Vulnerability details Impact On the withdrawUnsettledBids function, unsettledBid can be withdraw when buyout is rejected. However, the contract is missing notBoughtOut modifier in the function. From that reason, during buyout period the function can be called. On the redeem function...

Lack of lock modifier on sell() can lead to reentrancy

Lines of code Vulnerability details Impact NibblVault.sell does not possess the lock modifier that protects against reentrancy. The only attack vector due to reentrancy in this function was found to be executable by the factory that receives the admin fees which is not plausible due to the curren...

BaseRate can be update by anyone

Lines of code Vulnerability details Impact There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value function updateBaseRateuint newBaseRatePerYear public Proof of Concept Tools Used manual review Recommended Mitigation...

Missing whenNotPaused modifier

Lines of code Vulnerability details Impact In StableSwapFacet.sol, two swapping functions contain the whenNotPaused modifier while swapExactOut and addSwapLiquidity do not. All functions to swap and add liquidity should contain the same modifiers to stop transactions while paused. Proof of Concep...

Centralization Risk with onlyOwner modifier

Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details Impact The solution uses: "OpenZeppelin/[email protected]". This dependency has a known high severity vulnerability: Which makes MyStrategy contract vulnerable contract MyStrategy is BaseStrategy, ReentrancyGuardUpgradeable ... function...

Posible UUPSUpgradeable attack

Lines of code Vulnerability details Impact Missing implementation of the modifier Summary: initializer modifier is found in wfCashBase.sol but none of the OZ Initializable or AAVETokenV2Mintable.sol are included in wfCashBase or any of its related files. Details: I couldn’t find the modifier to b...

Re-entry in BaseRewardPool.sol

Lines of code Vulnerability details Impact An actor who calls withdraw function for an arbitrary amount in his balance, can re-enter this flow again. As a result, he would get at least double rewards than the designed one. Proof of Concept Say an actor has his contract and has staked funds throug...

Unable to updateReward if there are too many rewardTokens

Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...

Duplicate asset can be added

Lines of code Vulnerability details Impact Initialize function can be called multiple times with same asset. Calling with same asset will make duplicate entries in assets list. Any function reading assets will get impacted and would retrieve duplicate asset Proof of Concept 1. Observe that...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details Impact The solution uses: "@openzeppelin/contracts": "^4.0.0", "@openzeppelin/contracts-upgradeable": "^4.3.2", These dependencies have a known high severity vulnerability: Which makes these contracts vulnerable: contracts/helpers/CryptoPunksHelper.sol: 19:...

For any (sufficiently regular) smart contract, there exists a smart contract that bypasses noContract modifier and still has the same functionality

Lines of code Vulnerability details Impact modifier noContractaddress account is supposed to fill the following role according to the docstring: "Modifier that ensures that non-whitelisted contracts can't interact with the farm. Prevents non-whitelisted 3rd party contracts e.g. autocompounders fr...

onlyBurner modifier missing

Lines of code Vulnerability details Impact onlyBurner modifier is missing in burn function. Since it is a public function anyone can burn FEI tokens. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Add onlyBurner modifier to the burn function. --- The text was updated...

Re-entrace danger in PCVDeposit

Lines of code Vulnerability details Impact A malicious contract can empty all the system if he get ETH with the function withdrawETH. The onlyPCVController call this function and send ETH to the malicious contract, and then the malicious can use delegatecall and pretend to be onlyPCVController, a...

Involve governer to run this function

Lines of code Vulnerability details Impact Governer is an important role in revoking role decision, so it is recommended to involve it by using "onlyGoverner" modifier or using "onlyGovernerOrGaurdian" modifier in calling this function. Proof of Concept Tools Used : Manual analysis Recommended...

Wrong modfier

Lines of code Vulnerability details Impact According to the comment at line 49 and the business logic of this smart contract, it is better to use "ISgoverner " or "onlyGoverner" modifier instead of "onlyOwner". Proof of Concept Tools Used : manual analysis Recommended Mitigation Steps changing...

Missing onlyUnInitialized modifier on initialize() function

Missing onlyUnInitialized modifier on initialize function Guess that onlyUnInitialized modifier were created for initialized function, but it wasn't called on the function. As the name, initialize should be called once early when the contract is deployed. But in the current implementation the...

onlyOwner modifier missing

Lines of code Vulnerability details Impact Function is missing onlyOwner modifier meaning any user could register without need to be an owner Proof of Concept registerSelf function is missing the onlyOwner modifier. Recommended Mitigation Steps Change definition to function registerSelf...

Add a timelock to setDefaultFeePercentage(),setCustomFeePercentageForCollateral(), setCustomFeePercentageForSafe() and setMinDebtPercentageForSaving()

Lines of code Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate. Here, no...