Duplicate tokens can be added which might cause DOS

Lines of code Vulnerability details Impact Duplicate tokens can be added which could exceed maxHoldingsCount and thus rejecting all functions in Factory Proof of Concept 1. Observe the store function in NestedRecords.solL111 function store uint256 nftId, address token, uint256 amount, address...

tokenOut is only required on finalize

Lines of code Vulnerability details Impact I thought of a potential rug pull from the owner: when users buy tokenOut, it is not required that the contract has already escrowed enough tokenOut. It is only required when finalizing the sale: require tokenOut.balanceOfaddressthis = totalTokenOutBough...

Bypass Vote Flipping Time Addition

Handle kirk-baird Vulnerability details Impact It is possible to bypass the additional 2hrs added to the length of voting when the vote flips from positive to negative or vice versa. This can be done by breaking the vote into two steps first sending enough fate to make the proposal zero. Then...

Eth sent to Timelock will be locked in current implementation

Handle defsec Vulnerability details Impact Eth sent to Timelock will be locked in current implementation. I came across this problem while playing around with the governance contract. Proof of Concept Setup the governance contracts GovernanceAlpha, Timelock Send eth to timelock contract Setup a...

Use of deprecated Chainlink API

Handle 0x1f8b Vulnerability details Impact Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to be redeployed. Proof of Concept The contracts use Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped...

Users can lose value in emergency state

Handle cmichel Vulnerability details Imagine the following sequence of events: LaunchEvent.createPair is called which sets wavaxReserve = 0, adds liquidity to the pair and receives lpSupply LP tokens. LaunchEvent.allowEmergencyWithdraw is called which enters emergency / paused mode and disallows...

Unbounded loop on array that can only grow can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Incorrect erc20 interface

Handle 0v3rf10w Vulnerability details Impact Incorrect return values for ERC20 functions results in failure when interacting with other contract , as the return value is missing. Proof of Concept ApproveLike contracts/L1/gateway/L1Migrator.sol67-69 has incorrect ERC20 function...

LivepeerToken.burn function could burn tokens of any user

Handle cccz Vulnerability details Impact Same as code-423n4/2021-11-overlay-findings22, the burner could burn any amount of tokens of any user. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Update burn function for only owner can burn his tokens. --- The text was update...

Re-entrancy in _createDeposit allows stealing tokens

Handle cmichel Vulnerability details The Vault.createDeposit function first caches the current total shares and underlying, and then iterates over all claims using a call to createClaim. Only afterwards, does it pull in the required total amount in the deposit. function depositDepositParams...

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

pay() function has callback to msg.sender before important state updates

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Reentrancy at lock can lead to wrong accounting

Handle kenzo Vulnerability details The lock function calls safeMint in the midst of it. This can lead to reentry to updateDistribution, thereby ruining contract invariants. Impact At worst case, loss of user funds: distributableXDEFI will be set to be bigger than it really is, and so when a...

Anyone can liquidate credit line when autoLiquidation is false without supplying borrow tokens

Handle harleythedog Vulnerability details Impact It is intended that if a credit line has autoLiquidation as false, then only the lender can be the liquidator see docs here: . However, this is not correctly implemented, and anyone can liquidate a position that has autoLiquidation set to false. Ev...

cancelPromotion will revert if the promotion is not started yet

Handle certora Vulnerability details cancelPromotion might fail unexpectedly. cancelPromotion calls getRemainingRewards which calls getCurrentEpochId: function getCurrentEpochIdPromotion memory promotion internal view returns uint256 // elapsedTimestamp / epochDurationTimestamp return...

getRewardsAmount doesn't check epochs haven't been claimed

Handle harleythedog Vulnerability details Impact In ITwabRewards.sol, it is claimed that getRewardsAmount should account for epochs that have already been claimed, and not include these epochs in the total amount indeed, there is a line that says @dev Will be 0 if user has already claimed rewards...

check for deposit token and reward token are not same

Handle hack3r-0m Vulnerability details Impact createStream does not check if deposit token and reward token are different addresses. Proof of Concept Not Required Tools Used Manual Review Recommended Mitigation Steps add check requirerewardToken != depositToken --- The text was updated...

Locke.sol:Stream - possible DOS on arbitraryCall

Handle ScopeLift Vulnerability details Impact If there's an airdrop that arbitraryCall would like to call, it could be DOSed by first calling createIncentive with the airdropped token, then backrunning calls to claimIncentive with calls to createIncentive. Proof of Concept Tools Used Recommended...

Missing slippage/min-return check in UniswapHandler

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...

AMM pool can be drained using a flashloan and calling stabilize

Handle stonesandtrees Vulnerability details Impact All of the rewardToken in a given AMM pool can be removed from the AMM pool and distributed as LP rewards. Proof of Concept In the stabilize method in the StabilizerNode the initial check to see if the Malt price needs to be stabilized it uses a...

Passing multiple ETH deposits in orders array will use the same msg.value many times

Handle hyh Vulnerability details Impact Contract holdings can be emptied as malicious user will do deposit/withdraw to extract value. This is possible because after transferInputTokens system uses contract balance for user's operations, assuming that equivalent value was transferred. Proof of...

setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract

Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...

Improper implementation of slippage check

Handle WatchPug Vulnerability details function redeemIERC20 token, uint amount, uint poolId, int128 idx, uint minOut external defend blockLocked whenNotPaused returnsuint out ibbtc.safeTransferFrommsg.sender, addressthis, amount; Pool memory pool = poolspoolId; if poolId = minOut, "Slippage Check...

Early user can break addLiquidity

Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...

Lack Of Return Value Check On the Oracle

Handle defsec Vulnerability details Impact During the code review, It has been seen that oracle return value has not been checked on the function. If oracle is returned price as a 0, balance of shares will be zero. Proof of Concept 1. Navigate to "" 2. The return value pricePerShare function has...

exitTempusAMM can be made to fail

Handle cmichel Vulnerability details There's a griefing attack where an attacker can make any user transaction for TempusController.exitTempusAMM fail. In exitTempusAMM, the user exits their LP position and claims back yield and principal shares. The LP amounts to redeem are determined by the...

Basket becomes unusable if everybody burns their shares

Handle kenzo Vulnerability details While handling the fees, the contract calculates the new ibRatio by dividing by totalSupply. This can be 0 leading to a division by 0. Impact If everybody burns their shares, in the next mint, totalSupply will be 0, handleFees will revert, and so nobody will be...

ConcentratedLiquidityPool: secondsPerLiquidity should be modified whenever pool liquidity changes

Handle hickuphh3 Vulnerability details Impact secondsPerLiquidity is updated as such: secondsPerLiquidity += uint160diff 128 / liquidity; where diff = timestamp - uint256lastObservation. Hence, whenever liquidity changes, secondsPerLiquidity should be updated prior to the change. In particular,...

Unsafe cast in IndexPool mint leads to attack

Handle cmichel Vulnerability details The IndexPool.mint function performs an unsafe cast of ratio to the uint120 type: uint120 ratio = uint120divtoMint, totalSupply; Note that toMint is chosen by the caller and when choosing toMint = 2120 totalSupply / BASE, the ratio variable will be 2120 and th...

YAxisVotePower.balanceOf can be manipulated

Handle cmichel Vulnerability details The YAxisVotePower.balanceOf contract uses the Uniswap pool reserves to compute a lpStakingYax reward: uint256 yaxReserves,, = yaxisEthUniswapV2Pair.getReserves; int256 lpStakingYax = yaxReserves .mulstakeAmount .divsupply .addrewardsYaxisEth.earnedvoter; The...

PostAuctionLauncher's liquidity provision can be exploited

Handle cmichel Vulnerability details The PostAuctionLauncher.finalize function takes the raised payment token amounts and uses previously provided auction token amounts to provide liquidity to a Sushiswap pool after an auction has successfully been finalized. It provides this liquidity at a...

Rewards accumaulated can stay constant and oftern not increment

Handle moose-code Vulnerability details Impact rewardsPerToken.accumulated can stay constant while rewardsPerToken.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken.accumulated could stay...

Use safeTransfer instead of transfer

Handle shw Vulnerability details Impact Tokens not compliant with the ERC20 specification could return false from the transfer function call to indicate the transfer fails, while the calling contract would not notice the failure if the return value is not checked. Checking the return value is a...

initializeMarket uses wrong market index for synthetic

Handle cmichel Vulnerability details The LongShort.initializeMarket function accepts a marketIndex parameter to identify which market should be initialized. However, this index is not used everywhere, when calling IStakerstaker.addNewStakingFund the latestMarket variable is used. In the...

Single-step process for critical admin transfer is risky

Handle 0xRajeev Vulnerability details Impact LongShort and Staker contracts have the notion of an “admin” address that is used within onlyAdmin or adminOnly modifiers for granting authorization to critical functions. Such contracts use a single-step ownership transfer of such admin addresses usin...

Free stake by replacing input token address

Handle jonah1005 Vulnerability details Impact In PoolOpen contract, pools' authentication is done through baseData. However, it handles token transfer based on the given parameter token. By appending a real token address at the end of the transaction and a fake address in the function parameter,...

WETH not verified to be one of the pair tokens

Handle gpersoon Vulnerability details Impact The ETH functions of LendingPair don't check that WETH is one of the 2 pairs of the contract and introduces a third token. The third token ETH/WETH falls outside the other checks that the contract is doing. You could accidentally pay ETH/WETH to the...

Missing events for critical parameter changing operations by owner

Handle 0xRajeev Vulnerability details Impact The owner of TracerPerpetualSwaps contract, who is potentially untrusted as per specification, can change the market critical parameters such as the addresses of the Liquidation/Pricing/Insurance/GasOracle/FeeReceiver and also critical values such as...

Insurance ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The Insurance.deposit and Insurace.withdraw functions dp not check the return value: // deposit...

Unbounded loop in _removeNft could lead to a griefing/DOS attack

Handle shw Vulnerability details Impact Griefing/DOS attack is possible when a malicious NFT contract sends many NFTs to the vault, which could cause excessive gas consumed and even transactions reverted when other users are trying to unlock or transfer NFTs. Proof of Concept 1. The function...

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Handle 0xRajeev Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause...

mintRequests can remain 0 when the token is erc721

Handle paulius.eth Vulnerability details Impact Contract NFTXMintRequestEligibility function requestMint sets mintRequests to the amount that was minted, however, it does not check that amounti 0, so it is possible that when the token is not erc1155, the amount has a value of 0 but the token is...

function flashLoan is vulnerable to overflow/underflow and maxFlashLoan is not used

Handle paulius.eth Vulnerability details Impact function flashLoan is vulnerable to overflow/underflow when the fee is not 0. Although currently the fee is set to 0, there is a comment: "By default there is no fee, but this can be changed by overriding flashFee" As these contracts are upgradeable...

Unrestricted addLiquidity could cause unintended results on front-end apps that listen to events.

Handle shw Vulnerability details Impact The addLiquidity function in Pool.sol lacks an access control, which allows an attacker to add liquidity for any specific user. Front-end apps that listen to AddLiquidity events may be affected by this vulnerability and may go wrong since it is not the user...

update_market() market weight incorrect

Lines of code Vulnerability details Vulnerability details in updatemarket We need to get the weight percentage of the corresponding market epoch through gaugeController Then allocate cantoPerBlockepoch according to the percentage The main logic code is as follows: function updatemarketaddress...

Mint function can exceeds a predefined limitin when flationRemainder function exist overflow at OLAS.sol contract

Lines of code Vulnerability details Impact mint function can exceeds a predefined limit when inflationRemainder function exist overflow at OLAS.sol contract Proof of Concept 1.First call Burn function,Burn function call burn can cause overflow, we can get a big totalSupply. 2.Second call mint. At...

Leap year not accounted for OLAS and veOLAS contract

Lines of code Vulnerability details Impact OLAS and veOLAS contract does not account for years with 366 days in it's state variables uint256 public constant oneYear = 1 days 365; and uint256 internal constant MAXTIME = 4 365 86400; The problem with this is that, in OLAS.sol, minter can exceed...

LP rewards in liquidity_lockbox can be arbitraged

Lines of code Vulnerability details Impact The liquiditylockbox contract is designed to handle liquidity positions in a specific Orca LP pool. Users can deposit their LP NFTs into the contract, receiving in exchange tokens according to their position size. These tokens are minted with the goal of...

Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals

Lines of code Vulnerability details Impact The potential issue identified in the Treasury.rebalanceTreasuryinvolves the risk of failing to transfer treasury rewards from ETHFromServices to ETHOwned due to insufficient funds in ETHFromServices. This situation can arise when the withdrawToAccount...

Service owners can accrue OLAS top-ups even when donating to their own services

Lines of code Vulnerability details Impact The basis of this exploit is the ability for a topUpEligible service owner — any registrant of a service who also stakes enough OLAS in the voting escrow contract — to accrue OLAS top-ups even when they donate to services that they own themselves. As lon...