Customers cannot be topUp()ed a second time

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

FlywheelCore.setBooster() can be used to steal unclaimed rewards

Lines of code Vulnerability details Impact A malicious authorized user can steal all unclaimed rewards and break the reward accounting Even if the authorized user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Furthermore since this...

Attacker can cause minter to lose his funds by calling sync() between deposit and mint()

Lines of code Vulnerability details Impact All funds will be lost Proof of Concept To mint new index tokens underlying tokens need to be deposited in Vtoken.sol and then call the mint function. The mint function does balance-previousBalance to calculate tokens that were deposited. The previous...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact In ChainlinkPriceOracle.sol, latestRoundData is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: Proof of Concept ChainlinkPriceOracle.solL83...

Chainlink oracle might return stale data

Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...

Use latestRoundData instead latestAnswer of Chainlink aggregators

Lines of code Vulnerability details Impact Use latestAnswer in vaults/NFTVault.sol may get stale ETH price in USD ethPriceUSD, stale value in ETH of the NFT ​​getNFTValueETH, stale JPEG price in USD jpegPriceUSD, and also stale USD price of one unit of collateral asset collateralPriceUsd of...

New YVault depositors can be attacked by depressing share decimals

Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created YVault contract, providing a tiny amount of token by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 token if it is 18 decimals. Then the attacker can directly transfer, for exampl...

JPEGLock.lockFor can relock for specific nft, which overwrites previous lock and cause JPEG loss of the locker

Lines of code Vulnerability details Impact NFTVault contract allows anyone to finalize a pending NFT value proposal by calling the finalizePendingNFTValueETH function. A finalizer must lock an equivalent amount of JPEG tokens to the proposed NFT value in JPEGLock, and can only withdraw those toke...

FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness

Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...

NonCustodialPSM.mint and redeem using mint control buffer in the inverted way

Lines of code Vulnerability details Impact Now there is no control of VOLT's issuance. For example, super fast VOLT mining is allowed, while mint control buffer will sit capped at its bufferCap, not affecting anything. This way mint speed control is disabled. The issue is that NonCustodialPSM.min...

Re-entrace danger in PCVDeposit

Lines of code Vulnerability details Impact A malicious contract can empty all the system if he get ETH with the function withdrawETH. The onlyPCVController call this function and send ETH to the malicious contract, and then the malicious can use delegatecall and pretend to be onlyPCVController, a...

STORAGE COLLISION BETWEEN PROXY AND IMPLEMENTATION (LACK EIP 1967)

Lines of code Vulnerability details Impact Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables Proof of Concept contract CoreProxy is Ownable address private immutable implement; When you implement proxies, logic and implementation share the same...

_withdrawLiquidity() is Not Consistent With start()

Lines of code Vulnerability details Impact withdrawLiquidity details a number of scenarios under which a user may withdraw their liquidity. The first two scenarios outline cases where the credit line has either been cancelled by the borrower or insufficient assets have been lent out to the pool b...

DoS: Attacker May Front-Run CoreFactory.createProject() Or CoreFactory.addCollection() With A collection.id Causing Future Transactions With The Same collection.id to Revert

Lines of code Vulnerability details Impact A collection.id may only be used once in CoreFactory.createCollection since the the contract is deployed using the create2 opcode with a repeated salt and contract bytecode will fail to deploy a contract. Furthermore, the modifier onlyAvailableCollection...

if msg.value > amount , then extra eth is not transfered back to user

Lines of code Vulnerability details Impact if msg.value amount , there is no mechanism to send extra eth back due to which user will lose extra Proof of Concept function startBridgeTokensViaCBridgeLiFiData memory lifiData, CBridgeData calldata cBridgeData public payable if cBridgeData.token !=...

[WP-H10] GenericSwapFacet.sol#swapTokensGeneric() duplicated .call{ value: msg.value } makes it possible for the attacker to steal native tokens (ETH) from the contract

Lines of code Vulnerability details function swapTokensGenericLiFiData memory lifiData, LibSwap.SwapData calldata swapData public payable uint256 receivingAssetIdBalance = LibAsset.getOwnBalancelifiData.receivingAssetId; // Swap executeSwapslifiData, swapData; uint256 postSwapBalance =...

[WP-H3] money-market-contracts/oracle#feed_prices() delayed transaction may disrupt price feeds

Lines of code Vulnerability details The implementation only takes two attributes: asset and price. And the lastupdatedtime of the record will always be set to the current block.time. This makes it possible for the price feeds to be disrupted when the network is congested, or the endpoint is down...

Inconsistency behavior between bAsset tokens and the standard cw20 tokens

Lines of code Vulnerability details Impact The implementation of the send function of bAsset tokens is inconsistent with the standard cw20's implementation. In the standard implementation, the msg and the transfer amount are passed to the recipient contract as a regular message. However, in the...

Rewards can be stolen from contract

Lines of code Vulnerability details It was observed that executeclaimrewards/executedecreasebalance/executeincreasebalance are missing to update the global index before calculating user rewards in anchorbassetreward contract This can lead to serious consequences: 1. executeincreasebalance functio...

Nodes can drain SKALE chain owners' wallets

Lines of code Vulnerability details The contest code does a good job of preventing users from withdrawing too quickly or attempting to do things without funds for gas. The nodes themselves however are not as well-secured. Impact By monitoring the values of headerMessageGasCost and messageGasCost...

Miners Can Manipulate tx.gasprice to Drain Users' Wallets in postIncomingMessages()

Lines of code Vulnerability details Impact The postIncomingMessages function is used to broadcast signed data indicating that a funds on an schain will be moved to mainnet. While the function performs proper signature verification, it doesn't prevent any arbitrary user from frontrunning the...

Fees Are Incorrectly Charged on Unfinalized NFT Sales

Lines of code Vulnerability details Impact Once an auction has ended, the highest bidder now has sole rights to the underlying NFT. By finalizing the auction, fees are charged on the sale and the NFT is transferred to auction.bidder. However, if auction.bidder accepts an offer before finalization...

LockedBalance library should drop parameters to 96/32 bits

Lines of code Vulnerability details Impact The LockedBalance contract takes 256-bit amount values but performs bit math on them as if they were 96 bit values. Bits could spill over to a different locked balance in the else part lockedBalance stores two 128-bit locked balances in one 256-bit stora...

ERC20 decimals can be different than 18

Lines of code Vulnerability details Impact setDefaultFeePercentage, setCustomFeePercentageForCollateral, setCustomFeePercentageForSafe functions assume that the underlying ERC20 token has 18 decimal digits. Whilst this is true most of the time, an ERC20 token can have a different decimals value...

VUSD.processWithdrawals() Can Be Filled With Empty Withdrawals

Lines of code Vulnerability details Impact The processWithdrawals function intends to allow for users to finalise their withdrawal in a canonical fashion. By enforcing the order of withdrawals, the protocol can ensure that users are paid out fairly. However, because the function only allows for...

Chainlink latestRoundData validation

Lines of code Vulnerability details Impact Oracle returns Chainlink latestRoundData without proper validation, e.g.: function getUnderlyingPriceaddress underlying ... ,answer,,, = AggregatorV3InterfacechainLinkAggregatorMapunderlying.latestRoundData; answer /= 100; And other functions that call...

liquidation is vulnerable to sandwich attacks

Lines of code Vulnerability details when an account is liquidated, there is no minimum amount of the swap, which makes it vulnerable for sandwich attacks. Proof of Concept Alice's long position can be liquidated, bob notices it and creates a short position, then liquidates her position, thus...

Function getUnderlyingPrice in Oracle.sol does not check the price returned from chainlink aggregators

Lines of code Vulnerability details Impact The getUnderlyingPrice function in the contract Oracle.sol fetches the answer directly from a Chainlink aggregator using the latestRoundData function. There is no check if the return value is 0 or indicates stale data. This could lead to incorrect or sta...

Reentrancy in depositBribeERC20 function

Lines of code Vulnerability details Impact depositBribeERC20 function in BriveVault is reentrant in line 187, where an address supplied by the caller is called. A bad actor that has DEPOSITORROLE and is a contract can execute a folowing attack: 1. Create a dummy token contract, reentrant in the...

Rewards can be claimed if merkle proof is known

Lines of code Vulnerability details Impact The README describes the following when a voting ends: Outside of the Hidden Hand contract scope, after the Tokemak CoRE round ends, proposal data is compiled and these two things happen: - The following is derived from the data: its hash KECCAK-256 and...

Undesired behavior

Lines of code Vulnerability details You push a parameter into an array of tokens without checking if it's already exists. And if at first it's added with amount 0 it can later on be pushed with a greater amount and be twice in the array. Then in all processing it will consider the first occurrenc...

Users’ staking rewards can get redeemed by other users

Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...

UniV2ClassDex.sol#uniClassSell() Tokens with fee on transfer are not fully supported

Handle WatchPug Vulnerability details function uniClassSellDexInfo memory dexInfo, address buyToken, address sellToken, uint sellAmount, uint minBuyAmount, address payer, address payee internal returns uint buyAmount address pair = getUniClassPairbuyToken, sellToken, dexInfo.factory;...

Reentrancy on Flash Governance Proposal Withdrawal

Handle kirk-baird Vulnerability details Impact The function withdrawGovernanceAsset is vulnerable to reentrancy, which would allow the attacker to drain the balance of the flashGoverananceConfig.asset. Note: this attack assumes the attacker may gain control of the execution flow in asset.tranfer...

Arbitrary call

Handle Tomio Vulnerability details Impact In the https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.solL15 the addVault take 2 parameters as input, convexStakingWrapper, and vaultId, however the convexStakingWrapper is user controllable therefore the user could make an...

MINTING to collateralVault could inflating totalsupply, without giving the balance to anyone

Handle Tomio Vulnerability details Impact First of all, this is an address zero issue, however, this could lead to an imbalance between total supply circulating and the actual balance that was assigned to another user, in the...

[WP-M2] DEFAULT_ADMIN_ROLE can approve arbitrary address to spend any amount from the L1Escrow contract

Handle WatchPug Vulnerability details function approve address token, address spender, uint256 value public onlyRoleDEFAULTADMINROLE ApproveLiketoken.approvespender, value; emit Approvetoken, spender, value; L1Escrow.solapprove allows an address with DEFAULTADMINROLE can approve an arbitrary amou...

approve() function does not require that _token and _spender args are unique

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the approve function takes in a token to approve the spender to be able to spend but does not check that the token and spender are different addresses which can leave the protocol open to be expo;ited. Proof of Concept function approve...

No slippage protection on _swapUstToUnderlying can lead to lost funds

Handle harleythedog Vulnerability details Impact The function swapUstToUnderlying exists to swap Ust to underlying tokens. The last argument to exchangeunderlying is mindy, which specifies the minimum number of underlying to be returned from the swap. Currently, this value is set to 0, so the...

MsNik

Handle AmitN Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The te...

safeDecimals can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeDecimals function, found in the SafeMetadata.sol contract and called in 3 different Timeswap Convenience contracts, can cause a revert. This is because the safeDecimals function attempts to use abi.decode to return a uint8 when data.length =...

safeName() can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeName function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,...

Unbounded loop on array can lead to DoS

Handle robee Vulnerability details The attacker can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit. This is an High Risk issue since thos...

Locks can be denied

Handle cmichel Vulnerability details The XDEFIDistribution.lock function mints a new token and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is...

merge() can cause lock to fail due to tokenId collision

Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...

Anyone can steal XDEFI from the XDEFIDistribution contract and make the contract insolvent

Handle onewayfunction Vulnerability details Impact Anyone can steal XDEFI from the XDEFIDistribution contract, thereby making the contract insolvent. In the process, they also make the updateDistribution function uncallable -- and thus make the value of pointsPerUnit unchangeable. This comes with...

Reliance on exact balance

Handle pauliax Vulnerability details Impact functions addLiquidity721WETH and addLiquidity1155WETH rely on the exact balance of tokens: uint256 balance = count BASE; // We should not be experiencing fees. requirebalance == IERC20Upgradeablevault.balanceOfaddressthis, "Did not receive expected...

Yeti token rebase checks the additional token amount incorrectly

Handle hyh Vulnerability details Impact The condition isn't checked now as the whole balance is used instead of the Yeti tokens bought back from the market. As it's not checked, the amount added to effectiveYetiTokenBalance during rebase can exceed the actual amount of the Yeti tokens owned by th...

WJLP contract doesn't check for JOE and JLP token transfers success

Handle hyh Vulnerability details Impact Transactions will not be reverted on failed transfer call, setting system state as if it was successful. This will lead to wrong state accounting down the road with a wide spectrum of possible consequences. Proof of Concept safeJoeTransfer do not check for...

denial of service

Handle certora Vulnerability details the balance of outputToken is checked to be exactly joinTokenStruct.outputAmount. It is not recommeded and it's better to use = Impact The worst scenario is a denial of service in case there is already an amount of the output token in the contract. It is easil...