34 matches found
H-01 Unmitigated
Lines of code Vulnerability details Mitigation of H-01: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings62 Comments The sponsor has provided a detailed response in the following comment: code-423n4/2023-09-asymmetry-findings62 comment In summary their analysis i...
[H-02] Mitigation error: Null Votium withdrawal requests are queued last
Lines of code Vulnerability details Description When a request to withdraw is placed such that VotiumStrategy.requestWithdraw0 is called, this queues it to the end of all previous withdrawal requests as if an infinitesimal amount is to be withdrawn, incurring an artificially prolonged withdrawal...
[ADRIRO-NEW-H-03] Invalid operation in withdrawStuckTokens() will break CVX balance tracking in VotiumStrategy
Lines of code Vulnerability details Summary The updated code for withdrawStuckTokens contains an update to the trackedCvxBalance variable that will break CVX accounting in the VotiumStrategy contract, leading to multiple severe consequences. Impact To mitigate a potential withdrawal of CVX tokens...
M-07 Unmitigated
Lines of code Vulnerability details Mitigation of M-07: Issue NOT fully mitigated with ERROR Mitigated issue M-07: Lack of access control and value validation in the reward flow exposes functions to public access The issue was that anyone can deposit rewards to AfEth, and that if AfEth or...
M-07 Unmitigated
Lines of code Vulnerability details Mitigation of M-07: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings38 Comments The changes related to this issue are: Access control has been added to AfEth::depositRewards using the onlyVotiumOrRewarder modifier. This functi...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Reward sandwiching in VotiumStrategy The issue was that exposure to the benefits of the VotiumStrategy might be unfairly time-weighted. There were two aspects mentioned: voting power and rewards. I d...
M-08 Unmitigated
Lines of code Vulnerability details Lines of code Vulnerability details Mitigation of M-08: Issue mitigated with ERROR Mitigated issue M-08: Inflation attack in VotiumStrategy The issue was that the price of afEth and of vAfEth could be inflated by donating underlying assets. Mitigation review Al...
Price inflation by locking CVX on behalf of VotiumStrategy
Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...
Null VotiumStrategy deposits revert
Lines of code Vulnerability details Impact Deposits which attempt to deposit 0 in VotiumStrategy revert. Proof of concept The issue is similar to H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process. Depositing in AfEth might call VotiumStrategy.deposit1 if the ratio ...
Introduce minEpoch to prevent withdrawal requests being front-runned
Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...
[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens
Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...
[ADRIRO-NEW-M-02] AfEth withdrawals are delayed even if the vAfEth withdrawal amount is zero
Lines of code Vulnerability details Summary While zero amount withdrawals of SafEth have been prevented, the updated codebase still executes the withdrawal process for zero amount withdrawals of vAfEth, creating an unnecessary delay in AfEth withdrawals. Impact In AfEth, the withdrawal process is...
[ADRIRO-NEW-M-01] Manager authorization in VotiumStrategy still leaves room for unprotected access
Lines of code Vulnerability details Summary Access control has been added to the VotiumStrategy contract with the intention of restricting functionality only to AfEth. However, an error in the implementation still leaves the contract publicly accessible. Impact In the updated codebase, the sponso...
M-06 Unmitigated
Lines of code Vulnerability details Mitigation of M-06: Issue NOT mitigated Mitigated issue M-06: Missing deadline check for AfEth actions The issue was missing deadline checks for deposits and withdrawals. Mitigation review - missing deadline for rewards Deadline parameters have been added to...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings45 Comments To mitigate M-05, the sponsor has added a delay of one epoch when the available CVX balance is enough to cover the withdrawal: 81: uint256...
Withdrawals will be permanently DOSed if VLCVX's owner decides to shutdown the contract
Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the relock function is used to withdraw all unlockable CVX and then lock an appropriate amount of CVX again. It does so by calling lock of the VLCVX contract: VotiumStrategy.solL145-L148 if cvxAmountToRelock 0...
Reward sandwiching in VotiumStrategy
Lines of code Vulnerability details Summary The reward system in VotiumStrategy can be potentially gamed by users to enter just before rewards are deposited and request an exit after that. Depending on the withdrawal queue, users may exit as early as the next epoch and avoid waiting the normal 16...
VotiumStrategy.price() does not validate Chainlink response
Lines of code Vulnerability details Impact AfEth.deposit may mint an incorrect amount of afEth. VotiumStrategy.price may return an incorrect price of vAfEth. AfEth.price may return an incorrect price of afEth. Proof of Concept VotiumStrategy.price function price external view override returns...
VotiumStrategy.requestWithdraw() does not account for immediately possible withdrawals
Lines of code Vulnerability details Impact A user might be given an unnecessarily late withdrawal epoch. VotiumStrategy.requestWithdraw might revert altogether. Proof of Concept VotiumStrategy.requestWithdraw finds the epoch at which withdrawal is possible by the following logic: , uint256...
Incorrect AfEth.price() calculation
Lines of code Vulnerability details Impact AfEth.price may be calculated as too low. Proof of Concept AfEth.requestWithdraw does not burn the afEth but only transfers it to itself. Hence the withdrawRatio is calculated using only the free supply of afEth: AfEth.solL180-L185 // ratio of afEth bein...