Airdropped Gas will remain in the Agent in case of failure

Lines of code Vulnerability details Impact The protocol uses LayerZeros Airdrop mechanism to send gas to BridgeAgents which they need to pay for subsequential cross-chain-messages. If the transaction on the receiver fails, this airdropped gas will remain in the BridgeAgent and can be used up by t...

Unbounded tick arrays; add max length check to prevent gas issues.

Lines of code Vulnerability details Impact Tick arrays like tickTracking can grow unbounded. Could hit gas limit. As ticks are crossed, new TickTracking elements are pushed: function crossTicks bytes32 poolIdx, int24 exitTick, int24 entryTick internal tickTrackingpoolIdxexitTick.push...

Slippage attack on claiming rewards

Lines of code Vulnerability details Impact Exploiter can abuse slippage to claim more weekly reward. The amount of slippage damage is unclear due to lack of deployment context and testing. Worst case scenario is the exploiter own 100% deposit of single pool allowing extreme slippage to steal enti...

Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

Allowing price updates once in an epoch is extremely risky and open windows to a lot of issues

Lines of code Vulnerability details Impact Protocol currently knows about how this could be an effect, since the comments to both previewDeposit and convertToShares suggest that any difference attached to this should be considered slippage, but measures are not taken to ensure that this slippage ...

No gas payment is done before calling the callContract in the Router.sol

Lines of code Vulnerability details Impact In the Axelar documentation it is specified that before calling callContract or callContractWithToken the user needs to first prepay the relayers gas fee on the source chain, but since the functions are not payable, nor does call...

No way to revoke Approval in DelegateToken.approve leads to un authorized calling of DelegateToken.transferFrom

Lines of code Vulnerability details Impact There is no way to revoke the approval which given via DelegateToken.approveaddress,delegateTokenId. They can able call the DelegateToken.transferFrom even the tokenHolder revoke the permission using the DelegateToken.setApprovalForAll if the spender...

No removal mechanism from blocklist, allowlist and sanctionsList

Lines of code Vulnerability details Impact rUSDY.sol has setBlocklist sets the blocklist address, setAllowlist sets the allowlist address, and setSanctionsList sets the sanctions list address functions: However, the mechanism for removing addresses from arrays is not implemented anywhere. Even in...

Front-running attack can occur between when the unbonding lock is created and when the delegator's bonded amount is decreased.

Lines of code Vulnerability details Impact This would allow the delegator to temporarily have more bonded tokens than they should. They could take advantage of this by voting in governance with the increased voting power or withdrawing increased fees Proof of Concept 1. When unbond is called, an...

ERC721 tokens are blocked in rdpxV2Core contract

Lines of code Vulnerability details The admin has the right to recover an ERC721 token in the UniV3LiquidityAMO contract. He needs to call recoverERC721 and provide the tokenAddress and tokenid values, where the token with tokenid will be transferred to the rdpxV2Core contract...

KEY INVARIANT RELATED TO THE FIXED_FEE AMOUNT CAN BE BROKEN

Lines of code Vulnerability details Impact The EvolvingProteus.applyFeeByRounding function is used to charge fees by rounding values in directions that are beneficial to the pool. Within this function there is a if condition which verifies that the calculated final amount is not less than the...

Claiming prizes will be bricked if prize periods are not aligned with twab periods

Lines of code Vulnerability details Comments The previous implementation allowed a malicious user to keep updating their balances provided the previous observation fell within the same period. As such, if a draw ends part way through a period, the user would be able to manipulate their average...

TwabController::_periodEndOnOrAfter() function returns the period start instead of the period end

Lines of code Vulnerability details Original Issue M-03 - TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Details The original finding is about the lack of a mechanism to validate if the startTime and endTime are safely bounded, otherwise, if...

GaugeController.sol isn't updated when voting power is delegated, enabling users to arbitrarily increase gauge weight

Lines of code Vulnerability details Impact A malicious user can arbitrarily increase any gauge's weight, resulting in loss of rewards for lenders of other gauges. Proof of Concept Note that the below code snippet from GaugeController.voteforgaugeweights called by users to cast and change votes...

Voters can vote on a single pool multiple times by redelegating

Lines of code Vulnerability details Impact Users should be able to have only one concurrent vote on a pool in GaugeController. When a user votes the weight of his vote is calculated using his userweight parameter and the slope and end time of his balance lock are used to calculate the bias for th...

Possible DoS of Election Process

Lines of code Vulnerability details Impact Contract SecurityCouncilNomineeElectionGovernor allows contenders to participate in the election process as nominee over function addContender. The necessary condition for this process is that proposal was created before and has status...

Unsafe typecasting can lead to tokens being locked in the contract

Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...

addDust in OptionsPositionManager.sol can add way more tokens than expected in cases where the asset used has less decimals

Lines of code Vulnerability details Impact The function addDust is used in closeDebt to // Add dust to be sure debt reformed = debt outstanding as stated in the NatSpec, but in the cases of tokens with less decimals, the amount calculated will be way bigger than expected which could make the whol...

removeFromAllTicks() withdraws all tick assets before deposit and withdraw and re-deposit them creates reentrancy attacks.

Lines of code Vulnerability details Impact reentrancy attacks can result to stolen funds Proof of Concept The key issue is that removeFromAllTicks calls removeFromTickindex in a loop, which calls lendingPool.withdraw and tr.withdraw. These external calls could trigger a reentrant call back into t...

Missing deadline param in swapExactAmountOut() allowing outdated slippage and allow pending transaction to be executed unexpectedly.

Lines of code Vulnerability details Impact Loss of funds/tokens for the protocol, since block execution is delegated to the block validator without a hard deadline. Proof of Concept The function swapExactAmountOut from LiquidationRouter.sol and LiquidationPair.sol use these methods to swap tokens...

RngRelayAuction can be bricked or used to specify arbitrary winning random numbers

Lines of code Vulnerability details Impact The RngRelayAuction contract deployed on each chain has a rngComplete method that is supposed to be called by the relayer in order to close/complete a prize draw. However this method doesn't have any access control and can therefore be called by anyone...

safe32 WILL RESTRICT THE DURATION OF MultiRewardDistributor._addEmissionConfig FUNCTION USABILITY

Lines of code Vulnerability details Impact The MultiRewardDistributor.addEmissionConfig function is used to add a new emission configuration for a specific market. The addEmissionConfig function constructs the MarketConfig configuration struct using the input parameters to the function. The...

Malicious user can steal other user's deposits from Vault.sol

Lines of code Vulnerability details Impact When the Vault.withdraw function is called, a maximum of typeuint96.max shares are being burnt subsequently: Vault.withdraw- Vault.withdraw- Vault.burn burns uint96shares, see Vault.sol line 1139. A malicious user can exploit this in the following way: 1...

IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT

Lines of code Vulnerability details Impact The Vault.deposit function is used by the users to deposit assets to the vault and mint vault shares to the recipient address. The amount of assets are transferred to the Vault as follows: SafeERC20.safeTransferFrom asset, caller, addressthis,...

FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT

Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token after its deployment. This ability is due to the inheritance of the setData function from ERC725YCore.sol implemented in...

An identical vault can be deployed with existing values, the logic controlling this is missing

Lines of code Vulnerability details VaultFactory. The deployVault function deploys a new vault with 10 arguments, but does not check if there is a vault already deployed with the same arguments This seems to have been preferred as a design, but malicious people with copy safes can direct users to...

The liquidate function lets the caller mint amountOut tokens without providing any

Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details I HAVE ALREADY SUBMITTED THIS ISSUE HOWEVER I MESSED UP THE LINKS FOR IT. CAN YOU PLEASE DISREGARD THE PREVIOUS SUBMISSION? Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token...

Functions will always return success even if it is failed

Lines of code Vulnerability details Impact In NounsAuctionHouseFork.sol, safeTransferETH function is used to transfer ETH. File: nouns-contracts/contracts/governance/fork/newdao/NounsAuctionHouseFork.sol 272 function safeTransferETHaddress to, uint256 value internal returns bool 273 bool success,...

Users can swap tokens through shift() function without _updatePumps()

Lines of code Vulnerability details Impact Any user can swap tokens just transferring tokens to the contract in a batch with calling shift function. The problem is that the shift doesn't call the updatePumps function which update oracle. This way attackers can exploit this vulnerability to...

_createDepositSingle() call bridgeOut missing normalizeDecimals

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in createDepositSingle will call IPortlocalPortAddress.bridgeOut The parameter deposit is not converted to 18 decimal createDepositSingle function createDepositSingle address...

NO CHECK TO VERIFY THE ELEMENTS OF assetsAmounts[] ARRAY IS IN THE SAME ORDER AS assets[] ARRAY, IF MISCONFIGURED COULD BREAK THE INTERNAL ACCOUNTING OF SHARE CALCULATION

Lines of code Vulnerability details Impact In the ERC4626MultiToken.convertToShares function, assetsAmounts are used to calculate the shares to mint. Here the assetsAmounts are expected to be passed in the order of the assets array. If there is any misconfiguration in the order, then it will affe...

Vulnerable to MEV exploitation due to lack of slippage protection

Lines of code Vulnerability details Proof of Concept Function to decrease and increase liquidity are passing amount0Min and amount1Min as zero. This will result in MEV bots sandwiching transactions to extract value from it. In the worst case it will actually return zero or a very small value in...

User can manipulate totalRewardUnclaimed and steal pool incentives

Lines of code Vulnerability details Impact In the UniswapV3Staker.sol contract, a user can drain the incentives by repeatedly staking and unstaking. Proof of Concept During staking, the stakeToken... function checks that incentives is not zero this would later become insufficient but does not in...

stETHs rebase profit stealing

Lines of code Vulnerability details Description It's possible with flashloan from AAVE to capture a big shares amount of eUSD, after each stETH rebase exploiter will buy excessive income, which leads to eUSD rebase due to shares burning, so the exploiter will have most of burned eUSD because they...

flashloan stealing staking reward

Lines of code Vulnerability details Impact The report reveals a vulnerability where a flashloan can be used to steal staking rewards. The provided proof of concept demonstrates the issue, where a user can take advantage of the earned rewards calculation using the spot balance. By flashloaning a...

The function will not work properly on Optimism due to use of block.number

Lines of code Vulnerability details Impact On Optimism, the block.number is not a reliable source of timing information and the time between each block is also different from Ethereum. This is because each transaction on L2 is placed in a separate block and blocks are not produce at a constant...

Flashloan/onFlashLoan() does not comply eip-3156

Lines of code Vulnerability details Impact In PeUSDMainnetStableVision.sol, File: contracts/lybra/token/PeUSDMainnetStableVision.sol interface FlashBorrower /// @notice Flash loan callback /// @param amount The amount of tokens received /// @param data Forwarded data from the flash loan request /...

Lack of deep validation

Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...

Pre-defined limit is different from the spec.

Lines of code Vulnerability details Impact In the spec, the pre-defined limit of ETH is 0.01 ETHs. But the actual limit in the code is not 0.01 ETH which could result in misleading. Proof of Concept In the spec, it said that the pre-defined limit of ETH is 0.01 ETHs For risk management purposes, ...

User with canto balance under the treshold will receive 4 canto for every transaction wich will be included in a block

Lines of code Vulnerability details Impact User, who decided to send several different tokens in the canto network at the same time and who has canto balance under the threshold, will receive 4 canto for every transaction which satisfies other onboarding conditions token type, tokens amount, in...

Signature malleability in createActionBySig allow an attacker to replicate an attack

Lines of code Vulnerability details Overview The createActionBySig is part of a family of functions that can be called by signature. This functionality is shared with castApprovalBySig and castDisapprovalBySig. However, the last two functions rely on the preCastAssertion function that revert on...

In LlamaRelativeQuorum, actionApprovalSupply/actionDisapprovalSupply can be changed anytime.

Lines of code Vulnerability details Impact The governance result might be manipulated seriously because the approval/disapproval supplies can be changed anytime by an attacker. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total...

LlamaAccount can be tricked to selfdestruct with an upgradable contract

Lines of code Vulnerability details Impact The LlamaAccount contract will be destroyed and all the assets can be lost. Proof of Concept In execute, we use readSlot0 to prevent a malicious or buggy target from taking ownership of this contract. But the malicious target can send all the assets and...

Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().

Lines of code Vulnerability details Impact Delegatecall to targets which have storage access will read/write each other's storage variables. Although slot 0 is protected from modification by delegatecall, reading slot 0 is not protected. Modifying storage slot other than 0 is not protected. It's...

Incorrect Handling of Return Value in onlyWhenNotPaused Modifier

Lines of code Vulnerability details Description: contract named "L1ChugSplashProxy" which is a proxy contract with additional functionality for code and storage modification. However, there is a bug in the code that needs to be addressed. Bug: The bug is in the modifier onlyWhenNotPaused function...

A lot with a lots.sdAmount less than the bidIncrement cannot be bid on

Lines of code Vulnerability details M-01 A lot with a lots.sdAmount less than the bidIncrement cannot be bid on Impact Everyone can create a lot by calling Auction.createLot with any arbitrary amount they specify. However, creating a lot with a low sdAmount can result in two potential issues: Whe...

Centralization risk for trusted owners

Lines of code Vulnerability details Description: Contracts have owners that have privileged rights to perform admin tasks. These owners need to be trusted to not perform malicious updates or drain funds. Having a single Externally Owned Account EOA as the sole owner represents a significant...

VaultProxy can be selfdestructed using delegatecall

Lines of code Vulnerability details Impact Attacker can selfdestruct VaultProxy deployment. constructor //initialise the vault proxy with data function initialise bool isValidatorWithdrawalVault, uint8 poolId, uint256 id, address staderConfig external if isInitialized revert AlreadyInitialized;...