Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...

Vulnerability in rescueTokens and _beforeTokenTransfer Functions Allows Unrestricted Transfer to Contracts

Lines of code Vulnerability details Impact The rescueTokens function in the provided Solidity contract allows the contract owner to transfer ERC20 tokens to any address, and the beforeTokenTransfer hook allows transfers involving addresses with the FULLRESTRICTEDSTAKERROLE. However, both function...

Missing validation checks on sending non blocking LZ payload

Lines of code Vulnerability details Impact In OFTCoreV2 provided as example by LayerZero function sendaddress from, uint16 dstChainId, bytes32 toAddress, uint amount, address payable refundAddress, address zroPaymentAddress, bytes memory adapterParams internal virtual returns uint amount...

Mitigation of M-09: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-09: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings673 Even though the contest repository revision 431a4b751fb7e184b847a41509b97e4d67971d2f doesn't mention a changeset for M-09, I assume the...

First xERC4626 deposit can break the share calculation.

Lines of code Vulnerability details Impact New xERC4626 vault share price can be manipulated right after creation. Which give early depositor greater share portion of the vault during the first cycle. While deposit token also affected by rounding precision due to the exploit showed in the POC tha...

Cross-Chain Signature Replay Attack

Lines of code Vulnerability details Impact 1. User operations can be replayed on smart accounts accross different chains. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead to. 2. Mistakes made on one chain can be re-applied to a new...

The rUSDY.transferFrom function can cause reentrancy if is a contract been approved

Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...

Lack of minAmount when adding liquidity into Uniswap V2 can lead to the LP getting MEVd

Lines of code Vulnerability details Impact The amount being LPd into Uniswap can get stolen trough MEV. Proof of Concept The reLP contract re-LPs a certain amount of the tokens, that enter after a bond gets bought. The issue arises due to there not being proper minimum liquidity amounts passed wh...

Unsafe system contract verification

Lines of code Vulnerability details Impact On the following function: function isSystemContractaddress address internal pure returns bool return uint160address = uint160MAXSYSTEMCONTRACTADDRESS; it does check whether an address is a system contract by checking whether it is smaller than...

Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2

Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...

Aliasing L1 sender on L2

Lines of code Vulnerability details Impact If a contract on L1 has the same address as a contract on L2 but doesn't have the same code, we will have a critical issue, as funds will be lost. Proof of Concept Both Optimism and Arbitrum implements applyL1ToL2Alias / undoL1ToL2Alias logic to prevent ...

Withdraw all with amount: type(uint256).max in native token (ETH) will always revert

Lines of code Vulnerability details if amount == typeuint256.max uint256 decimal = IERC20Detailedasset.decimals; amount = amountToWithdraw.multhis.pricePerShare.div10decimal; Per the comment: The asset address for collateral asset = 0x0000000000000000000000000000000000000000 means to use ETH as...

Max deposit limit on assets per deposit on strategy on EigenLayer

Lines of code Vulnerability details Impact Each strategy on EigenLayer has a maxPerDeposit it validates all individual deposits into the concerned strategy against. This is inclusive of the maxTotalDeposits against a strategy. These two upper limits are validated against deposits to the strategy,...

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...

Unsafe Initializations Of Bridge Contracts

Lines of code Vulnerability details Vulnerability Details During the zkSync initialization process, several complicated tasks would be required to execute. Incorrect configurations in some tasks could lead to unexpected vulnerabilities. One task of the zkSync initialization process is deploying a...

Using safeTransferFrom for ERC721 is safer than transferFrom

Lines of code Vulnerability details Impact ERC721 token would be lost in transfer Proof of Concept isERC1155 ? ERC1155nft.safeTransferFrommsg.sender, addressthis, id, 1, "" : ERC721nft.transferFrommsg.sender, addressthis, id; If the receiver of NFT transferred calling gobble function inside...

Upgradeable contract is missing a __gap[50] storage variable to allow for new storage variables in later versions

Lines of code Vulnerability details Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions Impact For upgradeable contracts, there must be storage gap to "allow developers to freely add new state variables in the future without compromising t...

Voting Escrow System could be wrapped and made useless without contract whitelisting

Lines of code Vulnerability details Impact Anyone could create a contract or a contract factory, say “Velo Locker" with a fonction to deposit VELO tokens through a contract, lock them and delegate the voting power to the contract owner. Then, the ownership of this contract could be sold, or the...

Malicious Module can change the policy commit of a Gnosis Safe console Account

Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...

Many create methods are suspicious of the reorg attack

Lines of code Vulnerability details Proof of Concept There are many instance of this, but to understand things better, taking the example of createTalosV3Strategy method. The createTalosV3Strategy function deploys a new TalosStrategyStaked contract using the create, where the address derivation...

xERC4626 is vulnerable to exchange rate MEV:

Lines of code LOC: Vulnerability details Description When protocols hand out rewards to staked tokens, they must be careful to do so without leaving a large MEV opportunity, otherwise a bot could sandwich the increase of token value by minting shares and immediately redeeming them for a larger...

Merkle Tree criteria can be resolved by wrong tokenIDs

Lines of code Vulnerability details Impact The protocol allows specifying several tokenIds to accept for a single offer. A merkle tree is created out of these tokenIds and the root is stored as the identifierOrCriteria for the item. The fulfiller then submits the actual tokenId and a proof that...

The randomIndex() can be determined

Handle s1m0 Vulnerability details Impact The function randomIndex is used to choose which id to mint theoretically randomly. The index can be computed with a smartContract by giving him through arguments the internal/private variables numTokens and nonce gotten with getStorageAt. Note there is al...

update_market() nextEpoch calculation incorrect

Lines of code Vulnerability details Vulnerability details A very important logic of updatemarket is to update accCantoPerShare. When updating, if it crosses the epoch boundary, it needs to use the corresponding epoch's cantoPerBlockepoch. For example: cantoPerBlock100000 = 100 cantoPerBlock200000...

Mismatch of decimals for some underlying tokens across chains could cause a huge loss of funds

Lines of code Vulnerability details Impact The issue is, some ERC20 underlying tokens could have different decimals on other chains. For example, USDC in BNB chain has 18 decimals where it has 6 decimals in other chains such as Ethereum, Polygon ...etc. The root chain doesn't account for decimals...

Usage of slot0 is extremely easy to manipulate

Lines of code Vulnerability details Impact Pool LP value can be manipulated and cause other users to receive less lp tokens. Proof of Concept TokenisableRange.sol uses slot0 to calculate several values in the code. slot0 is the most recent data point and is therefore extremely easy to manipulate...

Forcing ERC20Upgradeable when calling transfer() reverts when used with some ERC20 tokens

Lines of code Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions do not return booleans as the specification requires, and instead have no retur...

secRewardsPerShare Insufficient precision

Lines of code Vulnerability details Vulnerability details we also introduced the field secRewardDebt. The idea of this field is to enable any lending platforms that are integrated with Neofinance Coordinator to send their own rewards based on this value or rather the difference of this value sinc...

Loss of precission when calculating the accumulated CANTO per share

Lines of code Vulnerability details Impact When calculating the amount of CANTO per share in updatemarket, dividing by 1e18 in cantoReward and multiplying by the same value in accCantoPerShare rounds down the final value, making the amount of rewards users will receive be less than expected. Proo...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the specification...

Funds are lost when Curve pool is killed (paused)

Lines of code Vulnerability details Vulnerability Details If self.iskilled in the curve pool contract becomes true, users will be unable to close their position because removeliquidityonecoinwill revert. Users will be unable to exit their position. if outputToken == zToken uint256 wethBalance =...

THE RETURN BOOLEAN VALUE OF THE excessivelySafeCall FUNCTION IS NOT CHECKED IN THE BranchBridgeAgent.lzReceive FUNCTION

Lines of code Vulnerability details Impact The BranchBridgeAgent.lzReceive function is used to send cross-chain messages using the layer zero messaging layer. The lzReceive function uses the excessivelySafeCall library on the same contract address addressthis to ensure the layer zero cross chain...

Solmate safeTransfer and safeTansferFrom does not check the code size of the token address

Lines of code Vulnerability details Impact The safeTransfer and safeTransferFrom don't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safeTransfer and...

Upgraded Q -> M from #234 [1668465995897]

Judge has assessed an item in Issue 234 as M risk. The relevant finding follows: 1.LBToken: In the burn function, beforeTokenTransfer uses incorrect from and to. Burning tokens should be transferred to 0 address. Proof of Concept Recommended Mitigation Steps beforeTokenTransfer account, address0,...

Incorrect input amount calculation for Trader Joe V1 pools

Lines of code Vulnerability details Impact Input amount is calculated incorrectly for Trader Joe V1 pools when swapping tokens across multiple pools and some of the pools in the chain are V1 ones. Calculated amounts will always be bigger than expected ones, which will always affect chained swaps...

transferfrom with arbitrary from address allows attackers to receive tokens in L2 without paying

Lines of code Vulnerability details Impact In , the line token.transferFromfrom, escrow, amount; use an arbitrary from address. So an attacker can deposit victim's GTR token on L1, by using from address as victim's address, and receive equivalent tokens on L2 on attacker address. Proof of Concept...

Lack of access control for mint/burn functions

Lines of code Vulnerability details Impact The mint and burn functions allow any caller to mint and burn tokens without restrictions. This could enable malicious actors to arbitrarily inflate or reduce the token supply. An attacker could continuously mint new tokens, effectively devaluing all...

No Create2 Contract Deployment Check can prevent a borrower from deploying contracts from a factory if deployment fails

Lines of code Vulnerability details Descripion When a contract is deployed using Create2 the deployment can fail without causing a revert. The following conditions can cause it to not revert: 1. A contract already exists at the destination address. 2. Insufficient value to transfer. 3. Sub contex...

Lack of force resume support for LZ which is crucially important to have

Lines of code Vulnerability details Impact The User Application LZReceiver should implement the ILayerZeroUserApplicationConfig interface which includes the forceResumeReceive function. This is very important as in the worst case, it can allow the owner to unblock the queue of messages if somethi...

the mint function in erc4626 will mint incorrect amount

Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...

Lack of owner verification in EIP-1271 signature check

Lines of code Vulnerability details Description In the checkSignatures there are checks that the signer is the account owner, but in the case of EIP-1271 signature check there are no such checks: // If v is 0 then it is a contract signature // When handling contract signatures the address of the...

Actor can input malicious data in the swap function inputs

Lines of code Vulnerability details Impact Function swap has a data input parameter, which can be defined by the caller. Any user could therefore define a token address that they will send. By doing so user could create their own token and send it instead of tokenA and receive tokenB for free. By...

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Lack of validation allows invalid ticks, impacting data integrity.

Lines of code Vulnerability details Impact Function crossTicks updates the tick tracking data when ticks are crossed, but does not validate that exitTick and entryTick are valid and make sense. For example, exitTick could be lower than entryTick. Proof of Concept Here is the relevant code in the...

abi.encodePacked() collision due to dynamic types usage that could lead to

Lines of code Vulnerability details Impact The use of abi.encodePacked could lead to collision due to the dynamic types usage. Through abi.encodePacked, Solidity supports a non-standard packed mode where: Types shorter than 32 bytes are neither zero padded nor sign extended and Dynamic types are...

No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision

Lines of code Vulnerability details Impact For upgradeable contracts, there must be storage gap to "allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments" quote OpenZeppelin. Otherwise it may be very difficult to...

Incorrect accounting on transfer-on-fee/deflationary tokens in Gravity

Handle shw Vulnerability details Impact The sendToCosmos function of Gravity transfers amount of tokenContract from the sender using the function transferFrom. If the transferred token is a transfer-on-fee/deflationary token, the actually received amount could be less than amount. However, since...

CrossDomainMessenger relayMessage Vulnerability

Lines of code Vulnerability details Impact The vulnerability allows an attacker to manipulate the sender address sender parameter when relaying a message from Layer 2 L2 to Layer 1 L1 in a cross-domain scenario. The issue arises due to the use of the L2CrossDomainMessenger contract address...

Mitigation Confirmed for H-06

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of H-06: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings588 Comments Issue H-06 describes the potential problems of assuming a peg of stETH to ETH. The sponsor proposed a mitigation to fetch the price of...

Function stabilize() might always revert because of overflow since Malt contract use solidity 0.8

Lines of code Vulnerability details Impact MaltDataLab fetched priceCumulative directly from Uniswap V2 pool to calculate price of Malt token. However, it is noticed that Uniswap V2 pool use Solidity 0.5.16, which does not revert when overflow happen. In addition, it is actually commented in...