PermissionlessBasicPoolFactory\addPool() doesn’t check whether pool.excessBeneficiary is address(0)

Lines of code Vulnerability details Impact In PermissionlessBasicPoolFactory\addPool, it doesn’t check whether pool.excessBeneficiary is address0. Therefore, when doing withdrawExcessRewards. IERC20pool.rewardTokensi.transferpool.excessBeneficiary, rewards always revert. Proof of Concept...

CEther.doTransferOut() May Revert Because .transfer() Uses A Fixed Amount Of Gas

Lines of code Vulnerability details Impact The .transfer function intends to transfer an ETH amount with a fixed amount of 2300 gas. This function is not equipped to handle changes in the underlying .send and .transfer functions which may supply different amounts of gas in the future. Additionall...

The ownership context is too centralized leaving room for other attack surfaces

Lines of code Vulnerability details Impact The ownership context is too centralized leaving room for other attack surfaces and leaving impression of distrust for the participants. Proof of Concept Almost all of the functions have onlyOwner modifier which allows accessing all the vital points of t...

Unhandled return value of ERC20 transfer

Lines of code Vulnerability details Impact For reference, see similar Medium-severity finding from Consensys Diligence Audit of Aave Protocol V2: As stated in the above finding: “ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false...

Total loss of funds on owner account compromise

Lines of code Vulnerability details Issue: The vault address may be arbitrarily updated by the owner using setVaultAddress. The owner can also call withdrawAll to move all funds to the vault. Consequence: A malicious owner or owner account compromise can siphon the entire contract's funds to an...

Users can use updateBoost function to claim unfairly large rewards from liquidity mining contracts for themselves at cost of other users.

Lines of code Vulnerability details Impact Users aware of this vulnerability could effectively steal a portion of liquidity mining rewards from honest users. Affected contracts are: SupplyMinerV2, DemandMinerV2, PARMinerV2 VotingMinerV2 is less affected because locking veMIMO in votingEscrow...

Non-standard ERC20 Tokens are Not Supported

Lines of code Vulnerability details When trying to call SuperVault.executeOperation the transaction reverts. This is because the call to asset.approve in line97 doesn't match the expected function signature of approve on the target contract like in the case of USDT. This issue exists in any call ...

withdrawFees() function shoud require to address to not be zero

Lines of code Vulnerability details Impact withdrawFees don't check that to address is not zero and send fee to the address without any check that confirms admin has set the address. bentoBox don't accept transferring to zero address, otherwise this could be high risk Proof of Concept As you can...

Users' funds can become locked in the contract

Judge @GalloDaSballo has assessed the 2nd item in QA Report 163 as Medium risk. The relevant finding follows: … Users' funds can become locked in the contract In the withdraw function in ConvexStakingWrapper there's a call to MasterChef's withdraw funciton which uses the safeConcurTransfer functi...

_amount requires to be updated to contract balance increase (4)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

CvxCrvRewardsLocker implements a swap without a slippage check that can result in a loss of funds through MEV

Lines of code Vulnerability details Impact The CvxCrvRewardsLocker contract swaps tokens through the CRV cvxCRV pool. But, it doesn't use any slippage checks. The swap is at risk of being frontrun / sandwiched which will result in a loss of funds. Since MEV is very prominent I think the chance of...

Incorrect accounting of free weight in _decrementWeightUntilFree

Lines of code Vulnerability details Impact In decrementWeightUntilFree, the free weight is calculated by balanceOfuser - getUserWeightuser plus weight freed from non-deprecated gauges. The non-deprecated criteria is unnecessary and lead to incorrect accounting of free weight. Proof of Concept...

IndexLogic: An attacker can burn other users' tokens to transfer assets to himself

Lines of code Vulnerability details Impact In the burn function of the IndexLogic contract, the user needs to transfer the tokens to the contract first, and then call the burn function to withdraw the assets. The attacker can monitor the number of tokens in the contract. When it is not 0, the...

Chainlink oracle might return stale data

Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...

New YVault depositors can be attacked by depressing share decimals

Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created YVault contract, providing a tiny amount of token by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 token if it is 18 decimals. Then the attacker can directly transfer, for exampl...

StrategyPUSDConvex.balanceOfJPEG uses incorrect function signature while calling extraReward.earned, causing the function to unexpectedly revert everytime

Lines of code Vulnerability details Impact As specified in Convex BaseRewardPool.sol and VirtualRewardPool.sol, the function signature of earned is earnedaddress. However, balanceOfJPEG did not pass any arguments to earned, which would cause balanceOfJPEG to always revert. This bug will propagate...

Arbitrary contract call within UniV3LpVault._swap with controllable swapPath

Lines of code Vulnerability details Impact UniV3LpVault.swap utilizes swapRouter.exactInput to perform swaps between two tokens. During swaps, transfer function of each token along the path will be called to propagate the assets. Since anyone can create a uniswap pair of arbitrary assets, it is...

Incorrect implementation of the batchRemoveDex function in DexManagerFacet

Lines of code Vulnerability details Impact The batchRemoveDex function does not work as expected. It should remove all the given DEX addresses from the dexWhitelist. However, it only removes the first successfully found DEX address and then stops removing the rest. The functionality is broken, an...

All swapping functions lack checks for returned tokens

Lines of code Vulnerability details Impact Every function that stems from the GenericSwapFacet lacks checks to ensure that some tokens have been returned via the swaps. In LibSwap.sol in the swap function, the swap call is sent to the target DEX. A return of success is required, otherwise the...

Incorrect number of seconds in ONE_YEAR variable

Lines of code Vulnerability details Impact In HolyPaladinToken.sol the ONEYEAR variable claims that there are 31557600 seconds in a year when this is incorrect. The ONEYEAR variable is used in the getCurrentVotes function as well as the getPastVotes function so it is vital that the correct time i...

Missing input validation could lead to loss of fund

Lines of code Vulnerability details Impact A faulty input in GenericSwapFacet.swapTokensGeneric could cause funds to get stuck in the contract. In addition, tokens left in the LiFi contract can be retrieved by anyone see issue: ERC20 withdrawals can be frontrun, leading to loss of fund. Proof of...

[WP-H4] Initializer of QuantConfig.sol can rug users

Lines of code Vulnerability details function initializeaddress payable timelockController public override initializer require timelockController != address0, "QuantConfig: invalid TimelockController address" ; AccessControlinit; Ownableinitunchained; setupRoleDEFAULTADMINROLE, msgSender;...

ConfigTimeLockController will put QuantConfig in a stalemate(rendering it unusable)

Lines of code Vulnerability details The QuantConfig contract has these important setters, setProtocolAddress, setProtocolUint256, setProtocolBoolean and setProtocolRole. This contract is subjected to a timelock before all such processes above are executed. But, the issue arises in the fact that i...

Chainlink pricer is using a deprecated API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept Tools Used None Recommended...

Block delays can be bypassed with two flash loans instead of one

Lines of code Vulnerability details The README.md states: Withdrawals must be requested in a prior block via initiateWithdrawaluint256 amount . The number of blocks until a request expires is settable by the vault owner . This is mainly for mitigating the feasibility of a flash loan attack. Impac...

[WP-H4] anchor_basset_reward pending yields can be stolen

Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...

Chainlink latestRoundData validation

Lines of code Vulnerability details Impact Oracle returns Chainlink latestRoundData without proper validation, e.g.: function getUnderlyingPriceaddress underlying ... ,answer,,, = AggregatorV3InterfacechainLinkAggregatorMapunderlying.latestRoundData; answer /= 100; And other functions that call...

Function getUnderlyingPrice in Oracle.sol does not check the price returned from chainlink aggregators

Lines of code Vulnerability details Impact The getUnderlyingPrice function in the contract Oracle.sol fetches the answer directly from a Chainlink aggregator using the latestRoundData function. There is no check if the return value is 0 or indicates stale data. This could lead to incorrect or sta...

Reentrancy in depositBribeERC20 function

Lines of code Vulnerability details Impact depositBribeERC20 function in BriveVault is reentrant in line 187, where an address supplied by the caller is called. A bad actor that has DEPOSITORROLE and is a contract can execute a folowing attack: 1. Create a dummy token contract, reentrant in the...

Rewards can be claimed if merkle proof is known

Lines of code Vulnerability details Impact The README describes the following when a voting ends: Outside of the Hidden Hand contract scope, after the Tokemak CoRE round ends, proposal data is compiled and these two things happen: - The following is derived from the data: its hash KECCAK-256 and...

Profile creation can be frontrun

Lines of code Vulnerability details Impact The LensHub/PublishingLogic.createProfile function can be frontrun by other whitelisted profile creators. An attacker can observe pending createProfile transactions and frontrun them, own that handle, and demand ransom from the original transaction...

Duplicate tokens can be added which might cause DOS

Lines of code Vulnerability details Impact Duplicate tokens can be added which could exceed maxHoldingsCount and thus rejecting all functions in Factory Proof of Concept 1. Observe the store function in NestedRecords.solL111 function store uint256 nftId, address token, uint256 amount, address...

Wrong reward token calculation in MasterChef contract

Lines of code Vulnerability details Impact When adding new token pool for staking in MasterChef contract function addaddress token, uint allocationPoints, uint16 depositFee, uint startBlock All other, already added, pools should be updated but currently they are not. Instead, only totalPoints is...

tokenOut is only required on finalize

Lines of code Vulnerability details Impact I thought of a potential rug pull from the owner: when users buy tokenOut, it is not required that the contract has already escrowed enough tokenOut. It is only required when finalizing the sale: require tokenOut.balanceOfaddressthis = totalTokenOutBough...

Reentrancy on Flash Governance Proposal Withdrawal

Handle kirk-baird Vulnerability details Impact The function withdrawGovernanceAsset is vulnerable to reentrancy, which would allow the attacker to drain the balance of the flashGoverananceConfig.asset. Note: this attack assumes the attacker may gain control of the execution flow in asset.tranfer...

Bypass Vote Flipping Time Addition

Handle kirk-baird Vulnerability details Impact It is possible to bypass the additional 2hrs added to the length of voting when the vote flips from positive to negative or vice versa. This can be done by breaking the vote into two steps first sending enough fate to make the proposal zero. Then...

Users can lose value in emergency state

Handle cmichel Vulnerability details Imagine the following sequence of events: LaunchEvent.createPair is called which sets wavaxReserve = 0, adds liquidity to the pair and receives lpSupply LP tokens. LaunchEvent.allowEmergencyWithdraw is called which enters emergency / paused mode and disallows...

[WP-M2] DEFAULT_ADMIN_ROLE can approve arbitrary address to spend any amount from the L1Escrow contract

Handle WatchPug Vulnerability details function approve address token, address spender, uint256 value public onlyRoleDEFAULTADMINROLE ApproveLiketoken.approvespender, value; emit Approvetoken, spender, value; L1Escrow.solapprove allows an address with DEFAULTADMINROLE can approve an arbitrary amou...

Incorrect erc20 interface

Handle 0v3rf10w Vulnerability details Impact Incorrect return values for ERC20 functions results in failure when interacting with other contract , as the return value is missing. Proof of Concept ApproveLike contracts/L1/gateway/L1Migrator.sol67-69 has incorrect ERC20 function...

LivepeerToken.burn function could burn tokens of any user

Handle cccz Vulnerability details Impact Same as code-423n4/2021-11-overlay-findings22, the burner could burn any amount of tokens of any user. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Update burn function for only owner can burn his tokens. --- The text was update...

Re-entrancy in _createDeposit allows stealing tokens

Handle cmichel Vulnerability details The Vault.createDeposit function first caches the current total shares and underlying, and then iterates over all claims using a call to createClaim. Only afterwards, does it pull in the required total amount in the deposit. function depositDepositParams...

Unbounded loop on array can lead to DoS

Handle robee Vulnerability details The attacker can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit. This is an High Risk issue since thos...

Locks can be denied

Handle cmichel Vulnerability details The XDEFIDistribution.lock function mints a new token and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is...

Reentrancy at lock can lead to wrong accounting

Handle kenzo Vulnerability details The lock function calls safeMint in the midst of it. This can lead to reentry to updateDistribution, thereby ruining contract invariants. Impact At worst case, loss of user funds: distributableXDEFI will be set to be bigger than it really is, and so when a...

pay() function has callback to msg.sender before important state updates

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

No checks if given product is created by the factory

Handle 0x0x0x Vulnerability details An attacker can create a fake product. Collateral contract does not check whether the given product is created by the factory. A malicious product can return arbitrary maintenance amounts, therefore they can make any deposit to fake product stuck simply return...

Anyone can liquidate credit line when autoLiquidation is false without supplying borrow tokens

Handle harleythedog Vulnerability details Impact It is intended that if a credit line has autoLiquidation as false, then only the lender can be the liquidator see docs here: . However, this is not correctly implemented, and anyone can liquidate a position that has autoLiquidation set to false. Ev...

cancelPromotion will revert if the promotion is not started yet

Handle certora Vulnerability details cancelPromotion might fail unexpectedly. cancelPromotion calls getRemainingRewards which calls getCurrentEpochId: function getCurrentEpochIdPromotion memory promotion internal view returns uint256 // elapsedTimestamp / epochDurationTimestamp return...

getRewardsAmount doesn't check epochs haven't been claimed

Handle harleythedog Vulnerability details Impact In ITwabRewards.sol, it is claimed that getRewardsAmount should account for epochs that have already been claimed, and not include these epochs in the total amount indeed, there is a line that says @dev Will be 0 if user has already claimed rewards...

check for deposit token and reward token are not same

Handle hack3r-0m Vulnerability details Impact createStream does not check if deposit token and reward token are different addresses. Proof of Concept Not Required Tools Used Manual Review Recommended Mitigation Steps add check requirerewardToken != depositToken --- The text was updated...