Upgraded Q -> 2 from #482 [1705001199242]

Judge has assessed an item in Issue 482 as 2 risk. The relevant finding follows: L-02: AuctionHouse’s owner should not be allowed to change parameters when auction is active --- The text was updated successfully, but these errors were encountered: All reactions...

tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry

Lines of code Vulnerability details Impact tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry. Proof of Concept There is edge cases around the locking and unlocking periods that are not fully considered in the contract. Specifically,...

Service Owner loses all of his/her topUp earnings when inflationControl returns false

Lines of code Vulnerability details Impact The service Owner loses all of his topUp savings in Olas when the inflation limit is hit Proof of Concept Assume, there has been donations to the service Id and it has collected some donations and has it stored in mapUnitIncentivesunitTypesiunitIdsi.rewa...

Liquidations can be prevented by frontrunning and liquidating 1 debt (or more) due to wrong assumption in POS_MANAGER

Lines of code Vulnerability details Impact Users can avoid being liquidated if they frontrun liquidation calls with a liquidate call with 1 wei. Or, they may do a partial liquidation and avoid being liquidated before the interest reaches the value of the debt pre liquidation. The total interest...

position can be opened without premium

Lines of code Vulnerability details Description Premium in ParticlePositionManager is used to cover trading fees accrued for the liquidity borrowed. When liquidating, a portion of the premium is also used for the liquidation reward. The issue is that a borrower can open a position without any...

Add premium doesn't collect fees

Lines of code Vulnerability details Summary Fees are applied to premiums when a new position is opened, but the same mechanism is not enforced when margin is added to an existing position. Impact When a new position is created in the LAMM protocol, fees are collected in favor of the LP owner that...

Exclusion of New Users Due to Token Max Supply

Lines of code Vulnerability details Summary New users are unable to participate in the protocol once the governance token's maximum supply is reached. Vulnerability Details To engage in the voting system, users need to acquire tokens directly from the protocol, a process managed by...

liquidator will always take what is left of borrowers premium

Lines of code Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When liquidating a position the liquidator essentially closes the position on behalf of the borrower for a liquidation...

Reverting when the heap is full

Lines of code Vulnerability details Reverting when the heap is full: a You mentioned in the comments that the function will revert if the heap is full. b However, the code as it stands doesn't have any logic to check if the heap is indeed full. c Depending on the context, you might want to add a...

Incorrect fee calculation may lead to borrower overpaying

Lines of code Vulnerability details Summary Fees are incorrectly snapshotted when a new lien is created, potentially leading to a fee overpay. Impact The Particle LAMM protocol tracks fees using the same internal tracking built in Uniswap V3. Positions in Uniswap V3 contain a couple of variables...

Use SafeMath for overflow protection

Lines of code Vulnerability details Unchecked math could potentially trigger overflows. Recommendation: Utilize SafeMath library for overflow safe operations. using SafeMath for uint256; function mintaddress account, uint256 amount public onlyOwner // Overflow protected totalSupply =...

Input Validation for 'createBid' Function

Lines of code Vulnerability details Potential Risk: The 'createBid' function in the contract is responsible for allowing users to place bids on a Verb auction by sending Ether. While the function includes several checks, it lacks explicit input validation for certain parameters, which could lead ...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Proxy's logic contract relies on code in the constructor

Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...

Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function

Lines of code Vulnerability details Impact The contract contains a bug in the determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type...

Withdraws will be bricked if the curve pool gets killed

Lines of code Vulnerability details Impact Liquidity will be locked forever since there is no interface to remove it. Proof of Concept Curve pools have a killed parameter that allows an admin to kill the pool, suspend all deposits, swaps, and single token withdrawals, and then only allow for taki...

Upgraded Q -> 2 from #677 [1702060237936]

Judge has assessed an item in Issue 677 as 2 risk. The relevant finding follows: L-04 Deposited amounts in the EigenLayer strategy should be checked before updating the strategy for the asset Users deposit in this protocol and the protocol deposits these funds to EigenLayer strategy contracts...

Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function

Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...

Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address

Lines of code Vulnerability details Impact The mint function in NextGenCore.sol doesn't follow the checks-effects-interactions pattern and can be reentered through the onERC721Received function, if the receiver is a contract. The state variables written after the call are...

Slippage Handling

Lines of code Vulnerability details Impact The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool. Proof ...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details Impact mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

Missing gas fee limit

Lines of code Vulnerability details The use of .callvalue: balance"" does not limit the gas sent along with the Ether, potentially allowing all gas in the transaction to be used by the receiver. // Set a specific gas limit for the call if applicable uint256 gasLimit = someGasLimit; // Define...

All contributions can get locked in the Crowdfund contract, with no means to refund users or finalize.

Lines of code Vulnerability details Impact ETHCrowdfundBasefinalize assumes that all contributions are intact, but there is an emergencyExecute function that is capable of spending part of crowdfund eth. If as little as one wei gets spent, Users cannot get refunded, and the Crowdfund will not get...

Users pay higher fee than intended

Lines of code Vulnerability details Impact Protocol mints incorrect depositAmount and depositShare to protocol. Such that reserveFee is higher than defined. Suppose following scenario: 1. Tranche 2 has 20% APR, has 5000 borrowed 2. Tranche 1 has 10% APR, has 10000 borrowed 3. ReserveFee is 10% 4...

Upgraded Q -> 2 from #165 [1699030231989]

Judge has assessed an item in Issue 165 as 2 risk. The relevant finding follows: Clear safeCan in transferSAFEOwnership Links to affected code Impact Old approval remains even if user gets SAFE again. Proof of Concept There is no removal safeCan at transferSAFEOwnership . When the user gets SAFE...

Sanction Bypass Through Transferring to another account

Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. WildcatMarketTokens are provided to lenders in return for their base assets, these tokens are ERC20 meaning tokens can be...

DoS Any Market by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any market contract can be DoSed by sending a 1 wei transaction to the market address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in market creation...

Deterministic proxy contract address with a hard-coded salt enables token theft.

Lines of code Vulnerability details Impact The retrieveProxyContractAddress function calculates the address of the proxy contract deterministically based only on the delegate address. An attacker could pre-compute proxy contract addresses for target delegates and steal tokens by transferring to...

Lack of array length validation in delegateMulti() can lead to errors.

Lines of code Vulnerability details Impact There is no validation that the sources, targets, and amounts arrays passed to delegateMulti are the same length. This could cause issues with iterating through the arrays. Proof of Concept In the delegateMulti function. function delegateMulti uint256...

Slippage attack on claiming rewards

Lines of code Vulnerability details Impact Exploiter can abuse slippage to claim more weekly reward. The amount of slippage damage is unclear due to lack of deployment context and testing. Worst case scenario is the exploiter own 100% deposit of single pool allowing extreme slippage to steal enti...

Airdropped Gas will remain in the Agent in case of failure

Lines of code Vulnerability details Impact The protocol uses LayerZeros Airdrop mechanism to send gas to BridgeAgents which they need to pay for subsequential cross-chain-messages. If the transaction on the receiver fails, this airdropped gas will remain in the BridgeAgent and can be used up by t...

Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

Attacker can mint afEth with cheaper price

Lines of code Vulnerability details Impact Attacker can mint afEth with cheaper price and then withdraw. Proof of Concept When user would like to buy some amount of afEth tokens, then price is calculated. This price will be used to calculate amount of tokens to mint. function price public view...

Last stakers may not receive funds back

Lines of code Vulnerability details Impact Last stakers may not receive funds back. Proof of Concept When user wants to withdraw, then he needs to initiate requestWithdraw. As some part of funds are locked as cvx token inside vlcvx that means that they should be withdrawn. When you lock cvx then...

No gas payment is done before calling the callContract in the Router.sol

Lines of code Vulnerability details Impact In the Axelar documentation it is specified that before calling callContract or callContractWithToken the user needs to first prepay the relayers gas fee on the source chain, but since the functions are not payable, nor does call...

Vulnerability: An Attacker can steal Tranche Tokens and Drain the Pool / Contract: InvestmentManager.

Lines of code Vulnerability details Impact An Attacker can mint Tranche Tokens for free and use them to Drain the Pool and steal the user's money. Proof of Concept Let's imagine that some users deposit money in the pool and mint tranches but they didn't redeem/withdraw their tokens, one of the...

Allowing price updates once in an epoch is extremely risky and open windows to a lot of issues

Lines of code Vulnerability details Impact Protocol currently knows about how this could be an effect, since the comments to both previewDeposit and convertToShares suggest that any difference attached to this should be considered slippage, but measures are not taken to ensure that this slippage ...

Compound charges are sent to GeVault, making them potentially vulnerable to theft

Lines of code Vulnerability details Impact In the previous version, the compound fee would be saved in the TokenisableRange before being deposited into LP, and would be deposited into LP after reaching 1%. After reconstruction, the fees are sent directly to GeVault for distribution through getTVL...

No removal mechanism from blocklist, allowlist and sanctionsList

Lines of code Vulnerability details Impact rUSDY.sol has setBlocklist sets the blocklist address, setAllowlist sets the allowlist address, and setSanctionsList sets the sanctions list address functions: However, the mechanism for removing addresses from arrays is not implemented anywhere. Even in...

Front-running attack can occur between when the unbonding lock is created and when the delegator's bonded amount is decreased.

Lines of code Vulnerability details Impact This would allow the delegator to temporarily have more bonded tokens than they should. They could take advantage of this by voting in governance with the increased voting power or withdrawing increased fees Proof of Concept 1. When unbond is called, an...

Attacker can DOS the ability of the protocol to exercise their options

Lines of code Vulnerability details Impact When an option is ITM, the admin can call the settle function of the RdpxV2Core contract, which will call the settle function of the PerpetualAtlanticVault contract. This function checks that the WETH balance of the PerpetualAtlanticVaultLP contract is...

Slashed transcoder can gain more voting power than it should if all of his bondedAmount would be slashed

Lines of code Vulnerability details Impact Slashed transcoders can still become active transcorders by bonding an amount again to increase the total stake, which can inflate the actual delegatedAmount, giving those transcorders more power voting power than it should. Proof of Concept Every time...

Existing checks with INT_MAX are insufficient such that the contract becomes dysfunctional after initial deployment of some large balance(s)

Lines of code Vulnerability details Impact EvolvingProteus.sol contains a variety of functions which detail the price in tokens to be paid in swaps, withdraws, and deposits. In external functions such as depositGivenInputAmount, as well as internal functions such as checkBalances, there exists a...

Claiming prizes will be bricked if prize periods are not aligned with twab periods

Lines of code Vulnerability details Comments The previous implementation allowed a malicious user to keep updating their balances provided the previous observation fell within the same period. As such, if a draw ends part way through a period, the user would be able to manipulate their average...

TwabController::_periodEndOnOrAfter() function returns the period start instead of the period end

Lines of code Vulnerability details Original Issue M-03 - TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Details The original finding is about the lack of a mechanism to validate if the startTime and endTime are safely bounded, otherwise, if...

replaceMember and rotateMember redundancy

Lines of code Vulnerability details Impact The replaceMember and rotateMember functions have identical functionality which may lead to redundancy and confusion. Proof of Concept Both the replaceMember and rotateMember functions essentially perform the same action: replacing a current member...