Unclear TwapOracle.consult algorithm

Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...

LinearVesting does not calculate vested amount linearly

Handle xYrYuYx Vulnerability details Impact These calculations are incorrect for linear vesting. Proof of Concept i.e. if start amount is 10000, and duration is 100 seconds. After 50 seconds, user can claim 5000 which is 50% After another 10 seconds, user need to claim 1000 which is 10%, but...

Unsafe token transfer

Handle WatchPug Vulnerability details Calling ERC20.transfer without handling the returned value is unsafe. function processWithdrawal uint era, uint day, address member private returns uint value uint memberUnits = mapEraDayMemberUnitseradaymember; // Get Member Units if memberUnits == 0 value =...

transferFrom amount may exceed allowance

Handle WatchPug Vulnerability details function transferFromaddress sender, address recipient, uint256 amount public virtual override returns bool /// @dev the balances mapping represents the underlying ibBTC shares "non-rebased balances" /// @dev the naming confusion is due to maintaining origina...

Unchecked ERC20 transfer calls

Handle loop Vulnerability details ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In DutchAuctionLiquidator the call asset.transfermsg.sender, collateral; is made. asset refers to whichever ERC20 asset is used for the vault of that auction. If asset is an ERC20...

transfer() is not recommended for sending ETH

Handle WatchPug Vulnerability details Since the introduction of transfer, it has typically been recommended by the security community because it helps guard against reentrancy attacks. This guidance made sense under the assumption that gas costs wouldn’t change. It's now recommended that transfer...

fee-on-transfer underlying can cause problems

Handle 0xsanson Vulnerability details Impact The current implementation doesn't work with fee-on-transfer underlying tokens. Considering that Compound can have these kind of tokens ex. USDT can activate fees, this issue can affect the protocol. The problem arise when transferring tokens, basicall...

ConcentratedLiquidityPoolManager.sol#claimReward() and reclaimIncentive() will fail when incentive.token is token0 or token1

Handle WatchPug Vulnerability details In ConcentratedLiquidityPosition.collect, balances of token0 and token1 in bento will be used to pay the fees. uint256 balance0 = bento.balanceOftoken0, addressthis; uint256 balance1 = bento.balanceOftoken1, addressthis; if balance0 newBalance0 token0amount =...

Vault.withdraw can be unfair

Handle 0xsanson Vulnerability details Impact In the Vault.withdraw function an user burns shares quantity of VaultTokens to get amount of outputTokens back from the vault. If the vault doesn't have enough tokens, even after withdrawing from the controller, they receive less tokens than they shoul...

No safety check in addToken

Handle jonah1005 Vulnerability details Impact There's no safety check in Manager.sol addToken. There are two possible cases that might happen. 1. One token being added twice in a Vault. Token would be counted doubly in the vault. Ref: Vault.solL293-L303. There would be two item in the array when...

Attackers can force liquidations by borrowing large amounts of an asset.

Handle tensors Vulnerability details Impact Consider an attacker who borrows enough to greatly increase the oracle rate. It is claimed that arbitrageurs will come in a fix this discrepancy before the attacker has a chance to profit off of his price manipulation: "Over the next 1 hour, the effect ...

Parameter updates not propagated

Handle gpersoon Vulnerability details Impact There are several functions to update parameters. However these parameters are only updated on the top level and not propagated to the other contracts. This could lead to various unpredictable results. Examples are: setNftHubAddress of RCFactory...

No slippage protection in Strategy

Handle cmichel Vulnerability details The startPool and endPool functions of Strategy.sol mint/burn tokens in the pool without any minimum return amount checks: // startPool pool.mintaddressthis, true, 0 // endPool ,, uint256 fyTokenDivested = pool.burnaddressthis, 0, 0; If one of the pool tokens ...

TransferHelper does not work with all ERC20 tokens

Handle cmichel Vulnerability details The TransferHelper.safeTransferFrom function will revert if tokens do not return a boolean because the interface ERC20.transfer function it uses indicates that this function always returns a boolean. Some tokens like USDT don't correctly implement the EIP20...

Transactions nearing block.gaslimit may cause issues

Handle hrkrshnn Vulnerability details transactions nearing block.gaslimit may cause issues A general problem with schemes that require multiple steps and whose inputs are dynamically typed is that: a user may be able to "commit" something, but never "execute" it because the "execute" transaction...

Use of deprecated Chainlink function latestAnswer

Handle shw Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price fed to the Buoy3Pool. Proof of Concept Referenced code: Buoy3Pool.solL207...

IdleYieldSource doesn't use mantissa calculations

Handle tensors Vulnerability details Impact Because mantissa calculations are not used in this case to account for decimals, the arithmetic can zero out the number of shares or tokens that should be given. For example, say I deposit 1 token, expecting 1 share in return. On L95, if the...

Return values of ERC20 transfer and transferFrom are unchecked

Handle shw Vulnerability details Impact In the contract RCTreasury, the return values of ERC20 transfer and transferFrom are not checked, which could be false if the transferred token is not ERC20-compliant. In that case, the transfer fails without being noticed by the calling contract. Proof of...

YieldMath.sol / Log2: >= or > ?

Handle gpersoon Vulnerability details Impact The V1 version of YieldMath.sol contains "=" larger or equal, while the V2 version of YieldMath.sol containt "" larger in the log2 function. This change doesn't seem logical and might lead to miss calculations. The difference is present in a number of...

Potential manipulation of moneyMarket.incomeIndex

Handle cmichel Vulnerability details Vulnerability Details The DInsterest contract relies on moneyMarket.incomeIndex to return the accurate index. For some implementations, like in yearn, this is the price per share token vault.pricePerShare. There might be cases where this price per share can be...

Missing overflow check in flashLoan

Handle @cmichelio Vulnerability details Vulnerability Details ERC20FlashMintUpgradeable.flashLoan does not check for an overflow when adding the fees to the flashloan amount. The functionality might have been copied from but this one already has overflow checks as it uses solidity 0.8.0. Impact...

BLOCK_EPOCH and WEEK should not be mixed

Lines of code Vulnerability details Impact Rewards and voting weights are aligned on a weekly basis. In contract LendingLedger, reward is recorded for each epochblock.number. However, when calling gaugerelativeweightwrite, we should actually pass a timestamp, or the weight cannot be retrieved...

griefer can create maximum length time locks for other users with only dust

Lines of code Vulnerability details Description veOLAS is the voting token for the OLAS protocol. It functions like the curve.fi voting token in that a user gets more votes the longer they lock their tokens. A user can create a lock for themselves or have another user create a lock for them, usin...

L1 TO L2 ERC20 TOKEN TRANSFER CAN BE DoS IN THE FxERC20ChildTunnel CONTRACT SINCE A MALICIOUS USER CAN SET THE fxRootTunnel ADDRESS TO AN INVALID ADDRESS

Lines of code Vulnerability details Impact The FxERC20ChildTunnel is a smart contract which is used for the L2 token management. The FxERC20ChildTunnel contract inherits from the FxBaseChildTunnel contract. The FxBaseChildTunnel contract has the validateSender modifier which requires the sender o...

Decisionmaking in the DAO is to slow which results in the DAO not been able to use the CANCELLER_ROLE properly

Lines of code Vulnerability details Impact The time that takes the DAO to vote on a proposal is to long for the DAO to be a proper address to cancel scheduled operations. That is why no scheduled operation will ever be cancelled and potentially malicious operations from security exploits will be...

A MALICIOUS USER CAN FRONT RUN AND EXECUTE THE Tokenomics.initializeTokenomics TRANSACTION TO BECOME THE OWNER OF THE Tokenomics CONTRACT

Lines of code Vulnerability details Impact The Tokenomics.initializeTokenomics is an external function which can be called by anyone, Since there is no access control. Hence a malicious user can front-run the valid initialization transaction and become the owner of the Tokenomics contract. This i...

Changing the quorumNumerator should not be only possible by the governance

Lines of code Vulnerability details Impact Only the DAO can reduce the quorumNumerator. This means that if the participation for proposals in the DAO decreases below the quorumNumerator, there is no way to reduce the quorumNumerator so the DAO can start making decisions again. Proof of Concept Fo...

No access control on critical functions

Lines of code Vulnerability details The contract lacks proper access control on critical functions, allowing unauthorized parties to execute them. Recommendation: Use OpenZeppelin Ownable control for minting/burning, etc. Before: // No access control checks in critical functions function...

Error prone and complex code

Lines of code Vulnerability details Used function is error prone and complex that leads to incorrect asset handling so have suggested below maxHeapify implementation. function maxHeapifyuint256 pos internal uint256 left = 2 pos + 1; uint256 right = 2 pos + 2; uint256 largest = pos; if left...

Loss of precision in calculations

Lines of code Vulnerability details The use of regular division can lead to loss of precision. This could enable certain manipulations through precision attacks. Recommendation: Use SafeMath's div for integer division. Division used in parent can lead to loss of precision. Safemath usage is...

_handleRepay of MoneyMarketHook does not consider the actual debt shares of the posId inside the position manager and could lead to a user's tokens getting stuck inside the hook.

Lines of code Vulnerability details Impact When users construct repay operations via MoneyMarketHook, it doesn't consider the actual debt shares of the position inside the InitCore and PosManager. This could lead to users' tokens getting stuck inside the MoneyMarketHook contract. Proof of Concept...

liquidatePosition() change LOAN_TERM may result in the borrower paying additional liquidation fees.

Lines of code Vulnerability details Vulnerability details Currently, there are three ways to close a position: 1. The borrower voluntarily closes it through closePosition. 2. If Premium is insufficient, it is forcibly closed by liquidatePosition. 3. After the loan expires, LP forcibly closes it b...

Liquidator can get higher rate for liquidation

Lines of code Vulnerability details Proof of Concept When position is unhealthy then it can be liquidated. In order to incentivize someone to liquidate positions they receive some extra amount of collateral. This incentive percentage is calculated inside...

Zero amount token transfers may cause a denial of service during liquidations

Lines of code Vulnerability details Summary Some ERC20 implementations revert on zero value transfers. Since liquidation rewards are based on a fraction of the available position's premiums, this may cause an accidental denial of service that prevents the successful execution of liquidations...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

[H-01] Ocean contract and onERC1155Received function is vulnerable to read only reentrancy

Lines of code Vulnerability details Impact The Ocean contract and onERC1155Received function is vulnerable to read only reentrancy when read from another contract. The order of function execution when called externally from the onERC1155Received function in the Ocean contract is as follows. The...

Users can unwrap assets in batches and avoid paying fees to protocol

Lines of code Vulnerability details Impact Users can unwrap their assets from The Ocean and evade paying fees to the protocol when the requested amount is smaller than the fee divisor. This happens due to a truncation of the result in the fee calculation. Proof of Concept This affects the...

Front-Running

Lines of code Vulnerability details Impact Visible computed input amounts could be susceptible to front-running by malicious actors. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used...

Potential Gas Inefficiency due to Unnecessary abi.encode Usage

Lines of code Vulnerability details Impact The function unnecessarily uses abi.encode to convert a uint256 to bytes32, incurring additional gas costs. This doesn't affect correctness but may lead to suboptimal gas usage. Proof of Concept By modifying the fetchInteractionId function to directly ca...

The protocol is susceptible to reentrancy attacks.

Lines of code Vulnerability details Reentrancy is a well know bug in smart contract and the protocol is not handling it, The safeMint function in ERC721 make a callback to the receiver checking if they can hold a nft, this can be used to a receiver to take control of the execution of the call. in...

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

Missing gas fee limit

Lines of code Vulnerability details The use of .callvalue: balance"" does not limit the gas sent along with the Ether, potentially allowing all gas in the transaction to be used by the receiver. // Set a specific gas limit for the call if applicable uint256 gasLimit = someGasLimit; // Define...

Users pay higher fee than intended

Lines of code Vulnerability details Impact Protocol mints incorrect depositAmount and depositShare to protocol. Such that reserveFee is higher than defined. Suppose following scenario: 1. Tranche 2 has 20% APR, has 5000 borrowed 2. Tranche 1 has 10% APR, has 10000 borrowed 3. ReserveFee is 10% 4...

The approve function can be frontrun

Lines of code Vulnerability details Impact Bob steals tokens from Alice. Proof of Concept In the file WildcatMarketToken.sol there is an approve function: function approveaddress spender, uint256 amount external virtual nonReentrant returns bool approvemsg.sender, spender, amount; return true; th...

Sanction Bypass Through Transferring to another account

Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. WildcatMarketTokens are provided to lenders in return for their base assets, these tokens are ERC20 meaning tokens can be...

DoS Any Market by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any market contract can be DoSed by sending a 1 wei transaction to the market address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in market creation...

TWAP can lead to loss of manipulation of price

Lines of code Vulnerability details Impact There are tradeoffs when choosing the length of the period of time to calculate a TWAP. Longer periods are better to protect against price manipulation, but come at the expense of a slower, and potentially less accurate, price. Proof of Concept Both the...

Nonce update

Lines of code Vulnerability details return uint256keccak256abi.encodePackedownersHash, ownerSafeCountownersHash++, salt, VERSION; here ownerSafeCountownersHash++ is used as nonce for different ownerSafeCount mapping if ownersHash is 0 or 1 the mapping will be 0 for the first item.This will cause ...

Deterministic proxy contract address with a hard-coded salt enables token theft.

Lines of code Vulnerability details Impact The retrieveProxyContractAddress function calculates the address of the proxy contract deterministically based only on the delegate address. An attacker could pre-compute proxy contract addresses for target delegates and steal tokens by transferring to...