Locke.sol:Stream - possible DOS on arbitraryCall

Handle ScopeLift Vulnerability details Impact If there's an airdrop that arbitraryCall would like to call, it could be DOSed by first calling createIncentive with the airdropped token, then backrunning calls to claimIncentive with calls to createIncentive. Proof of Concept Tools Used Recommended...

AddLiquidity allows sandwich attacks on direct use within hard coded 5% slippage tolerance

Handle hyh Vulnerability details Impact Liquidity provision can happen at a manipulated price which leads to immediate loss for liquidity provider i.e. IL happens right after liquidity provision in this case. This yields direct loss for an account owner, for example schematically: 0. Suppose...

AMM pool can be drained using a flashloan and calling stabilize

Handle stonesandtrees Vulnerability details Impact All of the rewardToken in a given AMM pool can be removed from the AMM pool and distributed as LP rewards. Proof of Concept In the stabilize method in the StabilizerNode the initial check to see if the Malt price needs to be stabilized it uses a...

function mint() No Tokens Will be Transfer to _recipient

Handle Meta0xNull Vulnerability details Impact mintrecipient, amount; At the end of mint, mint seems like responsible to transfer tokens to recipient but there is no code no function of mint in this contract. Thus No Tokens Will be Transfer to recipient. recipient who do not Receive Their Tokens...

Passing multiple ETH deposits in orders array will use the same msg.value many times

Handle hyh Vulnerability details Impact Contract holdings can be emptied as malicious user will do deposit/withdraw to extract value. This is possible because after transferInputTokens system uses contract balance for user's operations, assuming that equivalent value was transferred. Proof of...

setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract

Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...

Improper implementation of slippage check

Handle WatchPug Vulnerability details function redeemIERC20 token, uint amount, uint poolId, int128 idx, uint minOut external defend blockLocked whenNotPaused returnsuint out ibbtc.safeTransferFrommsg.sender, addressthis, amount; Pool memory pool = poolspoolId; if poolId = minOut, "Slippage Check...

Early user can break addLiquidity

Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...

Insufficient check on updateVestedTokens function

Handle rfa Vulnerability details Impact This function can be used by the beneficiary to update their vested token, however the function is callable by anyone, there is no check if the msg.sender/caller is the correct beneficiary, the only check is , but this check is user controllable, therefore...

Unable to claim vesting due to unbounded timelock loop

Handle nathaniel Vulnerability details Impact The timelocks for any beneficiary are unbounded, and can be vested by someone who is not the beneficiary. When the array becomes significantly big enough, the vestments will no longer be claimable for the beneficiary. The vest function in Vesting.sol...

Lack Of Return Value Check On the Oracle

Handle defsec Vulnerability details Impact During the code review, It has been seen that oracle return value has not been checked on the function. If oracle is returned price as a 0, balance of shares will be zero. Proof of Concept 1. Navigate to "" 2. The return value pricePerShare function has...

Uniswap / Sushiswap prices can be manipulated through flashloans

Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...

cancel() calculates hashTx in the wrong way

Handle gpersoon Vulnerability details Impact The function cancel of contract QuickAccManager uses the wrong way to calculate the hash that has to be cancelled. It uses: "bytes32 hashTx = keccak256abi.encodeaddressthis, block.chainid, accHash, nonce, txns;" Where it should use "bytes32 hash =...

ConcentratedLiquidityPool: secondsPerLiquidity should be modified whenever pool liquidity changes

Handle hickuphh3 Vulnerability details Impact secondsPerLiquidity is updated as such: secondsPerLiquidity += uint160diff 128 / liquidity; where diff = timestamp - uint256lastObservation. Hence, whenever liquidity changes, secondsPerLiquidity should be updated prior to the change. In particular,...

Unsafe cast in IndexPool mint leads to attack

Handle cmichel Vulnerability details The IndexPool.mint function performs an unsafe cast of ratio to the uint120 type: uint120 ratio = uint120divtoMint, totalSupply; Note that toMint is chosen by the caller and when choosing toMint = 2120 totalSupply / BASE, the ratio variable will be 2120 and th...

There is no corresponding setResume() for setHalted()

Handle 0xRajeev Vulnerability details Impact There is no function for setting halted to false, i.e. to resume the halted protocol, unlike pause/unpause. It appears that halted is actually permanent shutdown here. If so, this should be documented clearly. If not, setHalted should take a boolean to...

PostAuctionLauncher's liquidity provision can be exploited

Handle cmichel Vulnerability details The PostAuctionLauncher.finalize function takes the raised payment token amounts and uses previously provided auction token amounts to provide liquidity to a Sushiswap pool after an auction has successfully been finalized. It provides this liquidity at a...

Possibility to Stake Twice

Handle verifyfirst Vulnerability details Impact Potential for some users to double-stake their Yaxis. Proof of Concept // SPDX-License-Identifier: MIT pragma solidity 0.6.12; import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; // yAx...

Rewards accumaulated can stay constant and oftern not increment

Handle moose-code Vulnerability details Impact rewardsPerToken.accumulated can stay constant while rewardsPerToken.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken.accumulated could stay...

Use safeTransfer instead of transfer

Handle shw Vulnerability details Impact Tokens not compliant with the ERC20 specification could return false from the transfer function call to indicate the transfer fails, while the calling contract would not notice the failure if the return value is not checked. Checking the return value is a...

initializeMarket uses wrong market index for synthetic

Handle cmichel Vulnerability details The LongShort.initializeMarket function accepts a marketIndex parameter to identify which market should be initialized. However, this index is not used everywhere, when calling IStakerstaker.addNewStakingFund the latestMarket variable is used. In the...

Free stake by replacing input token address

Handle jonah1005 Vulnerability details Impact In PoolOpen contract, pools' authentication is done through baseData. However, it handles token transfer based on the given parameter token. By appending a real token address at the end of the transaction and a fake address in the function parameter,...

[Pool] - Flash loan + Synth.realise allows anyone to extract value from LPs

Handle adelamo Vulnerability details Impact On Synth.sol, we have the method realise that checks if the LP value is higher than the Synth value. If confirmed, it will burn the premium LP. Using a flash loan, we can add liquidity to the pool, mint some LP tokens. Then, call realise using the pool...

Signature replay attacks are possible if a user's transactionId is not unique

Handle shw Vulnerability details Impact If a user's two transactions can have the same transactionId while their router addresses differ, then the fulfill and cancel signatures for one of the transaction is replayable on the other. Proof of Concept The only transaction-related data in the...

WETH not verified to be one of the pair tokens

Handle gpersoon Vulnerability details Impact The ETH functions of LendingPair don't check that WETH is one of the 2 pairs of the contract and introduces a third token. The third token ETH/WETH falls outside the other checks that the contract is doing. You could accidentally pay ETH/WETH to the...

Insurance ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The Insurance.deposit and Insurace.withdraw functions dp not check the return value: // deposit...

Users are charged twice the FDT tokens when tokenizing their convictions

Handle shw Vulnerability details Impact Users have to pay twice the FSD tokens when tokenizing their convictions if the locked variable is non-zero. Proof of Concept The first payment is made in the function tokenizeConviction of the contract ERC20ConvictionScore line 282, where a user transfer...

Unbounded loop in _removeNft could lead to a griefing/DOS attack

Handle shw Vulnerability details Impact Griefing/DOS attack is possible when a malicious NFT contract sends many NFTs to the vault, which could cause excessive gas consumed and even transactions reverted when other users are trying to unlock or transfer NFTs. Proof of Concept 1. The function...

mintRequests can remain 0 when the token is erc721

Handle paulius.eth Vulnerability details Impact Contract NFTXMintRequestEligibility function requestMint sets mintRequests to the amount that was minted, however, it does not check that amounti 0, so it is possible that when the token is not erc1155, the amount has a value of 0 but the token is...

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Handle 0xRajeev Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause...

function flashLoan is vulnerable to overflow/underflow and maxFlashLoan is not used

Handle paulius.eth Vulnerability details Impact function flashLoan is vulnerable to overflow/underflow when the fee is not 0. Although currently the fee is set to 0, there is a comment: "By default there is no fee, but this can be changed by overriding flashFee" As these contracts are upgradeable...

EIP-721 / EIP-1155 Re-Entrancy Vulnerability

Handle 0xsomeone Vulnerability details Impact The impact of this finding is difficult to estimate as the contract system within scope is limited in how the various components are meant to be utilized. A definitive side-effect of this re-entrancy is the delayed application of the afterRedeemHook...

Code different from comment

Handle s1m0 Vulnerability details Impact The formula doesn't coincide with the comment. Proof of Concept Tools Used Manual analysis. Recommended Mitigation Steps Correct the code or the comment. --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #146 [1706014097180]

Judge has assessed an item in Issue 146 as 3 risk. The relevant finding follows: L-6: OLAS minting via treasury is not guaranteed The OLAS.mint… method does not revert if the requested amount cannot be limited due to the inflation limit: function mintaddress account, uint256 amount external //...

When unpausing the GuardCM, not setting governorCheckProposalId to 0 puts the assets of the protocol at risk

Lines of code Vulnerability details Impact If the GuardCM was paused once, the community multisig CM can pause it again without checking for the governances activity. This moves the power within the system from the governance to the CM and can, in the worst case, result in the lose of all funds o...

Potential inaccurate calculation of maxBond and effectiveBond in case of delayed call to checkpoint()

Lines of code Vulnerability details Impact The checkpoint function in the Tokenomics contract is responsible for recording global data when a new epoch starts. This function contains a potential issue when the checkpoint function is not called exactly at the end of an epoch that finishes very clo...

Withdraw amount returned by getLiquidityAmountsAndPositions may be incorrect

Lines of code Vulnerability details Impact The getLiquidityAmountsAndPositions function in the liquiditylockbox contract is used to calculate the liquidity amounts and positions to be withdrawn for a given total withdrawal amount. It iterates through each deposited position following a FIFO order...

[H1] Custom upgrade functionality is dangerous

Lines of code Vulnerability details Impact ​ Unsafe upgrade can break protocol Analysis of the vulnerability You are using a custom upgrade for the tokenomics contract not following UUPS standard function changeTokenomicsImplementationaddress implementation external // Check for the contract...

Griefing attack on liquidity_lockbox withdrawals due to lack of minimum deposit

Lines of code Vulnerability details Impact The liquiditylockbox contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack...

Attacker can cause deposits to be locked in the Solana lockbox

Lines of code Vulnerability details Impact An attacker can cause deposits to be locked in the lockbox Proof of Concept In withdraw, if the position has 0 liquidity the execution is reverted function withdrawuint64 amount external address positionAddress =...

[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack

Lines of code Vulnerability details Impact The ineffectiveness of an update against a flashloans attack. Analysis of the vulnerability You update lastDonationBlockNumber after every donation. However, you update is done at the end of the function trackServiceDonations function trackServiceDonatio...

Users can avoid liquidation by splitting their positions into smaller ones

Lines of code Vulnerability details Impact Bad debt creation, as the total sum of positions could yield a signicant underwater position, but they would likely not be liquidated as it wouldn't compensate liquidators. Proof of Concept A recent, random transaction on Mantle shows a gas fee of 0.47...

borrower can prevent liquidity provider from withdrawing their liquidity

Lines of code Vulnerability details Description When a liquidity provider wants to withdraw their liquidity they can call ParticlePositionManager::reclaimLiquidity. This will prevent any renewals: ParticlePositionManager::addPremium: File: protocol/ParticlePositionManager.sol 508: // check LP...

wrong implementation of maxHeap.extractMax();

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. wrong implementation of maxHeap.extractMax; as it should return values but here its not assigned to anything. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, log...

lack of slippage protection for increaseLiquidity, and decreaseLiquidity

Lines of code Vulnerability details Impact Lack of slippage protection for increasing and decreasing liquidity can cause the liquidity provider to provide liquidity at an unfavorable price. Or the borrower to borrow/repay in a manipulated pool. Proof of Concept When adding liquidity eventually...

A wLP collateral that is no longer whitelisted but was at some point won't let users decollateralize or be liquidated

Lines of code Vulnerability details Impact Users who collateralized using wLP won't ever be liquidated unless the wLP is whitelisted back, but this could be dangerous depending on the reason it was removed from the whitelist. They can't also decollateralize. The severity of this issue depends...

Owners of LPs can be dosed when removing their position

Lines of code Vulnerability details Summary LP owners can reclaim liquidity to stop it from being extended for current liens but this doesn't stop from being used in new positions. Impact LP owners can signal their intention to pull liquidity by calling reclaimLiquidity. This function updates the...

Modifying the loan term setting can default existing loans

Lines of code Vulnerability details Summary Protocol admins can modify the loan term settings. This action can inadvertently default existing loans created under different terms. Impact Positions in the Particle LAMM protocol are created for a configurable period of time, defined by the LOANTERM...

setPosMode function doesn't check if wLp is whitelisted

Lines of code Vulnerability details Proof of Concept Using setPosMode function owner of position can change it's mode. When the function is called, then there are a lot of checks, like if current mode allows to decollateralize and if new mode allows to collateralize. Also it's checked, that all...

impossible to open a position with a large marginTo

Lines of code Vulnerability details Description marginTo/From is a way to both cover your position and increase your premium when opening a position. There is however a unintended limit on how much marginTo you can provide when opening a position. When doing the swap to increase leverage, the...