Use of arbitrary ERC20 tokens could result misaccounting of funds

Lines of code Vulnerability details Vulnerability details If the token is set to a deflationary/fee-on-transfer token then its actual transfer amounts will not be accurately reflected in the protocol accounting given the lack of pre-transfer and post-transfer checks on asset transfers. Impact Som...

Take over of MinterRole contract

Lines of code Vulnerability details Impact Any user can call the grantMinter or revokeMinter method and take the mint control of the contract. Proof of Concept The grantMinter and revokeMinter methods are not protected by any type of authentication restriction, when they should have the...

Overwriting storage slots in MIMOProxy

Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...

Multicall does not check if the owner has changed after calls has been made(msg.sender misuse)

Lines of code Vulnerability details Impact The multicall doesn't check if the owner has changed after call or calls has been made. The transferOwnerShip contracts/proxy/MIMOProxy.sol/ requires that the owner is the msg.sender, before ownership can be changes, which is exactly what multicall can d...

Insufficient Chainlink price feed validation

Lines of code Vulnerability details JBChainlinkV3PriceFeedcurrentPrice reads the price value from the underlying Chainlink price feed, but ignores the other values returned by latestRoundData, which include the round timestamps and round ID in which the returned price was computed. These values...

Zero strike call options can be systemically used to steal premium from the taker

Lines of code Vulnerability details Some non-malicious ERC20 do not allow for zero amount transfers and order.baseAsset can be such an asset. Zero strike calls are valid and common enough derivative type. However, the zero strike calls with such baseAsset will not be able to be exercised, allowin...

Uninitialized local variables

Lines of code Vulnerability details Impact Configuration -Check: uninitialized-local -Severity: Medium -Confidence: Medium -Description:Lender.approveaddress,address.i Lender.sol114 is a local variable never initialized.A smart contract with uninitialized local variables may lead to intentional...

Redeemer.sol#redeem() can be called by anyone before maturity, which may lead to loss of user funds

Lines of code Vulnerability details function redeem uint8 p, address u, uint256 m public returns bool // Get the principal token that is being redeemed by the user address principal = IMarketPlacemarketPlace.marketsu, m, p; // Make sure we have the correct principal if p !=...

griefing on claim()

Lines of code Vulnerability details Issue: griefing can happen if coolDownPeriod is 0 due to the fact that you can stake for someone else, whenever a stake happens, the expiry variable increases with coolDownPeriod. This can be done either by watching the mempool and frontrun a stake when someone...

instantUnstake function can be frontrunned with fee increase

Lines of code Vulnerability details Impact instantUnstake allows user to unstake their stakingToken for a fee paid to the liquidity providers. This fee could be changed up to 100% any moment by admin. Malicious admin could frontrun users instantUnstake transaction and set fee to any value using...

User can accidentally permanently freeze the staked funds

Lines of code Vulnerability details User facing changeDuration function allows for setting any newDuration of a stake. However, only THREEMONTHS, SIXMONTHS and TWELVEMONTHS durations are visible to the system in all the subsequent logic. If a user accidentally sets any other duration, the...

Malicious Relayer Can Replay Execute Calldata On Different Chains Causing Double-Spend Issue

Lines of code Vulnerability details Proof-of-Concept This issue is only applicable for fast-transfer. Slow transfer would not have this issue because of the built-in fraud-proof mechanism in Nomad. First, the attacker will attempt to use Connext to send 1000 USDC from Ethereum domain to Optimism...

TODO: Hardcode claim.account = address(this)?

Lines of code Vulnerability details Impact Why you still has a TODO in the final code? TODO: Hardcode claim.account = addressthis? It is not implemented yet. claim.account may be any value, which may break the claiming process or let user steal fund that intended to be used in MyStrategy to their...

Loss of tokens due to wrong burn function

Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...

Upgraded Q -> M from 37 [1654474354289]

Judge has assessed an item in Issue 37 as Medium risk. The relevant finding follows: Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised: Loss of fund for...

Upgraded Q -> M from 124 [1654443300023]

Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-007 : USE SAFEERC20.SAFEAPPROVE Impact This is probably an oversight since SafeERC20 was imported and safeTransfer was used for ERC20 token transfers. Nevertheless, note that approve will fail for certain tok...

Unable to updateReward if there are too many rewardTokens

Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...

Non standard token transfers will fail in the protocol

Lines of code Vulnerability details Impact In TokenTransferrer.sol the performERC20Transfer function handles the transfer of ERC20 tokens in the protocol. It uses the ERC20transferFromsignature constant inherited from TokenTransferrerConstants.sol. The problem is that tokens that don’t correctly...

Router: Transferring Token to the Pair contract will cause future liquidity providers to lose funds

Lines of code Vulnerability details Impact Same as code-423n4/2022-01-elasticswap-findings146 In the current implementation, the amount of LP tokens to be minted when addLiquidity is calculated based on the ratio between the amount of newly added tokens and the reserve variable in the Pair...

hard-coded slippage may freeze user funds during market turbulence (resubmit to downgrade severity)

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

Re-entance steal token

Lines of code Vulnerability details Impact An attacker can steal tokens from the protocol after it sent ETH to him. Proof of Concept 1.Alice create vault of some ERC20/NFT. and buy the option 2.Alice pay for itself, so ethBalanceAlice is greater than 1 3. Alice call harvest, and get eth. Alice...

sendToCosmos doesn't consider the ERC20 transfer fee, resulting in incorrect amount of ERC20 token

Lines of code Vulnerability details Impact Some ERC tokens have a fee on each transfer. The protocol doesn’t handle the fee when transferring this kind of ERC20 tokens, leading to the inconsistent amount of token actually received in the contract. Validators on the Cudos will mint more tokens to...

ChainLink latestRoundData data may be stale

Originally submitted by warden 0xkatana in 63, duplicate of 17. ChainLink latestRoundData data may be stale Impact The Chainlink API latestRoundData function returns price data with other timestamp and round data. The timestamp and round data should be validated to confirm the data is not stale...

AmmGauge stake allows for reentrancy that can lead to stealing the contract balance

Lines of code Vulnerability details Impact Some ERC20 do allow for user's control of execution. For example, ERC777 has tokensReceived hook. This way, an ability to reenter can be executed with the usage of any such tokens. AmmGauge stake do not control for reentrancy and uses balance difference ...

EthPool use payable.transfer with an arbitrary receiver

Lines of code Vulnerability details Impact EthPool sends out native tokens via payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the to is a smart contract. Such transactions will fail for smart contract users which don't fit to 2300 gas stipend transfe...

ERC20Gauges: The _incrementGaugeWeight function does not check the gauge parameter enough, so the user may lose rewards.

Lines of code Vulnerability details Impact The incrementGaugeWeight function is used to increase the user's weight on the gauge. However, in the incrementGaugeWeight function, it is only checked that the gauge parameter is not in deprecatedGauges, but not checked that the gauge parameter is in...

setDebtInterestApr should accrue debt first

Lines of code Vulnerability details Impact The setDebtInterestApr changes the debt interest rate without first accruing the debt. This means that the new debt interest rate is applied retroactively to the unaccrued period on next accrue call. It should never be applied retroactively to a previous...

Existing user’s locked JPEG could be overwritten by new user, causing permanent loss of JPEG funds

Lines of code Vulnerability details Details & Impact A user’s JPEG lock schedule can be overwritten by another user’s if he the other user submits and finalizes a proposal to change the same NFT index’s value. The existing user will be unable to withdraw his locked JPEGs, resulting in permanent...

mintBorrowTicketTo can be a contract with no onERC721Received method, which may cause the BorrowTicket NFT to be frozen and put users' funds at risk

Lines of code Vulnerability details IERC721MintableborrowTicketContract.mintmintBorrowTicketTo, id; function mintaddress to, uint256 tokenId external override loanFacilitatorOnly mintto, tokenId; If mintBorrowTicketTo is a contract that does not implement the onERC721Received method, in the curre...

Delegations incorrectly tracked when multiple delegate() calls occur in the same block

Lines of code Vulnerability details The README.md states: If the user has a Lock, and delegates to someone, then the bonus voting power is not counted. Impact Accounts are still able to claim bonus voting power even if they delegate to someone else, and any operations that rely on the public...

DoS: User's May Claim _splitId Causing Other Transactions to Revert

Lines of code Vulnerability details Impact Users may set splitId to any value when calling SplitFactory.createSplit allowing the user to claim this ID. This is exploitable to front-running in a denial of service attack where an attacker may call see a transaction in the mempool and call...

Improper Token Balance Check on swap()

Lines of code Vulnerability details Improper Token Balance Check on swap Description The swap can be separated in 2 paths, swap native to ERC20, or swap ERC20 to native. The contract performs a fromAssetId balance check before calling swap, mean that the attacker could periodically check for ERC2...

Users can transfer tokens to themselves to set cooldowns to 0, and then increase the lock time of other users' tokens when transferring to other users

Lines of code Vulnerability details Impact In the beforeTokenTransfer function, cooldowns will be set to 0 when the user transfers all tokens to himself. function beforeTokenTransfer address from, address to, uint256 amount internal virtual override iffrom != address0 //check must be skipped on...

Use of deprecated Chainlink function latestAnswer

Lines of code Vulnerability details function getCurrentPriceaddress asset external view overrideProviderOracleManager, IProviderOracleManager returns uint256 address assetOracle = getAssetOracleasset; IEACAggregatorProxy aggregator = IEACAggregatorProxyassetOracle; int256 answer =...

Duplicate _tokenNameSuffix and _tokenSymbolSuffix will incorrectly update current Market

Lines of code Vulnerability details Impacted Function: createMarket Description: 1. Owner calls createMarket with tokenNameSuffix S1 and tokenSymbolSuffix S2 which creates a new market M1 with deployedMarketssalt pointing to M1. Here salt can be S which is computed using tokenNameSuffix and...

Possible Wrong bAsset Rewards/Borrow limits Calculation

Lines of code Vulnerability details Impact During the code review, It has been observed that reward calculation has been done with executeepochoperations function. However, the config are stored in the storage. When the ancpurchasefactor is updated by the owner, the executeepochoperations is not...

No ERC20 safe* versions called on mainnet deposit

Lines of code Vulnerability details Impact Some mainnet tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Non-safe...

settleFunding will exceed block gas with more markets and activity

Lines of code Vulnerability details Impact As the number of supported markets grow, settleFunding will reach a point were it exceeds the block gas limit on Avalanche C-Chain. This will prevent users from calling the function and cause a wide spread Denial of Service. Looking at transactions for t...

Lack of approve after creating a safe in TurboRouter

Lines of code Vulnerability details Impact Both createSafeAndDeposit function and createSafeAndDepositAndBoost would revert on every call. Proof of Concept Both functions suffers from the same mistake so I'll detailed only on createSafeAndDeposit link 1. First the function calls...

latestRoundData data may be stale

Handle sirhashalot Vulnerability details Impact The Chainlink latestRoundData function is used in Cvx3CrvOracle.sol, but it is used without checking whether the data returns from the oracle is stale or not. Chainlink warns about this issue and describes how to check for it: Proof of Concept From...

Unchecked returns in multiple place

Handle 0v3rf10w Vulnerability details Impact Multiple checks needed Proof of Concept L1LPTGateway.outboundTransferaddress,address,uint256,uint256,uint256,bytes contracts/L1/gateway/L1LPTGateway.sol80-123 ignores return value by TokenLikel1Token.transferFromfrom,l1LPTEscrow,amount...

Reentrancy allows attacker to lock the funds deposited in the contract

Handle tqts Vulnerability details Impact It is possible for attackers to exploit a reentrancy issue in lockuint256,uint256,address that would allow them to lock all funds deposited prior to the attack. Proof of Concept The problem lies in the lockuint256,uint256,address function, that transfers t...

Allowing more than 256 epochs leads to loss of funds

Handle cmichel Vulnerability details The TwabRewards contract has an implicit restriction of 256 epochs per promotion as it uses a bitmask in a uint256 to mark claimed epochs 0-255, see isClaimedEpoch. "/// @dev We pack epochs claimed by a user into a uint256. So we can't store more than 255...

Basket.sol#publishNewIndex() Lack of input validation may cause fund loss to anyone who bonds an auction

Handle WatchPug Vulnerability details According to the newRatio formula in settleAuction, the maximum value of newRatio is factory.auctionMultiplier basket.ibRatio. However, since there is no validation for the value of minIbRatio when setting it, if the publisher publishes a newIndex with...

ArbitraryCall() allows attackers to steal ERC20 tokens from users wallets

Handle Jujic Vulnerability details A call to an arbitrary contract with custom calldata is made in arbitraryCalladdress who, bytes memory data, which means the contract can be an ERC20 token, and the calldata can be transferFrom a previously approved user. Impact The wallet balances for the amoun...

Dutch auction can be manipulated

Handle gzeon Vulnerability details Impact When malt is under-peg and the swing trader module do not have enough capital to buy back to peg, a Dutch auction is triggered to sell arb token. The price of the Dutch auction decrease linearly toward endprice until endAuction is called. endAuction is...

Malt Protocol Uses Stale Results From MaltDataLab Which Can Be Abused By Users

Handle leastwood Vulnerability details Impact MaltDataLab integrates several MovingAverage contracts to fetch sensitive data for the Malt protocol. Primary data used by the protocol consists of the real value for LP tokens, the average price for Malt and average reserve ratios. trackMaltPrice,...

Fees can be more than 100%

Handle cmichel Vulnerability details The Overlayv1Mothership.adjustGlobalParams function allows setting a fee and feeBurn that is greater than 100%. Recommended Mitigation Steps Validate that fee and feeBurn is less than ONE = 1e18. --- The text was updated successfully, but these errors were...

FeeSplitter: Unbounded number of shareholders can cause DOS

Handle GreyArt Vulnerability details Impact There is no limit to the number of shareholders. It is therefore possible to set a large number of shareholders such that sendFees will run out of gas when adding shares to each shareholder. This will cause denial of service to all NestedFactory...

VaderPoolV2.mintFungible exposes users to unlimited slippage

Handle TomFrench Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any ratio and the pool will calculat...