No checks if given product is created by the factory

Handle 0x0x0x Vulnerability details An attacker can create a fake product. Collateral contract does not check whether the given product is created by the factory. A malicious product can return arbitrary maintenance amounts, therefore they can make any deposit to fake product stuck simply return...

Extension voting threshold check needs to rerun on each transfer

Handle cmichel Vulnerability details The Extension contract correctly reduces votes from the from address of a transfer and adds it to the to address of the transfer in case both of them voted on it before, but it does not rerun the voting logic in voteOnExtension that actually grants the...

Reward stuck if promotion cancel before all past reward claimed

Handle gzeon Vulnerability details Impact When owner call cancelPromotion, the contract 1. Delete the promotion struct L132 2. Return all token reserved for future epochs L133 If there are token left for previous epochs, they will be stuck in the contract as the promotion struct is gone. Proof of...

Drain the award pool by feeding outrange epoch into function claimRewards

Handle 0xabc Vulnerability details Impact in function claimRewards, there is no checking on value in epochIds. Exploiter can claim more than the promotion award by calling the function with outrange epochs. Proof of Concept Consider a promotion with promitionid X and numberOfEpochs =Y. Exploiter...

UniswapV3's path issue for swapExactOutput

Handle cmichel Vulnerability details UniswapV3 expects a path object like tokenA, feeAB, tokenB, feeBC, tokenC. The UniV3Trader.swapExactOutput code tries to reverse this path to get to tokenC, feeBC, tokenB, feeAB, tokenA but that's not what the reverseBytes function does. Note that it reverts t...

Wrong calculation of excess depositToken allows stream creator to retrieve depositTokenFlashloanFeeAmount, which may cause fund loss to users

Handle WatchPug Vulnerability details uint256 excess = ERC20token.balanceOfaddressthis - depositTokenAmount - redeemedDepositTokens; In the current implementation, depositTokenFlashloanFeeAmount is not excluded when calculating excess depositToken. Therefore, the stream creator can call...

global unstreamed value is not updated after stream depositor withdraws an amount

Handle hubble Vulnerability details Impact Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream. Proof of Concept File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal;...

Timelock delay can be changed by without any delay

Handle 0x0x0x Vulnerability details Impact Delay can be changed without any delay. Therefore, it is possible to call functions from this contract in a single block by changing the delay. This creates a huge attack vector, since if governor private keys would be stolen, everything can be withdrawn...

_addTostakepadding() will return 0 for users who already had a stakepadding but would like to add on top of their previous stake with 'newStakePadding' on line 186-190(AbstractRewardMine.sol)

Handle 0xwags Vulnerability details Impact The handleStakePadding function handles the calculations for users without a prior stake padding and the ones who already had a stakepadding but want to add to their existing stakepadding. The condition within 'newStakePadding' will return false for user...

Permissions - return values not checked when sending ETH

Handle ScopeLift Vulnerability details Impact On lines 85 and 101, ETH is transferred using a .call to an address provided as an input, but there is no verification that the call call succeeded. This can result in a call to emergencyWithdrawGAS or partialWithdrawGAS appearing successful but in...

MEV miner can mint larger than expected UDT total supply

Handle elprofesor Vulnerability details Impact UnlockProtocol attempts to calculate gas reimbursement using tx.gasprice, typically users who falsify tx.gasprice would lose gas to miners and therefore not obtain any advantage over the protocol itself. This does present capabilities for miners to...

Frontrunning PublicLock.initialize() can prevent upgrades due to insufficient access control

Handle elprofesor Vulnerability details Impact The unlock protocols base contract Unlock.sol uses setLocktemplate to initialize the implementation contract for the PublicLock proxy. This function will initialize the relevant PublicLock contract which has been deployed separately...

transferFrom() and shareKey() doesn't check for _from != _recipient

Handle GiveMeTestEther Vulnerability details Impact / POC There is no check from != recipient in transferFrom https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/mixins/MixinTransfer.solL109 the key manager/approver can expire the k...

IbbtcVaultZap.sol#setGuardian doesn't set the guardian, but governance

Handle 0x0x0x Vulnerability details Proof of Concept This function is intended to change the guardian, but the code changes the governance address as seen in the code: function setGuardianaddress guardian external onlyGovernance; governance = guardian; It should be replaced with the following cod...

Newly Registered Assets Skew Consultation Results

Handle leastwood Vulnerability details Impact The TwapOracle.consult function iterates over all token pairs which belong to either VADER or USDV and then calculates the price of the respective asset by using both UniswapV2 and Chainlink price data. This helps to further protect against price...

Wrong design of swap() results in unexpected and unfavorable outputs

Handle WatchPug Vulnerability details The current formula to calculate the amountOut for a swap is: function calculateSwap uint256 amountIn, uint256 reserveIn, uint256 reserveOut public pure returns uint256 amountOut // x Y X uint256 numerator = amountIn reserveIn reserveOut; // x + X ^ 2 uint256...

Can not update target price

Handle jonah1005 Vulnerability details Impact The sanity checks in rampTargetPrice are broken SwapUtils.solL1571-L1581 if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require futureTargetPricePrecise =...

Unable to claim vesting due to unbounded timelock loop

Handle nathaniel Vulnerability details Impact The timelocks for any beneficiary are unbounded, and can be vested by someone who is not the beneficiary. When the array becomes significantly big enough, the vestments will no longer be claimable for the beneficiary. The vest function in Vesting.sol...

Regular Trades Can Drain Executioner.sol Balance

Handle zer0dot Vulnerability details Impact This vulnerability allows any trade to effectively drain the balance, as long as it is not the chain's native asset which is not used directly in the modules , from the Executioner.sol contract. This is technically not critical because funds are not...

initialBalance and finalBalance calculated in a different way

Handle gpersoon Vulnerability details Impact The function executeTrades of Slingshot.sol calulates the initialBalance and finalBalance in a different way. If toToken == nativeToken then: initialBalance == executioner.balance; finalBalance == wrappedNativeToken.balanceOfaddressexecutioner This cou...

WrappedIbbtc and WrappedIbbtcEth contracts do not filter out price feed outliers

Handle hyh Vulnerability details Impact If price feed is manipulated in any way or there is any malfunction based volatility on the market, both contracts will pass it on a user. In the same time it's possible to construct mitigation mechanics for such cases, so user economics be affected by...

ReferralFeePoolV0.sol#claimRewardAsMochi() Array out of bound exception

Handle WatchPug Vulnerability details function claimRewardAsMochi external IUSDM usdm = engine.usdm; address memory path = new address; path0 = addressusdm; path1 = uniswapRouter.WETH; path2 = addressengine.mochi; usdm.approveaddressuniswapRouter, rewardmsg.sender; // we are going to ingore the...

Uniswap / Sushiswap prices can be manipulated through flashloans

Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...

Auction bonder can steal user funds if bond block is high enough

Handle kenzo Vulnerability details After an auction has started, as time passes and according to the bondBlock, newRatio which starts at 2ibRatio gets smaller and smaller and therefore less and less tokens need to remain in the basket. This is not capped, and after a while, newRatio can become...

Missing zero address check for ecrecover will validate invalid signatures

Handle 0xRajeev Vulnerability details Impact Solidity’s ecrecover returns 0 if signature is invalid. The Sig.sol library does not perform zero address check on ecrecover’s return value and returns it as-is. The validOrderHash function in Swivel which uses Sig.recover compares its return value...

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. This value is not checked throughout the...

There is no corresponding setResume() for setHalted()

Handle 0xRajeev Vulnerability details Impact There is no function for setting halted to false, i.e. to resume the halted protocol, unlike pause/unpause. It appears that halted is actually permanent shutdown here. If so, this should be documented clearly. If not, setHalted should take a boolean to...

Harvest can be frontrun

Handle 0xsanson Vulnerability details Impact In the NativeStrategyCurve3Crv.harvest there are two instances that a bad actor could use to frontrun the harvest. First, when we are swapping WETH to a stablecoin by calling swapTokensweth, stableCoin, remainingWeth, 1 the function isn't checking the...

Possibility to Stake Twice

Handle verifyfirst Vulnerability details Impact Potential for some users to double-stake their Yaxis. Proof of Concept // SPDX-License-Identifier: MIT pragma solidity 0.6.12; import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; // yAx...

earn results in decreasing share price

Handle jonah1005 Vulnerability details Impact For a dai vault that pairs with NativeStrategyCurve3Crv, every time earn is called, shareholders would lose money. about 2% There're two issues involved. The Vault contract and the controller contract doesn't handle the price difference between the wa...

removeToken would break the vault/protocol.

Handle jonah1005 Vulnerability details removeToken would break the vault. Impact There's no safety check in Manager.sol's removeToken. Manager.solL454-L487 1. The token would be locked in the original vault. Given the current design, the vault would keep a ratio of total amount to save the gas...

executing instruction outside code can lead to failing transfer

Handle Omik Vulnerability details Impact in the , is handling transfer and transferfrom, and checking the return value of the transfer and transferfrom, but the checking is happening outside the code, therefore if the transfer successfull it will still return false Proof of Concept 1. deploy this...

Unchecked return value from transfer()

Handle JMukesh Vulnerability details Impact It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure. Proof of Concept Tools Used manual review Recommended Mitigation Steps che...

Deposits don't work with fee-on transfer tokens

Handle cmichel Vulnerability details There are ERC20 tokens that may make certain customizations to their ERC20 contracts. Some tokens charge a certain fee for every transfer or transferFrom. Others types are rebasing tokens that increase in value over time like Aave's aTokens balanceOf changes...

_token parameter not validated

Handle pauliax Vulnerability details Impact function depositProtocolBalance does not validate the token, nor the caller. It is possible to call this function passing any arbitrary token and amount values and thus artificially increasing protocolBalance which may lead to further failed computation...

Return values of BEP20.transfer and BEP20.transferFrom are unchecked

Handle shw Vulnerability details Impact The return values of BEP20.transfer and BEP20.transferFrom are not checked to be true in multiple contracts. The return value could be false if the transferred token is not BEP20-compliant, indicating that the transfer fails, while the calling contract will...

BondVault BASE incentive can be gamed

Handle cmichel Vulnerability details BondVault deposits match any deposited token amount with the BASE amount to provide liquidity, see Docs and DAO.handleTransferIn. The matched BASE amount is the swap amount of the token trade in the pool. An attacker can manipulate the pool and have the DAO...

[Pool] - Flash loan + Synth.realise allows anyone to extract value from LPs

Handle adelamo Vulnerability details Impact On Synth.sol, we have the method realise that checks if the LP value is higher than the Synth value. If confirmed, it will burn the premium LP. Using a flash loan, we can add liquidity to the pool, mint some LP tokens. Then, call realise using the pool...

Use of deprecated Chainlink function latestAnswer

Handle shw Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price fed to the UniswapV3Oracle. Proof of Concept Referenced code:...

Signature replay attacks are possible if a user's transactionId is not unique

Handle shw Vulnerability details Impact If a user's two transactions can have the same transactionId while their router addresses differ, then the fulfill and cancel signatures for one of the transaction is replayable on the other. Proof of Concept The only transaction-related data in the...

Users are charged twice the FDT tokens when tokenizing their convictions

Handle shw Vulnerability details Impact Users have to pay twice the FSD tokens when tokenizing their convictions if the locked variable is non-zero. Proof of Concept The first payment is made in the function tokenizeConviction of the contract ERC20ConvictionScore line 282, where a user transfer...

gracePeriod not increased after membership extension

Handle gpersoon Vulnerability details Impact In the function purchaseMembership of FSDNetwork.sol, when the membership is extended then membershipmsg.sender.creation is increased, however membershipmsg.sender.gracePeriod is not increased. This might lead to a gracePeriod than is less then expecte...

Denial of service for NFT's

Handle gpersoon Vulnerability details Impact The function removeNft uses more gas as more NFT's are added. An attacker can send random NFT's to the contract, which are received via onERC721Received. This functions adds the NFT's to the array nfts, using the function addNft. The longer the nfts...

Randomnesss can be manipulated

Handle adelamo Vulnerability details Here you have more info: --- The text was updated successfully, but these errors were encountered: All reactions...

Code different from comment

Handle s1m0 Vulnerability details Impact The formula doesn't coincide with the comment. Proof of Concept Tools Used Manual analysis. Recommended Mitigation Steps Correct the code or the comment. --- The text was updated successfully, but these errors were encountered: All reactions...

Example finding from form

Email address [email protected] Handle adamavenir Eth address 234234234 Vulnerability details Some details: detailsschmetails Impact Brace for it! Proof of concept proof of concept Tools used I used no tools. Just this form and my BARE HANDS Recommended mitigation steps I would recommend not doing...

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

Bonds created in year cross epoch's can lead to lost payouts

Lines of code Vulnerability details Impact Bond depositors and agent/component owner's may never receive the payout Olas Incorrect inflation control Proof of Concept effectiveBond is used to account how much of Olas is available for bonding. This includes Olas that are to be minted in the current...

Pausing the GuardCM does not work because the governorCheckProposalId is never set

Lines of code Vulnerability details Impact Since the governorCheckProposalId of the proposal to check the activity of the governance is never set in GuardCM, the CM can never pause GuardCM, even if the governance is inactive. This will result in a stagnation of the protocol since no significant...

MALICIOUS USER CAN DoS A NORMAL USER FROM LOCKING THE OLAS TOKENS FOR A SHORTER PERIOD OF TIME, TO GET VOTING POWER

Lines of code Vulnerability details Impact The veOLAS.createLockFor function is used to deposit amount of OLAS tokens for account and locks for unlockTime. The createLockFor is an external function which can be called by any user since there is no access control. Hence any user can create a lock...