14 matches found
M-02 - Malicious users can set their hooks to contracts that will always revert, causing Claimers to get their tx to claim the user's prizes to be reverted
Lines of code Vulnerability details Title M-02 - Malicious users can set their hooks to contracts that will always revert, causing Claimers to get their tx to claim the user's prizes to be reverted Original Issue M-02 - Unintended or Malicious Use of Prize Winners' Hooks Details The previous...
The _currentExchangeRate of the Vault contract can't increase, and always be lower than or equal to _assetUnit
Lines of code Vulnerability details Impact The currentExchangeRate of the Vault contract can not increase, and always be lower than or equal to assetUnit. Therefore, when the vault is undercollateralized currentExchangeRate assetUnit, it can't be further collateralized. Proof of concept function...
IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT
Lines of code Vulnerability details Impact The Vault.deposit function is used by the users to deposit assets to the vault and mint vault shares to the recipient address. The amount of assets are transferred to the Vault as follows: SafeERC20.safeTransferFrom asset, caller, addressthis,...
Upgraded Q -> 2 from #633 [1677880427560]
Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...
Upgraded Q -> 2 from #795 [1677634051278]
Judge has assessed an item in Issue 795 as 2 risk. The relevant finding follows: 01 FEE-ON-TRANSFER TOKENS ARE NOT SUPPORTED This protocol currently does not support fee-on-transfer tokens. For example, for a fee-on-transfer token, calling the following Vault.deposit function with the assets inpu...
Upgraded Q -> 2 from #664 [1677633674294]
Judge has assessed an item in Issue 664 as 2 risk. The relevant finding follows: 2- Vault fees can be set greater than 1e18 in the initialize function : The Vaut contract implements 4 types of fees deposit, withdrawal, management, performance collected when the user deposits or withdraw tokens,...
Some of user funds stuck in contract because of division rounding error in beforeWithdraw()
Lines of code Vulnerability details Impact Function beforeWithdraw has been used in withdraw of Vault contract to calculates withdraw amount of users but because of division rounding error in this funds some user's funds would stuck in contract. Proof of Concept This is beforeWithdraw code:...
[WP-H30] A malicious/compromised Registry or Factory admin can drain all the funds from the Vault contracts
Handle WatchPug Vulnerability details modifier onlyMarket require IRegistryregistry.isListedmsg.sender, "ERRORONLYMARKET" ; ; function borrowValueuint256 amount, address to external onlyMarket override debtsmsg.sender += amount; totalDebt += amount; IERC20token.safeTransferto, amount; The current...
[WP-H29] Vault#setController() owner of the Vault contracts can drain funds from the Vault
Handle WatchPug Vulnerability details function setControlleraddress controller public override onlyOwner requirecontroller != address0, "ERRORZEROADDRESS"; if addresscontroller != address0 controller.migrateaddresscontroller; controller = IControllercontroller; else controller =...
Vault: onDepositBurn() causes users to unfairly have their deposits allocated as yield
Handle hickuphh3 Vulnerability details Impact The withdraw and forceWithdraw functions do not have reentrancy protection. This allows reentrancy to occur through the implementation of a malicious claim’s beneficiary onDepositBurn function that will cause the incorrect amount of shares to be minte...
Possibility of insufficient funds in Vault
Handle palina Vulnerability details Impact In Vault.sol, totalUnderlying and, therefore, totalUnderlyingMinusSponsored include both funds available in the Vault as well as those invested in the Strategy. The calculation of amounts returned to depositors and sponsors in withdraw and unsponsor also...
When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.
Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...
Grim Finance hacked – $30 million worth of tokens stolen
By Waqas According to Grim Finance, it was an "advanced attack" in which hackers exploited a flaw in the vault contract. This is a post from HackRead.com Read the original post: Grim Finance hacked - $30 million worth of tokens stolen...
Undesired tokens can be called
Handle 0x1f8b Vulnerability details Impact Possible call to unwanted tokens. Proof of Concept In the method reclaimTokens of Vault contract it was called tranfer to tokens provided by the caller, but maybe these tokens are not allowed by the governance, it must be checked that isAllowedTokenaddre...