Real Furnace and StRSR addresses can be added to the Distributor

Lines of code Vulnerability details Impact RToken may be distributed to StRSR and frozen. RSR may be distributed to Furnace and frozen. Proof of Concept Both Furnace and StRSR are added to the destinations of Distributor in DistributorP1init: function initIMain main, RevenueShare calldata dist...

[High - 1] StaticATokenLM depositors are loosing tokens by depositing AToken directly

Lines of code Vulnerability details Impact In the StaticATokenLM contract, users are allowed to deposit either AToken yield bearing tokens from AAVE, or their underlying tokens. The amount is converted to shares systematically, even if the depositor deposits shares. As shares are usually worth mo...

OracleLib: Price can be negative

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

[NAZ-M4] Missing isRegistered Check in sweepRewards()

Lines of code Vulnerability details Impact In the sweepRewardsSingle function there is a check to see if the ERC20 token to be swept is registered or not. While in the sweepRewards function that sweeps multiple ERC20 tokens instead of just one, this check is missing. With that in mind, sweepRewar...

Missing require statement for sellAmount in init() function leading to potential loss of funds.

Lines of code Vulnerability details Impact init function is missing a require statement to check if the input variable sellAmount is less than or equal to the contract's balance of sell tokens. This means that the contract is allowing the user to initiate an auction with a sell amount greater tha...

RToken issuers are not protected from slippage

Lines of code Vulnerability details Impact Users can get loss from the slippage due to various potential reasons. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals using the function issue. The function issue has two parameters specifying the recipient and...

Lack of proper input validation in fulfillOrder function

Lines of code Vulnerability details Impact function fulfillOrder Order calldata order, bytes32 fulfillerConduitKey external payable returns bool fulfilled; fulfillOrder function is designed to fulfill orders on the marketplace, however, the code provided does not clearly define what fields the...

User funds can be locked in RToken contract for a long time

Lines of code Vulnerability details Impact Unnecessary delay on the first issuance will lock the first issuer's deposit and other following deposits. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals. The protocol is designed to limit issuance by some rate and t...

function withdraw() in StRSR won't update contract state (totalDrafts) in all cases which can cause wrong fund distribution and fund stucking in the contract

Lines of code Vulnerability details Impact Function withdraw complete an account's unstaking. it transfers user draft withdrawals and updates totalDrafts. but when calculated rsrAmount is 0 code returns and won't updates totalDrafts which can cause wrong calculations as those draft items removed...

Basket range formula is inefficient, leading the protocol to unnecessary haircut

Lines of code Vulnerability details Impact The BackingManager.manageTokens function checks if there's any deficit in collateral, in case there is, if there's a surplus from another collateral token it trades it to cover the deficit, otherwise it goes for a 'haircut' and cuts the amount of basket...

Reentrancy Vulnerability in stake() and unstake() functions.

Lines of code Vulnerability details Impact An attacker can repeatedly call these functions and manipulate the state of the contract, potentially leading to a loss of funds for the users of the contract. For example, an attacker could repeatedly call the stake function, causing the attacker to...

MANAGER_ADMIN has the right to give or take any amount of user's tokens using setPendingMintBalance.

Lines of code Vulnerability details Impact Not sure what the use case of setPendingMintBalance should be, but it can cause admins to drain the whole balance, nullify the user's funds or break the protocol. This can be caused on purpose, accidentally or through an attacker stealing MANAGERADMIN's...

Wrong logic totalBurned is not updated after _processRefund() results in loss of funds for redeemers

Lines of code Vulnerability details Impact Function completeRedemptions is used by admin account to distribute collateral to users and also to refund redemption requests if the redemption cannot be serviced. function completeRedemptions address calldata redeemers, address calldata refundees,...

Redeemers can reject receiving air-drop collateral token, make function completeRedemptions() failing and wasting gas of admin

Lines of code Vulnerability details Impact Function completeRedemptions is used by admin account to distribute collateral to users and also to refund redemption requests if the redemption cannot be serviced. Redeemers will received funds from assetSender in air-drop manner, if collateral token is...

Use reentrancyGuard for safeTransferFrom

Lines of code Vulnerability details Impact A reentrancy guard is a mechanism used to prevent reentrant calls in smart contracts, which can be a security vulnerability. Reentrancy can happen when a malicious contract calls the "safeTransferFrom" function and then calls it again before the first ca...

Failed transactions may lead to fund loss via replay attacks

Lines of code Vulnerability details Impact Failed transactions inside executeTransaction will revert and make the nonces remain intact. Thus a replay attack with signature arguments is possible. Proof of Concept One can make replay attacks with the reverted executeTransaction function and reprodu...

Relayers can steal extra fees from smart contract wallets on every transaction

Lines of code Vulnerability details Impact Relayers can take signed transactions and append zeroes to the signature parameter to artificially increase the gas cost and startGas estimation. This causes additional cost for the signer and increases the relayers reimbursement. The cost/reimbursement...

Front-running "deployCounterFactualWallet"

Lines of code Vulnerability details Description The deployCounterFactualWallet function deploys a smart wallet using the create2 function with a salt value that depends on the owner and index parameters. However, the address derivation for the deployed wallet does not depend on the entryPoint and...

SmartAccount authorization can be bypassed using a contract signature

Lines of code Vulnerability details SmartAccount authorization can be bypassed using a contract signature The SmartAccount wallet supports contract signatures defined by EIP1271, similar to how Gnosis Safe does. Transactions to the wallet can be authorized by a contract that implements the...

The owner's address is not declared as payable

Lines of code Vulnerability details Impact If someone sends ether to the contract, it would be highly possible that the ether could be locked forever or never withdrawn by its intended recipientOwner Proof of Concept Tools Used Manual Recommended Mitigation Steps Add "payable" keyword to the owne...

_validateSignature should not revert on invalid signature (EIP-4337)

Lines of code Vulnerability details Impact Results in unexpected behavior in the EntryPoint contract. Proof of Concept As said in the official specification of EIP-4337: "If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash,...

Upgraded Q -> M from #216 [1673172689834]

Judge has assessed an item in Issue 216 as M risk. The relevant finding follows: Last collateral check is not safe --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #22 [1673008163388]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: L-01 ERC721Vestable.setVestingStart should check newVestingStartvestingEnd. function setVestingStartuint256 newVestingStart internal virtual //@Audit requirevestingEnd newVestingStart, "End must be greater than start"...

SLASH LOGIC INAPPROPRIATELY IMPLEMENTED

Lines of code Vulnerability details Impact The slash logic in the protocol has overlooked the following two issues: slashminipoolIndex is only called when avaxTotalRewardAmt is equal to 0 which forgoes all other low performing instances even if the node operator has only brought in 1 wei of AVAX...

Increase in ERC4626 shares due to inflation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A bad actor can exploit the Vault by depositing a small amount of asset tokens 1 wei and receiving 1 wei of shares tokens. The attacker can then send a large amount of asset tokens 10000e18 - 1 to infla...

Funds of Node Operators can be nullified by any attacker

Lines of code Vulnerability details Impact The MinipoolManager.createMinipool function do not validate the caller's address due to which any address can invoke the createMinipool function with any nodeID existing or new as input. For any existing nodeID the function can be invoked as long as the...

First TokenggAVAX deposit exploit can break share calculation

Lines of code Vulnerability details convertToShares function follow the formula: return supply == 0 ? assets : assets.mulDivDownsupply, totalAssets; The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as more...

RuniverseLand.sol#mint() can be bricked

Lines of code Vulnerability details Impact RuniverseLand.solmint can be bricked. Proof of Concept The mint function uses numMinted to generate the tokenId: File: RuniverseLand.sol 72: function mintaddress recipient, PlotSize size 73: public 74: override 75: returns uint256 76: 77: uint256 tokenId...

secondaryMinter may break plotsAvailablePerSize

Lines of code Vulnerability details Impact RuniverseLand allows primaryMinter and secondaryMinter to mint NFT. function mintTokenId address recipient, uint256 tokenId, PlotSize size public override nonReentrant requirenumMinted MAXSUPPLY, "All land has been minted"; require msgSender ==...

code doesn't check that To address is not 0x0 in contract function, if user call contract's function with wrong value he would lose his funds

Lines of code Vulnerability details Impact There is no sanity checks when user wants to get loan or ... for a to address and if the value of to set as 0 user would lose those funds. Proof of Concept none of the functions increaseDebtAndSellmintTo, , increaseDebtmintTo, ,...

code doesn't check that the Uniswap pool is not exist and if attacker creates the uniswap pool before hand with calculatable papr address and underlying address and exact fee amount, then the deployment transaction would fail always

Lines of code Vulnerability details Impact attacker can perform DOS and prevent contract from getting deployed. the address of papr can be calculate by attacker before its deployment and the address of the underlyingUSDC and the fee is known, attacker can create uniswap pool before-hand and cause...

PUNK does not conform to ERC721 standard hence safeTransferFrom from solmate does not work

Lines of code Vulnerability details Impact Since protocol's intended NFT target is PUNK currently, the protocol will be hugely affected. Proof of Concept Attempts to transfer the NFT is done in 2 places. 1. removeCollateral 2. purchaseNFT Firstly, this means that once a collateral is added to the...

Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT

Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...

Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...

LP pricing formula is vulnerable to flash loan manipulation

Lines of code Vulnerability details Impact The LP pricing formula used in the buyQuote, sellQuote, addQuote, removeQuote functions of Pair.sol contract is vulnerable to flash loan manipulation. Proof of Concept The baseTokenReserves calculates the current balance of base token reserves. This...

MEV searchers can capture slippage tolerance on pool creation

Lines of code Vulnerability details Impact In the current Caviar protocol, anybody can supply initial liquidity to a newly created pool. An LP who intends to create a new pool and add liqiduity could execute the following transactions: 1. LP transaction 1: pair = Caviar.create 2. LP transaction 2...

User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount

Lines of code Vulnerability details Impact User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount. The user lost their asset since they didn't get any lpToken Proof of Concept Inside Pair.sol contract, the add function exist for adding liquidity to the pair...

LP's ERC20 tokens cannot be rescued when owner closes the pair

Lines of code Vulnerability details Impact LP cannot be rescued when owner closes the pair. Aside from the NFT which can be salvaged through Pair.withdraw, the ERC20 token amounts cannot be rescued, resulting in fund loss. Proof of Concept In case of any malicious attempt to grief the protocol, t...

Tokens are expected to have 18 decimals but not all have them

Lines of code Vulnerability details Tokens are expected to have 18 decimals but not all have them Summary Pairs doesn't consider tokens with less or more than 18 decimals Impact Tokens not compatible Proof of Concept Mitigation Don't use hardcoded 18 decimals --- The text was updated successfully...

Pair.sol has payable functions with no way of withdrawing that ether

Lines of code Vulnerability details Pair.sol has payable functions with no way of withdrawing that ether Summary Value is deposited on the contract using payable functions but later can't be taken out Impact Locked ether Proof of Concept Pair.adduint256,uint256,uint256 Pair.buyuint256,uint256...

buyQuote should be rounded up

Lines of code Vulnerability details Impact The buyQuote is not rounded up, which can cause a leak of value, due to the buyQuote being underestimated. Proof of Concept The function Pair.buyQuote does not round up, which can cause the issue described under Impact: function buyQuoteuint256...

Pair.sol:close() does not recover any of the base token / liquidity tokens before destroying it

Lines of code Vulnerability details Impact If pair hold any of the native or any other liquidity tokens, that never be recovered if the pair is destroyed. Proof of Concept owner has special rights to destroy the pair if it is compromised. But before destroy, it does not recover any of of the toke...

Price manipulation by sending Ether

Lines of code Vulnerability details Price manipulation by sending Ether not profitable although The function Pair.price uses Pair.baseTokenReserves uses addressthis.balance or ERC20baseToken.balanceOfaddressthis. In case addressthis.balance is used when address0 is passed, there can be price...

Merkle root of zero bypasses validation

Lines of code Vulnerability details Impact The merkle root validation happens with this require in validateTokenIds. If the merkle root is zero, this check is skipped. Proof of Concept This require validates that the merkle root is valid. This code is never reached if merkleRoot == bytes230 becau...

Loss of ETH for proposer when it is a contract that doesn't have fallback function.

Lines of code Vulnerability details Description sendEthOrWeth is used in several locations in OptimisticListingSeaport: 1. rejectProposal - sent to proposer 2. rejectActive - sent to proposer 3. cash - sent to msg.sender This is the implementation of sendEthOrWeth: function...

Bids are wrongly ordered when prices and quantities are equal.

Lines of code Vulnerability details Description In GroupBuy, when total amount of Raes is filled up with purchases, users start competing with higher price offers. Their bids are laid out in a min priority queue structure implemented in MinPriorityQueue.sol. The docs clearly state that when two...

there is no check for ensure closeTimestamp is not bigger than timestamp

Lines of code Vulnerability details Impact logic issue Proof of Concept if closeTimestamp be bigger than timestamp logic will break, there is no check Tools Used Recommended Mitigation Steps check that closeTimestamp is not bigger than timestamp --- The text was updated successfully, but these...

Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

Lines of code Vulnerability details Impact Price manipulation in following functions wherever the baseTokenReserves; is called. buyQuote, sellQuote, addQuote, removeQuote Proof of Concept function baseTokenReserves internal view returns uint256 return baseToken == address0 ? addressthis.balance -...

Attacker can DOS OptimisticListing with very low cost

Lines of code Vulnerability details Impact The only check on a new proposal is that it is priced lower than the existing proposal. It does not constrain on the collateral supplied except it will revert in verifyBalance if set to 0. Anyone can block normal proposal creation by creating a proposal...

MISSING HANDLE FOR DIRECT SEND OF TOKEN

Lines of code Vulnerability details Impact The current implementation of the protocol does not handle situations when tokens are sent directly to the pair contract. Tokens directly send to the contract can affect the calculation of baseTokenReserves which affect buyQuoute and sellQuoute. Below is...