Deployment of pairs with no oracles

Lines of code Vulnerability details The constructor allows both oracle options oracleMultiply and oracleDivide to be set to zero. A pair could be deployed with no oracle maliciously or unintentionally. Impact Borrowers would not be impacted by fluctuations in values of collateral or assets and...

PTP-03: Unsafe logic in repayLender() function

Lines of code Vulnerability details PTP-03: Unsafe logic in repayLender function Impact reduceDebt internal function is called before the actual transfer of tokens, meaning that it doesn't matter if the transaction fails or succeeds for any reason, debt will be reduced, causing a loss for the...

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For Upgradable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

ETHRegistrarController._setRecords can register invalid domains and to some degree, its possible to register any domain name

Lines of code Vulnerability details Impact 1. Register invalid domains at Registrar. 2. It's possible to register any domain name. Proof of Concept ETHRegistrarController.setRecords call function at address resolveruser input with call data bytes calldata datauser input. So it can bypass any meth...

NameWrapper: parent can change owner of subnode by minting

Lines of code Vulnerability details Impact HIGH - bypassing PARENTCANNOTCONTROL fuse As discussed in the discord, bypassing fuse is considered high, thus reports as high impact Condition for the parent for this exploit: should be able to unwrap: no CANNOTUNWRAP fuse on the parent Or alternatively...

Chainlink's latestRoundData (price) might return stale or incorrect result

Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...

Insufficient Chainlink price feed validation

Lines of code Vulnerability details JBChainlinkV3PriceFeedcurrentPrice reads the price value from the underlying Chainlink price feed, but ignores the other values returned by latestRoundData, which include the round timestamps and round ID in which the returned price was computed. These values...

Yieldy: WarmUp expiry can be prolonged by staking from somebody else

WarmUp expiry can be prolonged by staking from somebody else Staking.sol:406 Staking.sol:439-444 Staking.sol:691 Impact When warmUpPeriod is greater than 1, a third person can stake to the victim to prolong the warmUp expiry. The expiry prolongation also happens with cool down, although a third...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact Reentrancy attacks can allow malicious actors to take over the control flow, and make...

Router Owner Could Steal All The Funds Within SponsorVault

Lines of code Vulnerability details Proof-of-Concept Assume the following: For simplity sake, only two 2 routers exist within Connext. Gas, relayer, callback fees and slippage are ignored. An attacker owns Router A. Router A has 1,000,000 oUSDC on Optimism Domain/Chain Router B has only 100 oUSDC...

Loss of tokens due to wrong burn function

Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...

Upgraded Q -> M from 37 [1654474354289]

Judge has assessed an item in Issue 37 as Medium risk. The relevant finding follows: Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised: Loss of fund for...

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code Vulnerability details Impact execute and executeWithBatch1155 are external functions. Both functions run for loops, boundary of which are determined by the function arguments. Anytime there's a loop where the input comes from an external source there's the possibility of unbounded...

[WP-H0] Unsafe type casting for the order's denominator and numerator may allow the attacker to buy more than the offered amount from the seller against the seller's will

Lines of code Vulnerability details orderStatusorderHash.numerator = uint120 filledNumerator + numerator ; orderStatusorderHash.denominator = uint120denominator; When an order is filled partially, the order's denominator and numerator will be updated in...

ATB-01M: Inexplicable Capability of Self-Limit Reduction

Lines of code Vulnerability details ATB-01M: Inexplicable Capability of Self-Limit Reduction | File | Lines | Type ---|---|--- AlchemicTokenV2Base.sol | L189-L191 | Access Control Description The mint function is meant to prevent arbitrary amount mints via the totalMinted variable being guarantee...

hard-coded slippage may freeze user funds during market turbulence (resubmit to downgrade severity)

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

UNISWAP_FEE is hardcoded which will lead to significant losses compared to optimal routing

Lines of code Vulnerability details Impact In YieldManager, UNISWAPFEE is hardcoded, which reduce significantly the possibilities and will lead to non optimal routes. In particular, all swaps using ETH path will use the wrong pool as it will use the ETH / USDC 1% one due to this line. Proof of...

Rebasing tokens lock excess balance in contract

Lines of code Vulnerability details Rebasing tokens lock excess balance in contract If a vault is created with a rebasing ERC20 as its token, additional balance accrued through rebases while the token is owned by the vault may be locked in the contract. If the rebasing token balance decreases whi...

sendToCosmos doesn't consider the ERC20 transfer fee, resulting in incorrect amount of ERC20 token

Lines of code Vulnerability details Impact Some ERC tokens have a fee on each transfer. The protocol doesn’t handle the fee when transferring this kind of ERC20 tokens, leading to the inconsistent amount of token actually received in the contract. Validators on the Cudos will mint more tokens to...

Usage of deprecated Chainlink oracle function

Lines of code Vulnerability details Impact The Chainlink oracle latestAnswer function is deprecated. Instead, you're supposed to use latestRoundData. Using deprecated functions can result in the PriceOracleImplementation not returning the correct value anymore. It will affect the availability of...

First xERC4626 deposit exploit can break share calculation

Lines of code Vulnerability details Solmate convertToShares function follow the formula: assetDepositAmount totalShareSupply / assetBalanceBeforeDeposit. The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as...

[WP-H0] xERC4626.sol Some users may not be able to withdraw until rewardsCycleEnd the due to underflow in beforeWithdraw()

Lines of code Vulnerability details function beforeWithdrawuint256 amount, uint256 shares internal virtual override super.beforeWithdrawamount, shares; storedTotalAssets -= amount; function syncRewards public virtual uint192 lastRewardAmount = lastRewardAmount; uint32 timestamp =...

ERC20Gauges: The _incrementGaugeWeight function does not check the gauge parameter enough, so the user may lose rewards.

Lines of code Vulnerability details Impact The incrementGaugeWeight function is used to increase the user's weight on the gauge. However, in the incrementGaugeWeight function, it is only checked that the gauge parameter is not in deprecatedGauges, but not checked that the gauge parameter is in...

Wrong calculation for yVault price per share if decimals != 18

Lines of code Vulnerability details The yVault.getPricePerFullShare function calculates the price per share by multiplying with 1e18 token decimals with the assumption that the underlying token always has 18 decimals. yVault has the same amount of decimals as it's underlying token see...

Users can transfer tokens to themselves to set cooldowns to 0, and then increase the lock time of other users' tokens when transferring to other users

Lines of code Vulnerability details Impact In the beforeTokenTransfer function, cooldowns will be set to 0 when the user transfers all tokens to himself. function beforeTokenTransfer address from, address to, uint256 amount internal virtual override iffrom != address0 //check must be skipped on...

Lack of approve after creating a safe in TurboRouter

Lines of code Vulnerability details Impact Both createSafeAndDeposit function and createSafeAndDepositAndBoost would revert on every call. Proof of Concept Both functions suffers from the same mistake so I'll detailed only on createSafeAndDeposit link 1. First the function calls...

Manipulations of setFee

Lines of code Vulnerability details Impact If we consider that the fee variable is meaningfully applied, there will still be several problems with this: 1. Admin can setFee up to 100%. This is bad for users, fees should have a reasonable upper limit, e.g. 30% to prevent potential griefing. 2...

Chainlink's latestRoundData might return stale or incorrect results

Handle cccz Vulnerability details Impact On Cvx3CrvOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: function peek bytes6 base, bytes6 quote, uint256 baseAmount privat...

Initial pool deposit can be stolen

Handle cmichel Vulnerability details Note that the PoolTemplate.initialize function, called when creating a market with Factory.createMarket, calls a vault function to transfer an initial deposit amount conditions1 from the initial depositor references4: // PoolTemplate function initialize string...

Reentrancy vulnerability in Basket contract's initialize() method.

Handle broccolirob Vulnerability details A malicious "publisher" can create a basket proposal that mixes real ERC20 tokens with a malicious ERC20 token containing a reentrancy callback in it's approve method. When the initialize method is called on the newly cloned Basket contract, a method calle...

Missing slippage/min-return check in UniswapHandler

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...

Zap contract's redeem() function might transfer more tokens than the user should be able to receive

Handle Ruhum Vulnerability details Impact The redeem function transfers the whole balance of the specified token to the user. That can be more than the amount the user should receive. Because at the time of the call to redeem the Zap contract's balance of the passed token might not be 0. Proof of...

MochiTreasuryV0.sol Is Unusable In Its Current State

Handle leastwood Vulnerability details Impact MochiTreasuryV0.sol interacts with Curve's voting escrow contract to lock tokens for 90 days, where it can be later withdrawn by the governance role. However, VotingEscrow.vy does not allow contracts to call the following functions; createlock,...

PoolCommitter.sol#commit() Calculation of amountOut is wrong

Handle WatchPug Vulnerability details else if commitType == CommitType.LongBurn // long burning: pull in long pool tokens from committer // A theoretical amount based on current ratio. Used to get same units as minimumCommitSize uint256 amountOut = PoolSwapLibrary.getWithdrawAmountOnBurn...

Can reclaim the same incentive multiple times

Handle pauliax Vulnerability details Impact function reclaimIncentive can be invoked more than once for the same incentiveId. If there were multiple incentives for the same token it would allow to drain these tokens by repeatedly calling reclaimIncentive. Recommended Mitigation Steps Simple...

Router's complexPath percentagePaths don't work as expected

Handle cmichel Vulnerability details The TridentRouter.complexPath function allows splitting a trade result into several buckets and trade them in a different pool each. The distribution is defined by the params.percentagePathi.balancePercentage values: for uint256 i; i...

Re-entrancy in settleAuction allow stealing all funds

Handle cmichel Vulnerability details Note that the Basket contract approved the Auction contract with all tokens and the settleAuction function allows the auction bonder to transfer all funds out of the basket to themselves. The only limiting factor is the check afterwards that needs to be abided...

TransferHelper does not work with all ERC20 tokens

Handle cmichel Vulnerability details The TransferHelper.safeTransferFrom function will revert if tokens do not return a boolean because the interface ERC20.transfer function it uses indicates that this function always returns a boolean. Some tokens like USDT don't correctly implement the EIP20...

Transactions nearing block.gaslimit may cause issues

Handle hrkrshnn Vulnerability details transactions nearing block.gaslimit may cause issues A general problem with schemes that require multiple steps and whose inputs are dynamically typed is that: a user may be able to "commit" something, but never "execute" it because the "execute" transaction...

Missing events for critical parameter changing operations by owner

Handle 0xRajeev Vulnerability details Impact The owner of TracerPerpetualSwaps contract, who is potentially untrusted as per specification, can change the market critical parameters such as the addresses of the Liquidation/Pricing/Insurance/GasOracle/FeeReceiver and also critical values such as...

Return values of ERC20 transfer and transferFrom are unchecked

Handle shw Vulnerability details Impact In the contract RCTreasury, the return values of ERC20 transfer and transferFrom are not checked, which could be false if the transferred token is not ERC20-compliant. In that case, the transfer fails without being noticed by the calling contract. Proof of...

update_market() market weight incorrect

Lines of code Vulnerability details Vulnerability details in updatemarket We need to get the weight percentage of the corresponding market epoch through gaugeController Then allocate cantoPerBlockepoch according to the percentage The main logic code is as follows: function updatemarketaddress...

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

Change owner() function can pass in wrong address and authorize malicious user in Treasury.sol

Lines of code Vulnerability details Impact A Wrong or malicious address can be made owner of the treasury.sol contract which is used to manage the Olas treasury. This is possible because there is no additional function in the treasury.sol Contract which will enable a new Owner actually meant to b...

Service owners can accrue OLAS top-ups even when donating to their own services

Lines of code Vulnerability details Impact The basis of this exploit is the ability for a topUpEligible service owner — any registrant of a service who also stakes enough OLAS in the voting escrow contract — to accrue OLAS top-ups even when they donate to services that they own themselves. As lon...

Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals

Lines of code Vulnerability details Impact The potential issue identified in the Treasury.rebalanceTreasuryinvolves the risk of failing to transfer treasury rewards from ETHFromServices to ETHOwned due to insufficient funds in ETHFromServices. This situation can arise when the withdrawToAccount...

claimOwnerIncentives x depositServiceDonationsETH x checkpoint x-entrancy Attack to get instant topups

Lines of code Vulnerability details Impact Double Topup via claimOwnerIncentives- depositServiceDonationsETH - checkpoint - claimOwnerIncentives loop Proof of Concept - Deploys Attacking Smart Contract - Executes 1st transaction via Attacking Contract to trigger depositServiceDonationsETH - Execu...

Frequent donations can cause DOS

Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...

LP rewards in liquidity_lockbox can be arbitraged

Lines of code Vulnerability details Impact The liquiditylockbox contract is designed to handle liquidity positions in a specific Orca LP pool. Users can deposit their LP NFTs into the contract, receiving in exchange tokens according to their position size. These tokens are minted with the goal of...

Mint function can exceeds a predefined limitin when flationRemainder function exist overflow at OLAS.sol contract

Lines of code Vulnerability details Impact mint function can exceeds a predefined limit when inflationRemainder function exist overflow at OLAS.sol contract Proof of Concept 1.First call Burn function,Burn function call burn can cause overflow, we can get a big totalSupply. 2.Second call mint. At...