ERC721 onERC721Received() reentrancy

Lines of code Vulnerability details Impact Reentrancy is an attack that can occur when a bug in a contract may allow a malicious contract to reenter the contract unexpectedly during execution of the original function. This can be used to drain funds from a smart contract if used maliciously...

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation

Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...

dETH are branded as slash proof, but ETH2 slashing could make 32 deposit drop much below 24 (down to 0), making dETH undercollateralized

Lines of code Vulnerability details Description dETH is advertised as fault proof , slash proof ETH However, ETH2 staked deposit can be slashed from 32 down to 0, not just to 24 as would be expected24 dETH printed. This means dETH is undercollateralized, and indeeds bears the risk of being "paper...

Downcast can lead to overflow and impact the functionality to remove an asset in NFTFloorOracle

Lines of code Vulnerability details Impact When adding a new asset, the index for the last asset will be saved and downcasted on L284. If the number of assets is bigger than 256, the downcasting operation will lead to a silent overflow. Consequentially, the incorrect index will be stored. This ca...

Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds

Lines of code Vulnerability details Impact The contract L1StandardBridge.sol is susceptible to a vulnerability where underpaying the l2Gashere in all contract, it used as "minGasLimit" value provided by users can result in a potential loss of funds. This vulnerability exists in the depositERC20 a...

Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds

Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...

safeIncreaseAllowance may fail on USDT case

Lines of code Vulnerability details Impact safeIncreaseAllowance may fail on USDT case. If a swap completed with dust fund. Consequence swap will always revert due to non-zero allowance on USDT token. Proof of Concept function safeIncreaseAllowanceIERC20 token, address spender, uint256 value...

Fee on transfer tokens will cause users to lose funds

Lines of code Vulnerability details Impact Some ERC20 tokens allow for charging a fee any time transfer or transferFrom is called. If a contract does not allow for amounts to change after transfers, subsequent transfer operations based on the original amount will revert due to the contract having...

Swaps in Uniswap V3 may be partial

Lines of code Vulnerability details Swaps in Uniswap V3 may be partial Uniswap V3 pools may execute a swap partially, in which case it may leave an unhandled amount of WETH in the JBXBuybackDelegate contract. Impact Swaps in Uniswap V3 can eventually be executed partially, if liquidity is not...

arbitrum block.number refers to L1 block number, not L2 block number when determining the round

Lines of code Vulnerability details Impact arbitrum block.number refers to L1 block number, not L2 block number Proof of Concept In the current implementation, the round manager use block.number to determine the round However, according to the block.number in arbitrum refers to ethereum mainnet...

Use contracts-upgradeable instead of contract variants of OpenZeppelin

Lines of code Vulnerability details Impact OpenZeppelin’s contracts variants when used with upgradeability will result in negative impact on the overall contract functionality. Check this OpenZeppelin warning about mixing contract variants with upgradeable-contract. Proof of Concept Upgradeable...

Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert

Lines of code Vulnerability details Impact When operations need to calculate Uniswap V3 position's fee growth, it used similar function implemented by uniswap v3. However, according to this known issue : Uniswap/v3-core573. The contract is implicitly relies on underflow/overflow when calculating...

Unpacking the "0x1626ba7e" Mystery: The Risks of Unidentified Fixed Values in Smart Contracts - loss of funds

Lines of code Vulnerability details Impact The use of a fixed value in the require statement without understanding its significance creates a security vulnerability in the contract. An attacker could manipulate the returned value to bypass the require statement and execute malicious code. This ca...

The call to MsgValueSimulator with non zero msg.value will call to sender itself which will bypass the onlySelf check

Lines of code Vulnerability details Impact First, I need to clarify, there may be more serious ways to exploit this issue. Due to the lack of time and documents, I cannot complete further exploit. The current exploit has only achieved the impact in the title. I will expand the possibility of...

LayerZero endpoint can get blocked by a malicious user (or even a honest one)

Lines of code Vulnerability details Description Contract Endpoint, from LayerZero is the one responsible of sending/receiving messages to/from other chains. Specifically it has function receivePayload, which is called by contract UltraLightNodeV2 the current default library of the protocol after...

safeTransferFrom Does Not Check for Code at the Token Address

Lines of code Vulnerability details Impact The solady safeTransferFrom does not check for code at a token address before transferring. This can result in a deposit being made in a selfdestructed token or an embryonic token such as one that can be created from another chain's bridge without the us...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

Tokens with multiple entry points can lead to loss of funds in rageQuit()

Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Malicious claimer could arbitrage the prize-claiming functionality

Lines of code Vulnerability details Impact The feePerClaim is a user controlled parameter which tops at tierLiquidity.prizeSize for a given tier see here for that. That means the CLAIMER can set arbitrary fees for a given call to claimPrize to increase maliciously the collected fees with //...

ERC4626 does not work with fee-on-transfer tokens

Lines of code Vulnerability details Impact The docs/video say ERC4626.sol is in scope as its part of TurboSafe The ERC4626.deposit/mint functions do not work well with fee-on-transfer tokens as the amount variable is the pre-fee amount, including the fee, whereas the totalAssets do not include th...

excuteProposal can fail due to Wormhole guardian change

Lines of code Vulnerability details Impact Wormhole governance can change signing guardian sets. If this happens between a proposal is queued and a proposal is executed. The second verification in executeProposal will fail as the guardian set has changed between queuing and executing. This would...

Signature malleability can occur by using EVM's ecrecover

Lines of code Vulnerability details Impact EVM's ecrecover is susceptible to signature malleability which allows replay attacks, check this. Proof of Concept OffChainSignatureValidator in its function isValidSignature checks for signature validity by using vulnerable method of ecrecover. address...

onlyEOA modifier can be bypassed and leads to loss of user funds(Openzeppelin removed isContract function check)

Lines of code Vulnerability details Impact The onlyEOA modifier is extensively used in L1 as well as L2 smart contracts. It is designed to restict certain operations to Externally Owned accountEOA. However, the vulnerability exist that may allow the malicious contract to bypass this restriction...

Race condition on ERC20 approval

Handle WatchPug Vulnerability details function approveaddress spender, uint256 amount public virtual returns bool allowancemsg.senderspender = amount; emit Approvalmsg.sender, spender, amount; return true; Using approve to manage allowances opens yourself and users of the token up to frontrunning...

Add chainId to address creation.

Lines of code Vulnerability details Impact Although it may not be in the plan to deploy multiple zkSync rollups, it makes sense to include chainid in computeCreate2Address from the very start. It would be more EIP-155 compliant, and will prevent future replay attacks, where a tx of first zkSync...

usage of safeApprove

Handle pauliax Vulnerability details Impact depositInVault in contract YearnV2YieldSource calls safeApprove when the allowance is less than the token balance: if token.allowanceaddressthis, addressv token.balanceOfaddressthis token.safeApproveaddressv, typeuint256.max; This does not mean that the...

Bridge should not allow ERC20 tokens with double-entry point

Lines of code Vulnerability details Impact If a token with double-entry point is escrowed in L1 bridge, the user could withdraw their token through the other entry point, thus rugpulling the bridge. And when they actually withdraw from L2, they will take other users' funds from the bridge. Proof ...

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

No use of upgradeable safeERC20 contracts in Controller.sol

Lines of code Vulnerability details Impact Controller.sol makes use of Open Zeppelins ReentrancyGuardUpgradeable.sol in the file but does not use an upgradeable version of SafeERC20.sol Proof of Concept Tools Used Manual code review Recommended Mitigation Steps Make use of Open Zeppelins...

## [H2] Multicall can be called by a malicious contract after executing a malicious delegatecall

Lines of code Vulnerability details Impact Multicall can be called though a malicious delegate call controlling all function in a vault. PoC This is related to a bug I had reported MIMOProxy can be PWNED by a malicious delegate call where I explain that storage variables can be set in delegate...

SETTING block.timestamp AS THE DEADLINE COULD LEAD TO HIGHER RATE OF FAILED TRANSACTIONS

Lines of code Vulnerability details Impact The OptionsPositionManager.swapExactTokensForTokens function is used to swap assets for exact assets. Here the exact amount of source token is swapped for an amount of target token. The function uses the IUniswapV2Router01.swapExactTokensForTokens call f...

Use of deprecated Chainlink latestAnswer()

Handle sirhashalot Vulnerability details Impact Chainlink's documentation listed the latestAnswer function as deprecated. This function doesn't revert if no answer is available but returns 0, and the return value of latestanswer is not checked in the Notional code. In fact, Chainlink removed thei...

Arbitrary from in transferFrom

Lines of code Vulnerability details Impact function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can call a and specify Alice's address as the from parameter in transferFrom, allowing him to transfer...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Deposit into strategy could be blocked by limits in EigenLayer

Lines of code Vulnerability details Summary The implementation of depositAssetIntoStrategy deposits the entire balance of the node delegator which could conflict with the max limits per deposit defined in EigenLayer. Impact NodeDelegator are responsible for managing assets in EigenLayer. The...

Unsafe usage of ERC20 transfer and transferFrom

Lines of code Vulnerability details Impact Some ERC20 tokens functions don’t return a boolean, for example, USDT, BNB, OMG. So the LowLevelERC20Transfer contract simply won’t work with tokens like that as the token. Proof of Concept USDT’s transfer and transferFrom functions don't return a bool,...

[Medium-3] Non-compliance with EIP-4337

Lines of code Vulnerability details Impact Some parts of the codebase are not compliant with the EIP-4337 from the EIP-4337 specifications, at multiple degrees of severity. Proof of Concept Sender existence Create the account if it does not yet exist, using the initcode provided in the...

Using deprecated Chainlink function latestAnswer

Lines of code Vulnerability details Proof of Concept According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8 decimals f...

Functions that send Ether to arbitrary destinations

Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. Dangerous calls: GnosisSafe.handlePaymentuint256,uint256,uint256,address,address Tools Used Manual Auditing line by line Recommended Mitigation Steps Ensure that an arbitrary user cann...

Unsafe usage of msg.value in a loop

Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...

Chain split caused by memory corruption in EVM

Lines of code Vulnerability details Chain split caused by memory corruption in EVM We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error. Specifically, vulnerable nodes obtain a different stateRoot when processing a...

Check for the L2 Sequencer's uptime when calling the Chainlink feed is not implemented

Lines of code Vulnerability details Impact The getAnswer function in the LPOracle and OracleConvert contracts has a vulnerability that does not include a check for the Sequencer's uptime when calling the Chainlink feed CLTOKENA, CLTOKENB. In Layer 2 L2 systems, the Chainlink oracle may return an...

Payable functions using delegatecall inside a loop

Lines of code Vulnerability details Impact The use of delegatecall within a loop, in the context of a payable function, can lead to the repeated crediting of the msg.value amount, potentially causing unexpected behavior or loss of funds. Proof of Concept contract DelegatecallInLoop is Multicall...

Wrong Implementation of EIP-712

Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...

Using SafeTransferLib as a transfer medium has a certain probability of causing problems

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function exerciseOrder memory order, uint256 calldata floorAssetTokenIds public payable / CHECKS / bytes32 orderHash = hashOrderorder; // check user owns the position requireownerOfuint256orderHash ==...

getModulesPaginated does not return the correct data

Lines of code Vulnerability details Impact In ConsoleFallbackHandler, you can call getModules to return the first 10 modules: function getModules external view returns address memory GnosisSafe safe = GnosisSafepayablemsg.sender; address memory array, = safe.getModulesPaginatedSENTINELMODULES, 10...

Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...

Funds cannot be withdrawn from EigenLayer

Lines of code Vulnerability details Impact NodeDelegator contracts handle depositing LSTs into EigenLayer to earn yield. However the contract lacks functions to withdraw those tokens afterwards, meaning they will become trapped in the EigenLayer protocol. This breaks the functionality of the...

Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...