Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Users can unwrap assets in batches and avoid paying fees to protocol

Lines of code Vulnerability details Impact Users can unwrap their assets from The Ocean and evade paying fees to the protocol when the requested amount is smaller than the fee divisor. This happens due to a truncation of the result in the fee calculation. Proof of Concept This affects the...

Issue with Decimal Conversion in Shell Protocol

Lines of code Vulnerability details Impact The identified issue within the convertDecimals function in the Shell Protocol could lead to a loss of value due to decimal truncation during token conversions. This situation is particularly critical in the context of Shell Protocol's operations, which...

[H-01] Ocean contract and onERC1155Received function is vulnerable to read only reentrancy

Lines of code Vulnerability details Impact The Ocean contract and onERC1155Received function is vulnerable to read only reentrancy when read from another contract. The order of function execution when called externally from the onERC1155Received function in the Ocean contract is as follows. The...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

The initial deposit of an asset will always fail due to the fact that getTotalAssetDeposits() returns 0.

Lines of code Vulnerability details Impact The LRTDepositPooldepositAsset function is employed for users to deposit supported assets. This function relies on LRTDepositPoolgetTotalAssetDeposits to determine the amount of rsETH to be minted. However, the absence of initial deposits in the...

User loss his delegated voting power after delegation to another user.

Lines of code Vulnerability details Vulnerability Details When a user delegate voting power to another user, his previous voting power from delegation has been ignored at getVotingPowerAt since in case isDelegated is true getVotingPowerAt returns 0. Impact Delegated voting power cannot be utilize...

Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer

Lines of code Vulnerability details Impact Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer and the deposit asset can be wrongly valued, leads to overborrowing Proof of Concept Chainlink aggregators have a built in circuit breaker if the...

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

Incompatibility with Rebase tokens

Lines of code Vulnerability details Impact Borrowers can choose whatever token they want to be the underlying token for a market. The problem comes when those tokens are Rebasing tokens such as Ampleforth. The balances of those tokens are changed rebased by a certain algorithm depending on the...

Compiler version used by Brahma contracts may introduce permanent bugs in the future

Lines of code Vulnerability details Impact Lack of upgradeability of protocol to adapt with new pragma version may introduce a risk of being targeted by malicious actors if the pragma version 0.8.19 introduce bugs in the future. Here's the list of previous solidity compiler bugs for your referenc...

Assembly proxy creation lacks bytecode validation, enabling arbitrary contract deployment.

Lines of code Vulnerability details Impact The proxy contract creation uses assembly to compute the create2 address. But it does not verify the deployed bytecode matches expectations. The use of assemble for proxy contract creation has potential risks if the bytecode is not validated. This could...

accrueTokens will revert if any rebase tokens are used

Lines of code Vulnerability details Impact In PrimeLiquidityProvider.sol:accrueTokens we get the current balance of the passed token. If the token is any rebase token AMPL, stETH, RMPL and the current balance has become lower than tokenAmountAccruedtoken, the function will revert. This will lead ...

Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

"rights" stored in memory is overwriting the memory block storing "from" and 32 bytes memory is given to store 20 byes long "contract_"

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Expected code should keccak over packed encoding of rights, from, to, contract, tokenId but as 'rights' values are overwriting 'from' values and 32 bytes memory block has been allocated to 'contract'...

No way to revoke Approval in DelegateToken.approve leads to un authorized calling of DelegateToken.transferFrom

Lines of code Vulnerability details Impact There is no way to revoke the approval which given via DelegateToken.approveaddress,delegateTokenId. They can able call the DelegateToken.transferFrom even the tokenHolder revoke the permission using the DelegateToken.setApprovalForAll if the spender...

Wrong tick selected by GeVault.getActiveTickIndex()

Lines of code Vulnerability details During mitigation of M-03, the function getActiveTickIndex has been completely rewritten. The new logic uses the following statement to identify the active ticker that represents the Uniswap V3 liquidity pool actively traded: if baseTokenIsToken0 && amt0 == 0 |...

Calling withdraw on a delegated amount of WETH doesn't subtract from totalWethDelegated

Lines of code Vulnerability details Impact The contract's WETH amount gets permanently bricked. Proof of Concept A user can call addToDelegate and give WETH, that other people can use for bonding with their rDPX in exchange for a certain percentage appointed by the delegatee. Delegate memory...

Flashloan/Sandwich Attacks on UpdateFunding()

Lines of code Vulnerability details Impact The attacker can launch a sandwich/flashloan attack on the updateFunding function to gain most of the reward. Proof of Concept 1. The attacker observed that some reward is going to be distributed via updateFunding function. 2. The attacker borrowed...

Regular bonding incorrectly purchases a reduced amount of Put options due to discount

Lines of code Vulnerability details During rDPX bonding, rdpxV2Core will purchase put options for the rDPX that are used for minting DPXETH. This is for hedging against rDPX price drop to protect the DPXETH peg. The amount of put options to purchase is equivalent to the amount of rDPX that are us...

Bonding WETH discounts can drain WETH reserves of RdpxV2Core contract to zero

Lines of code Vulnerability details Impact Depending on the reserves of rDPX, bonding discounts are given both on the rDPX and WETH collateral requirements for minting dpxETH. The bonding discounts for both rDPX and WETH portions are provided as rDPX which is taken from the treasury. The issue wi...

_reserveTokenSpecified does not check if price is in allowed range

Lines of code Vulnerability details Impact Price could go out of range Proof of Concept EvolvingProteus defines a price range using 2 constants, MAXM and MINM: int128 constant MAXM = 0x5f5e1000000000000000000; int128 constant MINM = 0x00000000000002af31dc461; These constants are used in...

Lack of events in EvolvingProteus contract

Lines of code Vulnerability details Impact There is no event emitted in the whole contract, even after executing sensitive actions like swaps between assets or at the constructor. That is bad because many automatic tools that monitors the contracts deployed rely on them. For example, see the swap...

Missing balance checks in _reserveTokenSpecified()

Lines of code Vulnerability details Impact By calling depositGivenInputAmount and withdrawGivenOutputAmount which both call 'reserveTokenSpecified', users may potentially create scenarios where the balance ratio allowed for the EvolvedProtocol.sol deployment is violated. POC depositGivenInputAmou...

Signatures can be replayed in castVoteWithReasonAndParamsBySig() to use up more votes than a user intended

Lines of code Vulnerability details Bug Description In the SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts, users can provide a signature to allow someone else to vote on their behalf using the castVoteWithReasonAndParamsBySig function, which is in...

Wrong Accruing executed in VaultBooster.sol

Lines of code Vulnerability details Impact Accounting error in accruing at VaultBooster.sol will cause unexpected problems in VaultBooster.sol contract. Proof of Concept The accrue function of VaultBooster.sol at : does not check whether the return variable of computeAvailabletokenOut i.e.,...

Incorrect Import Path Directories

Lines of code Vulnerability details Impact Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports Proof of Concept 4. import ILiquidationSource from...

Integer underflow/overflow is possible in some of the timestamp calculations if sequenceOffset or auctionDuration are set maliciously

Lines of code Vulnerability details Impact An attacker could exploit this to make auctionElapsedTime return a low value when it should be high, thereby manipulating the reward calculation. Proof of Concept The vulnerability comes from the subtraction currentTime - sequenceOffset which could...

Potential Reversion in Transfer due to LSP1 Interface Support Check

Lines of code Vulnerability details SORRY I HAVFE PREVIOUSLY SUBMITTED THIS ISSUE WITHOUT THE FIX... FIRST TIME WARDEN FORGIVE ME Impact The transfer function in LSP7DigitalAssetCore & LSP8DigitalAssetCore includes a mandatory hook, notifyTokenSender, which verifies if the sender supports...

Malicious user can steal other user's deposits from Vault.sol

Lines of code Vulnerability details Impact When the Vault.withdraw function is called, a maximum of typeuint96.max shares are being burnt subsequently: Vault.withdraw- Vault.withdraw- Vault.burn burns uint96shares, see Vault.sol line 1139. A malicious user can exploit this in the following way: 1...

Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.

Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...

Anyone can call Well.sol skim method and transfer excessive tokens to its address.

Lines of code Vulnerability details Impact Excessive tokens balance of Well.sol more than returned from getReserves can be transferred by anyone to his account. Proof of Concept After getting hold token's instances from Well.sol contract tokens we can check the balances of Contract of Each token...

the swapFrom() function allows the Fee On Transfer tokens and _setReserves doesn't revert

Lines of code Vulnerability details Impact the protocol supports the fee on transfer tokens and has implemented a special capable function for it and wants to not allow and revert the fee on transfer tokens in normal SwapFrom function as it says in comments of swapfrom function @dev MUST revert i...

The merkle tree might be revoked again after being used to claim rewards.

Lines of code Vulnerability details Impact The merkle tree might be revoked again after being used to claim rewards. Proof of Concept The governor can revoke the merkle tree using revokeTree. function revokeTree external onlyGovernorOrGuardian if disputer != address0 revert UnresolvedDispute;...

Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

Reentry restrictions are not properly released

Lines of code Vulnerability details Impact After LSP6KeyManagerCore.execute or LSP6KeyManagerCore.executeRelayCall is executed, non-isSetData methods that call these two methods without re-entry permission cannot be called normally Proof of Concept Tools Used manual review Recommended Mitigation...

stETHs rebase profit stealing

Lines of code Vulnerability details Description It's possible with flashloan from AAVE to capture a big shares amount of eUSD, after each stETH rebase exploiter will buy excessive income, which leads to eUSD rebase due to shares burning, so the exploiter will have most of burned eUSD because they...

The broker should not be fully disabled by GnosisTrade.reportViolation

Lines of code Vulnerability details Impact GnosisTrade and DutchTrade are two separate auction systems where the failing of either system should not affect the other one. The current design will have Broker.sol disabled when reportViolation is invoked by GnosisTrade.settle if the auction's cleari...

Pre-defined limit is different from the spec.

Lines of code Vulnerability details Impact In the spec, the pre-defined limit of ETH is 0.01 ETHs. But the actual limit in the code is not 0.01 ETH which could result in misleading. Proof of Concept In the spec, it said that the pre-defined limit of ETH is 0.01 ETHs For risk management purposes, ...

VaultProxy can be selfdestructed using delegatecall

Lines of code Vulnerability details Impact Attacker can selfdestruct VaultProxy deployment. constructor //initialise the vault proxy with data function initialise bool isValidatorWithdrawalVault, uint8 poolId, uint256 id, address staderConfig external if isInitialized revert AlreadyInitialized;...

stake before unfreeze can take away most of rsr rewards in the freeze period

Lines of code Vulnerability details If the system is frozen, the only allowed operation is stRST.stake. And the payoutRewards is not called during freeze period: if !main.frozen payoutRewards; function payoutRewards external requireNotFrozen; payoutRewards; So the payoutLastPaid stays before the...

PoolSelector.computePoolAllocationForDeposit could return an unfair value.

Lines of code Vulnerability details Impact When calling StaderStakePoolsManager.validatorBatchDeposit, it calls PoolSelector.computePoolAllocationForDeposit to get the validator count to deposit for the pool. It calculates the count based on the capacity and the weight of the pool. However,...

NodeOperator will steal other NodeOperators' validators through frontrunning

Lines of code Vulnerability details Impact People that want to earn staking rewards, but do not have the resources to run validators, will see Stader as an avenue where they can easily steal and use others validators and they will actually earn Operator rewards from Stader. This could lead to two...

Governance NFT can be burned to DoS accept()

Lines of code Vulnerability details Impact accept can be DoS'd by burning governance NFTs. Authorities can effectively veto proposals. Proof of Concept The new lastBurnTimestamp reverts PartyGovernance.accept if lastBurnTimestamp == block.timestamp. lastBurnTimestamp is set in...

Rage quitter loses his claimable share of distributed tokens

Lines of code Vulnerability details Impact Rage quitter loses his claimable share of distributed tokens. Proof of Concept PartyGovernanceNFT.rageQuit burns a governance NFT and transfers its share of the balance of ETH and tokens: // Burn caller's party card. This will revert if caller is not the...

AmbireAccount.isValidSignature() does not cover recovery signatures

Lines of code Vulnerability details Impact A recovery key can sign for a recovery but cannot get isValidSignature to return that it is valid. Proof of Concept AmbireAccount.isValidSignature is implemented as follows function isValidSignaturebytes32 hash, bytes calldata signature external view...

Contracts are vulnerable to fee-on-transfer-token-related accounting issues

Lines of code Vulnerability details Vulnerability details Impact Without measuring the balance before and after the transfer, there's no way to ensure that enough tokens were transferred, in the cases where the token has a fee-on-transfer mechanic. If there are latent funds in the contract,...

mint() function: an attacker can mint multiple position NFTs for one or more legit Ajna users who have LP in Ajna pools. This should not be possible.

Lines of code Vulnerability details Impact The current implementation of the mint function does not ensure that only the owner of a liquidity pool LP deposit can mint position NFTs. As a result, an attacker can mint multiple position NFTs on behalf of legitimate Ajna users who have LP in Ajna...