10190 matches found
Possible Wrong bAsset Rewards/Borrow limits Calculation
Lines of code Vulnerability details Impact During the code review, It has been observed that reward calculation has been done with executeepochoperations function. However, the config are stored in the storage. When the ancpurchasefactor is updated by the owner, the executeepochoperations is not...
No ERC20 safe* versions called on mainnet deposit
Lines of code Vulnerability details Impact Some mainnet tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Non-safe...
ERC20 decimals can be different than 18
Lines of code Vulnerability details Impact setDefaultFeePercentage, setCustomFeePercentageForCollateral, setCustomFeePercentageForSafe functions assume that the underlying ERC20 token has 18 decimal digits. Whilst this is true most of the time, an ERC20 token can have a different decimals value...
settleFunding will exceed block gas with more markets and activity
Lines of code Vulnerability details Impact As the number of supported markets grow, settleFunding will reach a point were it exceeds the block gas limit on Avalanche C-Chain. This will prevent users from calling the function and cause a wide spread Denial of Service. Looking at transactions for t...
latestRoundData data may be stale
Handle sirhashalot Vulnerability details Impact The Chainlink latestRoundData function is used in Cvx3CrvOracle.sol, but it is used without checking whether the data returns from the oracle is stale or not. Chainlink warns about this issue and describes how to check for it: Proof of Concept From...
Eth sent to Timelock will be locked in current implementation
Handle defsec Vulnerability details Impact Eth sent to Timelock will be locked in current implementation. I came across this problem while playing around with the governance contract. Proof of Concept Setup the governance contracts GovernanceAlpha, Timelock Send eth to timelock contract Setup a...
Use of deprecated Chainlink API
Handle 0x1f8b Vulnerability details Impact Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to be redeployed. Proof of Concept The contracts use Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped...
Unbounded loop on array that can only grow can lead to DoS
Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...
Unchecked returns in multiple place
Handle 0v3rf10w Vulnerability details Impact Multiple checks needed Proof of Concept L1LPTGateway.outboundTransferaddress,address,uint256,uint256,uint256,bytes contracts/L1/gateway/L1LPTGateway.sol80-123 ignores return value by TokenLikel1Token.transferFromfrom,l1LPTEscrow,amount...
TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value
Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...
Reentrancy allows attacker to lock the funds deposited in the contract
Handle tqts Vulnerability details Impact It is possible for attackers to exploit a reentrancy issue in lockuint256,uint256,address that would allow them to lock all funds deposited prior to the attack. Proof of Concept The problem lies in the lockuint256,uint256,address function, that transfers t...
Anyone can steal XDEFI from the XDEFIDistribution contract and make the contract insolvent
Handle onewayfunction Vulnerability details Impact Anyone can steal XDEFI from the XDEFIDistribution contract, thereby making the contract insolvent. In the process, they also make the updateDistribution function uncallable -- and thus make the value of pointsPerUnit unchangeable. This comes with...
Drain the award pool by feeding outrange epoch into function claimRewards
Handle 0xabc Vulnerability details Impact in function claimRewards, there is no checking on value in epochIds. Exploiter can claim more than the promotion award by calling the function with outrange epochs. Proof of Concept Consider a promotion with promitionid X and numberOfEpochs =Y. Exploiter...
Allowing more than 256 epochs leads to loss of funds
Handle cmichel Vulnerability details The TwabRewards contract has an implicit restriction of 256 epochs per promotion as it uses a bitmask in a uint256 to mark claimed epochs 0-255, see isClaimedEpoch. "/// @dev We pack epochs claimed by a user into a uint256. So we can't store more than 255...
Basket.sol#publishNewIndex() Lack of input validation may cause fund loss to anyone who bonds an auction
Handle WatchPug Vulnerability details According to the newRatio formula in settleAuction, the maximum value of newRatio is factory.auctionMultiplier basket.ibRatio. However, since there is no validation for the value of minIbRatio when setting it, if the publisher publishes a newIndex with...
Basket.sol#auctionBurn calculates ibRatio wrong
Handle 0x0x0x Vulnerability details The function is implemented as follows: function auctionBurnuint256 amount onlyAuction nonReentrant external override uint256 startSupply = totalSupply; handleFeesstartSupply; burnmsg.sender, amount; uint256 newIbRatio = ibRatio startSupply / startSupply -...
UniswapV3's path issue for swapExactOutput
Handle cmichel Vulnerability details UniswapV3 expects a path object like tokenA, feeAB, tokenB, feeBC, tokenC. The UniV3Trader.swapExactOutput code tries to reverse this path to get to tokenC, feeBC, tokenB, feeAB, tokenA but that's not what the reverseBytes function does. Note that it reverts t...
ArbitraryCall() allows attackers to steal ERC20 tokens from users wallets
Handle Jujic Vulnerability details A call to an arbitrary contract with custom calldata is made in arbitraryCalladdress who, bytes memory data, which means the contract can be an ERC20 token, and the calldata can be transferFrom a previously approved user. Impact The wallet balances for the amoun...
Malt Protocol Uses Stale Results From MaltDataLab Which Can Be Abused By Users
Handle leastwood Vulnerability details Impact MaltDataLab integrates several MovingAverage contracts to fetch sensitive data for the Malt protocol. Primary data used by the protocol consists of the real value for LP tokens, the average price for Malt and average reserve ratios. trackMaltPrice,...
Dutch auction can be manipulated
Handle gzeon Vulnerability details Impact When malt is under-peg and the swing trader module do not have enough capital to buy back to peg, a Dutch auction is triggered to sell arb token. The price of the Dutch auction decrease linearly toward endprice until endAuction is called. endAuction is...
_addTostakepadding() will return 0 for users who already had a stakepadding but would like to add on top of their previous stake with 'newStakePadding' on line 186-190(AbstractRewardMine.sol)
Handle 0xwags Vulnerability details Impact The handleStakePadding function handles the calculations for users without a prior stake padding and the ones who already had a stakepadding but want to add to their existing stakepadding. The condition within 'newStakePadding' will return false for user...
Fees can be more than 100%
Handle cmichel Vulnerability details The Overlayv1Mothership.adjustGlobalParams function allows setting a fee and feeBurn that is greater than 100%. Recommended Mitigation Steps Validate that fee and feeBurn is less than ONE = 1e18. --- The text was updated successfully, but these errors were...
FeeSplitter: Unbounded number of shareholders can cause DOS
Handle GreyArt Vulnerability details Impact There is no limit to the number of shareholders. It is therefore possible to set a large number of shareholders such that sendFees will run out of gas when adding shares to each shareholder. This will cause denial of service to all NestedFactory...
Unclear TwapOracle.consult algorithm
Handle cmichel Vulnerability details The TWAPOracle.consult function is unclear to the auditor. It seems to iterate through all registered pairs that share the token parameter USDV or VADER and then sums up the foreign token pair per token price. And divides this sum sumNative by the summed-up US...
VaderPoolV2.mintFungible exposes users to unlimited slippage
Handle TomFrench Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any ratio and the pool will calculat...
LinearVesting does not calculate vested amount linearly
Handle xYrYuYx Vulnerability details Impact These calculations are incorrect for linear vesting. Proof of Concept i.e. if start amount is 10000, and duration is 100 seconds. After 50 seconds, user can claim 5000 which is 50% After another 10 seconds, user need to claim 1000 which is 10%, but...
Unsafe token transfer
Handle WatchPug Vulnerability details Calling ERC20.transfer without handling the returned value is unsafe. function processWithdrawal uint era, uint day, address member private returns uint value uint memberUnits = mapEraDayMemberUnitseradaymember; // Get Member Units if memberUnits == 0 value =...
Regular Trades Can Drain Executioner.sol Balance
Handle zer0dot Vulnerability details Impact This vulnerability allows any trade to effectively drain the balance, as long as it is not the chain's native asset which is not used directly in the modules , from the Executioner.sol contract. This is technically not critical because funds are not...
transferFrom amount may exceed allowance
Handle WatchPug Vulnerability details function transferFromaddress sender, address recipient, uint256 amount public virtual override returns bool /// @dev the balances mapping represents the underlying ibBTC shares "non-rebased balances" /// @dev the naming confusion is due to maintaining origina...
ReferralFeePoolV0.sol#claimRewardAsMochi() Array out of bound exception
Handle WatchPug Vulnerability details function claimRewardAsMochi external IUSDM usdm = engine.usdm; address memory path = new address; path0 = addressusdm; path1 = uniswapRouter.WETH; path2 = addressengine.mochi; usdm.approveaddressuniswapRouter, rewardmsg.sender; // we are going to ingore the...
Unchecked ERC20 transfer calls
Handle loop Vulnerability details ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In DutchAuctionLiquidator the call asset.transfermsg.sender, collateral; is made. asset refers to whichever ERC20 asset is used for the vault of that auction. If asset is an ERC20...
transfer() is not recommended for sending ETH
Handle WatchPug Vulnerability details Since the introduction of transfer, it has typically been recommended by the security community because it helps guard against reentrancy attacks. This guidance made sense under the assumption that gas costs wouldn’t change. It's now recommended that transfer...
exitTempusAMM can be made to fail
Handle cmichel Vulnerability details There's a griefing attack where an attacker can make any user transaction for TempusController.exitTempusAMM fail. In exitTempusAMM, the user exits their LP position and claims back yield and principal shares. The LP amounts to redeem are determined by the...
Basket becomes unusable if everybody burns their shares
Handle kenzo Vulnerability details While handling the fees, the contract calculates the new ibRatio by dividing by totalSupply. This can be 0 leading to a division by 0. Impact If everybody burns their shares, in the next mint, totalSupply will be 0, handleFees will revert, and so nobody will be...
fee-on-transfer underlying can cause problems
Handle 0xsanson Vulnerability details Impact The current implementation doesn't work with fee-on-transfer underlying tokens. Considering that Compound can have these kind of tokens ex. USDT can activate fees, this issue can affect the protocol. The problem arise when transferring tokens, basicall...
ConcentratedLiquidityPoolManager.sol#claimReward() and reclaimIncentive() will fail when incentive.token is token0 or token1
Handle WatchPug Vulnerability details In ConcentratedLiquidityPosition.collect, balances of token0 and token1 in bento will be used to pay the fees. uint256 balance0 = bento.balanceOftoken0, addressthis; uint256 balance1 = bento.balanceOftoken1, addressthis; if balance0 newBalance0 token0amount =...
YAxisVotePower.balanceOf can be manipulated
Handle cmichel Vulnerability details The YAxisVotePower.balanceOf contract uses the Uniswap pool reserves to compute a lpStakingYax reward: uint256 yaxReserves,, = yaxisEthUniswapV2Pair.getReserves; int256 lpStakingYax = yaxReserves .mulstakeAmount .divsupply .addrewardsYaxisEth.earnedvoter; The...
Vault.withdraw can be unfair
Handle 0xsanson Vulnerability details Impact In the Vault.withdraw function an user burns shares quantity of VaultTokens to get amount of outputTokens back from the vault. If the vault doesn't have enough tokens, even after withdrawing from the controller, they receive less tokens than they shoul...
No safety check in addToken
Handle jonah1005 Vulnerability details Impact There's no safety check in Manager.sol addToken. There are two possible cases that might happen. 1. One token being added twice in a Vault. Token would be counted doubly in the vault. Ref: Vault.solL293-L303. There would be two item in the array when...
Attackers can force liquidations by borrowing large amounts of an asset.
Handle tensors Vulnerability details Impact Consider an attacker who borrows enough to greatly increase the oracle rate. It is claimed that arbitrageurs will come in a fix this discrepancy before the attacker has a chance to profit off of his price manipulation: "Over the next 1 hour, the effect ...
Parameter updates not propagated
Handle gpersoon Vulnerability details Impact There are several functions to update parameters. However these parameters are only updated on the top level and not propagated to the other contracts. This could lead to various unpredictable results. Examples are: setNftHubAddress of RCFactory...
No slippage protection in Strategy
Handle cmichel Vulnerability details The startPool and endPool functions of Strategy.sol mint/burn tokens in the pool without any minimum return amount checks: // startPool pool.mintaddressthis, true, 0 // endPool ,, uint256 fyTokenDivested = pool.burnaddressthis, 0, 0; If one of the pool tokens ...
Unchecked return value from transfer()
Handle JMukesh Vulnerability details Impact It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure. Proof of Concept Tools Used manual review Recommended Mitigation Steps che...
Single-step process for critical admin transfer is risky
Handle 0xRajeev Vulnerability details Impact LongShort and Staker contracts have the notion of an “admin” address that is used within onlyAdmin or adminOnly modifiers for granting authorization to critical functions. Such contracts use a single-step ownership transfer of such admin addresses usin...
Use of deprecated Chainlink function latestAnswer
Handle shw Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price fed to the Buoy3Pool. Proof of Concept Referenced code: Buoy3Pool.solL207...
IdleYieldSource doesn't use mantissa calculations
Handle tensors Vulnerability details Impact Because mantissa calculations are not used in this case to account for decimals, the arithmetic can zero out the number of shares or tokens that should be given. For example, say I deposit 1 token, expecting 1 share in return. On L95, if the...
YieldMath.sol / Log2: >= or > ?
Handle gpersoon Vulnerability details Impact The V1 version of YieldMath.sol contains "=" larger or equal, while the V2 version of YieldMath.sol containt "" larger in the log2 function. This change doesn't seem logical and might lead to miss calculations. The difference is present in a number of...
Potential manipulation of moneyMarket.incomeIndex
Handle cmichel Vulnerability details Vulnerability Details The DInsterest contract relies on moneyMarket.incomeIndex to return the accurate index. For some implementations, like in yearn, this is the price per share token vault.pricePerShare. There might be cases where this price per share can be...
Missing overflow check in flashLoan
Handle @cmichelio Vulnerability details Vulnerability Details ERC20FlashMintUpgradeable.flashLoan does not check for an overflow when adding the fees to the flashloan amount. The functionality might have been copied from but this one already has overflow checks as it uses solidity 0.8.0. Impact...
Unrestricted addLiquidity could cause unintended results on front-end apps that listen to events.
Handle shw Vulnerability details Impact The addLiquidity function in Pool.sol lacks an access control, which allows an attacker to add liquidity for any specific user. Front-end apps that listen to AddLiquidity events may be affected by this vulnerability and may go wrong since it is not the user...