Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false

Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...

Updating a submission - testing is i can add a submission by team that was originally an issue for a single warden.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps testings...

Upgraded Q -> 2 from #878 [1683053128185]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-3 Potential loss of funds when paying royalties - --- The text was updated successfully, but these errors were encountered: All reactions...

Invalid addresses will be accepted as resolvers, possibly bricking assets

Lines of code Vulnerability details Description The hexToAddress utility parses a string into an address type. function hexToAddress bytes memory str, uint256 idx, uint256 lastIdx internal pure returns address, bool if lastIdx - idx 40 return address0x0, false; bytes32 r, bool valid =...

Claiming of domains will likely be locked due to a bad check in _enableNode

Lines of code Vulnerability details Description DNS name claims all go through claim which calls enableNode, which calls enableNode. Nodes are enabled recursively, from the root downwards.The following check occurs in enableNode: node = keccak256abi.encodePackedparentNode, label; address owner =...

BytesUtils.keccak does not revert when offset is out of bounds

Lines of code Vulnerability details Impact The BytesUtils.keccak function accepts out of bound offset value and returns a valid response without reverting. function keccak bytes memory self, uint256 offset, uint256 len internal pure returns bytes32 ret requireoffset + len = self.length; assembly...

A MINTER CAN STOP A QUALIFIED POOL SHARE HOLDER FROM DENYING THE MINTER DURING THE APPLICATION PERIOD BY FRONT-RUNNING THE TRANSACTION

Lines of code Vulnerability details Impact A minter can stop a Qualified pool share holder from denying the minter during the application period by front-running the transaction Consider the following scenario: 1 . Assume minter is User A and Qualified pool share holder is User B. 2 . User A call...

Dangerous use of setVirtualReserves(), withdraw(), and execute() leads to incorrect configuration of PrivatePool

Lines of code Vulnerability details Impact The function setVirtualReserves allows arbitrary changes to the values of virtualBaseTokenReserves and virtualNftReserves, which determine the price of the NFT trade in the pool. However, the real balance of tokens or ether in the pool is not checked, so...

Logic for RescueTokens is incorrect for muteTokens

Lines of code Vulnerability details Proof of Concept The logic for RescueTokens doesn't take into account the reward remainders. I wanted to write a POC but I'm in a bit of a time crunch. So, imagine the following situation: totalRewards = 100, and staker A, B the only stakers staked for the firs...

Hardcoded poolFee in deposit() Function Cause Liquidity Depth Issue for Swap

Lines of code Vulnerability details Impact In deposit function we are using the hardcoded value of poolFee as 500 which limits the ability of liquidity providers to select the appropriate fee tier, potentially reducing the returns for liquidity providers. IWETHWETHADDRESS.depositvalue: msg.value;...

KangarooVault.removeCollateral updates storage without actually removing collateral, resulting in lost collateral

Lines of code Vulnerability details The admin can call KangarooVault.addCollateral to add additional collateral to a Power Perp position. File: src/KangarooVault.sol 424: function addCollateraluint256 additionalCollateral external requiresAuth nonReentrant 425: SUSD.safeApproveaddressEXCHANGE,...

Mint Bio NFT with mismatched SVG

Lines of code Vulnerability details Impact The tokenURI function of a given NFT contract must represent truth about the given tokenid. The Bio contract allows for minting of NFTs using a bio string. The tokenURI of a minted Bio NFT in turn generates a JSON response. This JSON payload includes the...

Anyone can steal funds in the Contract Deployer

Lines of code Vulnerability details Impact If ContractDeployer.sol ever holds funds, it could potentially be drained via the chained creation of new contracts. Proof of Concept When creating a contract the create/create2 functions will be called inside the contract deployer here: , which after...

Contracts are susceptible for Head Overflow Bug in Calldata

Lines of code Vulnerability details Impact ABI-encoding a tuple with a statically-sized calldata array in the last component would corrupt 32 leading bytes of its first dynamically encoded component. Proof of Concept The functions are taking input arguments as calldata. Following contracts are...

EVM Elliptic Curve Recovery Discrepancy

Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an r, s,...

bootloader doesn't add tighter gas limit to the IAccount.validateTransaction call

Lines of code Vulnerability details Impact As mentioned in the competition details: Important, while the bootloader is out of scope, we may reward an additional bounty for valid bugs found in it by our judgement! As mentioned in the dev document, , there are some limitations of the verification a...

Lack of a contract existence check may lead to undesired behavior

Lines of code Vulnerability details Impact The functions NeoTokyoStaker.assetTransferFrom and NeoTokyoStaker.assetTransfer are both used as helper functions to perform low level calls, both functions revert if the low-level call fails, but no checks are made if the contract that's being called...

INITIALIZE FUNCTION IN COUNTERV2.SOL CAN BE INVOKED MULTIPLE TIMES FROM THE IMPLEMENTATION CONTRACT

Lines of code Vulnerability details Impact Initialize function in CounterV2.sol can be invoked multiple times from the implementation contract. This means a compromised implementation can reinitialize the contract above. Usually in Upgradeable contract, an initialize function is protected by the...

Reentrancy in staking function exit

Lines of code Vulnerability details Impact The user on calling exit calls the updateReward function twice. Proof of Concept First entry is in function withdraw burn Calling the Hook beforeTokenTransfer Which in turn calls updateReward Second Entry getReward call updateReward directly Tools Used...

Minimum referral requirement is incorrectly computed

Lines of code Vulnerability details As per the docs: Referrer rewards are allocated on a per draw basis Referrers who meet the minimum referral requirement according to the following table will be eligible for the Individual Referrer Allocation The minimum referral requirement for a draw N + 1 is...

Ethos stil using LUSD (not ERN) will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project

Lines of code Vulnerability details Impact Ethos stil using LUSD not ERN will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project Proof of Concept Ethos is a fork project of Liquity with additional changes, supporting multi collateral tokens. There are some...

Last good price might be not good if both Tellor and Chainlink prices are unreliable

Lines of code Vulnerability details Impact Calling from Pricefeed.sol, fetchPrice returns the last good price seen by the protocol whenever both Chainlink and Tellor fail to be reliable. The protocol features multi-collateral support which eventually accepts assets that are volatile in nature, du...

closeTrove never nulls trove.stake

Lines of code Vulnerability details // Auditor's note: not 100% sure if this is intentional, but I have reason to believe it's a mistake. Description When a trove gets liquidated, its stake gets set to 0 through removeStake, called eg here. However, when a trove gets closed gratiously through...

Upgraded Q -> 2 from #752 [1677633810856]

Judge has assessed an item in Issue 752 as 2 risk. The relevant finding follows: Possibility of MultiRewardEscrow.claimReward to be vulnerable to a reentrancy attack There are a bunch of external calls before setting accruedRewardsuserrewardTokensito zero. Malicious actors can add some exploits o...

Upgraded Q -> 2 from #795 [1677634051278]

Judge has assessed an item in Issue 795 as 2 risk. The relevant finding follows: 01 FEE-ON-TRANSFER TOKENS ARE NOT SUPPORTED This protocol currently does not support fee-on-transfer tokens. For example, for a fee-on-transfer token, calling the following Vault.deposit function with the assets inpu...

Upgraded Q -> 3 from #71 [1676966386580]

Judge has assessed an item in Issue 71 as 3 risk. The relevant finding follows: L-04 onlyMinter modifier is not working as expected Description onlyMinter can be bypasssed by anyone due to an invalid check: modifier onlyMinter msg.sender == minterAddress; ; Thus, everyone can mint tokens: functio...

TRANSFERING KIBToken TO YOURSELF INCREASES YOUR BALANCE

Lines of code Vulnerability details Impact using temporary variables to update balances is a dangerous construction. If transferred to yourself, it will cause your balance to increase, thus growing the token balance infinitely Proof of Concept KIBToken overrides transfer to perform the transfer o...

Minipool whose multisig has been disabled cannot be reassigned a valid one

Lines of code Vulnerability details Impact The likelihood of startRewardsCycle reverting due to division by zero is practically not going to happen. This is because disableAllMultisigs is only reasonably invoked when pauseEverything is called by the defender. At his point, startRewardsCycle will...

Unchecked revert causes to

Lines of code Vulnerability details Impact In AdapterBase.Sol when harvesting and exchanging all tokens using Pool2SingleAssetCompounder.SolL44 harvest can harvest all tokens but not swap them for underlying currency. In contract Pool2SingleAssetCompounder...

Potential DOS in Contract Inheriting UUPSUpgradeable.sol

Lines of code Vulnerability details Impact There is a contract which inherit UUPSUpgradeable.sol, namely; Managed.sol . The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls t...

MinipoolManager: node operator can avoid being slashed

Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...

Upgraded Q -> 2 from #508 [1675443068820]

Judge has assessed an item in Issue 508 as 2 risk. The relevant finding follows: Cannot add additional Multisig when 10 Multisig addresses are registered --- The text was updated successfully, but these errors were encountered: All reactions...

An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...

Mint to without check for zero address

Lines of code Vulnerability details Impact Mint to without check for zero address. This can lead to lost of token Proof of Concept Tools Used Recommended Mitigation Steps add check to be sure that address to is not empty --- The text was updated successfully, but these errors were encountered: Al...

The LendgineRouter.burn() will always REVERT due to the callback function forgot to send the due token0 back.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LendgineRouter.burn will always REVERT due to the callback function forgot to send the due token0 back. The callback function pairMintCallback is supposed to send back amount0 amount of token0 back ...

withdrawRemainingTokens() in the Erc1155Quest withdraws all tokens and does not consider the amount of unclaimed tokens

Lines of code Vulnerability details Impact The withdrawRemainingTokens function in the Erc1155Quest contract does not consider the amount of unclaimed tokens. When the owner calls the function when the quest has ended, all tokens belonging to the contract will be withdrawn. Any user who has not y...

Config update happening in memory instead of at storage slot

Lines of code Vulnerability details Impact While adding configs in addConfig function, configs is updated in memory as shown at . It should accept configs parameter to a function as storage. Proof of Concept function addConfiguint256 memory configs, uint256 configsLen, DripsReceiver memory receiv...

Mitigation of M-07: Issue not mitigated

Lines of code Vulnerability details The sponsor confirmed but disputed Medium severity, and did not provide any PRs addressing it, so the same issue remains in the new code. --- The text was updated successfully, but these errors were encountered: All reactions...

Fee on transfer tokens will not behave as expected

Lines of code Vulnerability details Impact According to Whitepaper 1.1 Permissionless: "In Timeswap, liquidity providers can create pools for any ERC20 pair, without permission. It is designed to be generalized and works for any pair of tokens, at any time frame, and at any market state ... If fe...

Reentrancy attack to swap()

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A malicious contract can initiate a reentrancy attack to the swap function: it can swap token0 for token1, receiving token0 but without effectively providing the due token1 amount used to mint instead...

Upgraded Q -> M from #351 [1674418158719]

Judge has assessed an item in Issue 351 as M risk. The relevant finding follows: Stable Vault cannot accept tokens with more then 18 decimals because of this lines: Consider using different conversion formula. For example: amount 1e18 / 10token.decimals for deposit and amount 10token.decimals /...

Upgraded Q -> M from #254 [1674418824740]

Judge has assessed an item in Issue 254 as M risk. The relevant finding follows: 03: Lock.claimGovFees will revert with tokens that have approve race condition protection Some tokens only allow you to approve a new value if the current allowance is set to zero, e.g. USDT. This is not an issue rig...

Reentrancy

Lines of code Vulnerability details Impact An attacker can be the owner of conduitcontroller contract Proof of Concept function acceptOwnership has re-entrancy vulnerability Look at this : function acceptOwnership Executes twice to make the caller as owner. Look at this = emit OwnershipTransferre...

Possible Unauthorized Redemption of Collateral ERC20 Tokens due to Lack of Proper Check in redeem() Function

Lines of code Vulnerability details Impact An attacker who is not authorized by the smart contract could potentially redeem more tokens than they are entitled to. This could cause a loss of funds for the smart contract and its users, as well as potentially destabilizing the overall ecosystem...

Governance manipulation through signatures

Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...

A transfer-on-fee token or a deflationary/rebasing token, causing the received amount to be less than the accounted amount. For instance, a deflationary tokens might charge a certain fee for every safetransfer() or safetransferFrom().

Lines of code Vulnerability details Impact ALice calls stakeamount = 100 deflationary Tokens. Because the token has a fee upon transfer, StRSR receives only 99 tokens and staked that amount to mint but user thought that receives 100 tokens . But reality token received for stRSR only 99 . Proof of...

abi.encodePacked Allows Hash Collision

Lines of code Vulnerability details Impact From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked"a", "bc" ==...

Fee on transfer based collateral is not considered.

Lines of code Vulnerability details Impact It has following impacts. 1. backingManager would be transferred with lesser than deposits 2. Recorded liabilities will be more 3. collateral deposited into the RToken contract would be lesser than deposits Proof of Concept Any one can mint RToken by...

User can lose 10 ethers to Vault

Lines of code Vulnerability details Impact If a user or a contract that has a large allowance 10 ethers or max on an ERC4626Cloned based Vault that has not yet received any deposits, calls mint with 0 share argument, will have a 10 ethers of the asset transferred to the Vault with no way to recla...

PublicVault Contract Allows Minting Tokens to a Null Address

Lines of code Vulnerability details Impact The PublicVault contract allows the minting of tokens to a null address. When the redeemFutureEpoch function is called with a null address as the receiver, the function will still proceed with the minting of the underlying asset, but the tokens will not...