Pair.sol contract is susceptible to having its pricing curve (x*y = k) manipulated through a 3rd party contract calling selfdestruct() and forwarding ether.

Lines of code Vulnerability details Impact If a pair is denominated in ether, a third party contract can forward ether to the contract using the selfdestruct function passing the pair's address. The impact of this is that the pair will allow its market making curve to be manipulated. Among other...

Bidding data structure is corrupted, leading to unfair removal from queue.

Lines of code Vulnerability details Description processBidsInQueue in GroupBuy handles integrating a new bid into the existing structure. If bumps out lower-paying bids until the new bid is completely fulfilled or the remaining bids are too high. When the lowest paying bid has higher quantity tha...

LP Rewards can be increased infinitely by a malicious liquidity provider

Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...

Aggregated reserve amounts should be used instead of the first valid tick liquidity

Lines of code Vulnerability details Impact Liquidity can be biased on a specific side quote vs base and it is even possible a liquidity provider gets more LP tokens. Proof of Concept According to the PDF document provided, the number of LP tokens newSupply is calculated using the Table 1 as below...

Attacker can make any function that relies on _satisfiesScoreRequirement reverts

Lines of code Vulnerability details Impact The NFTScoreRequirement contract have a function that checks the user score which diff it with the requiredScore variable, if it's higher then the function will continues, however the function that sets the requiredScore variable is made public with no...

Infinite approval given to DepositTradeHelper contract can be misused by malicious actors

Lines of code Vulnerability details Impact depositAndTrade function in DepositTradeHelper account has infinite approval to spend baseTokens & collateralTokens of user using offChain signatures. However, once swapRouter executes UniV3 swap transaction on line 33, the contract does not give up its...

Access control for hook function in RedeemHook Contract is inconsistent with the implementation.

Lines of code Vulnerability details Impact Access control for hook function in RedeemHook Contract is inconsistent with the implementation. Since the function involves a transfer of fees to Treasury, I've marked it as MEDIUM RISK RedeemHook checks if sender is in a list of pre-approved accounts i...

Anyone can set the accountList object

Lines of code Vulnerability details Impact The setAccountList function which is the function that is responsible to set the account list object is made public with no access control on the AccountListCaller contract, Proof of Concept truffle console --networkId 555 compile attacker = "choose...

suppliers funds loss because attacker can transfer his collateralized tokens when health factor is below liquidation threshold by reentrancy attack during executeLiquidateERC20() logic and transferring collateralize

Lines of code Vulnerability details Impact Function executeLiquidateERC20 is for liquidating a position if its Health Factor drops below 1. The caller liquidator covers liquidationAmount amount of debt of the user getting liquidated, and receives a proportional amount of the collateralAsset plus ...

Artist will never get their payout for their NFT in FixedPrice and OpenEdition

Lines of code Vulnerability details Impact There is no logic for transferring Ether that artist gain from their NFT sales in both FixedPrice and OpenEdition contracts. For these 2 contracts there is only logic for transferring 5% fee to the protocol. Therefore, artist will gain nothing from selli...

MintableIncentivizedERC721 incorrectly implements safe transfers

Lines of code Vulnerability details Impact MintableIncentivizedERC721 incorrectly implements safeTransfer and safeTransferFrom by simply replicating the unsafe transfer/transferFrom function. Raising as medium because as a consequence of this, these ERC721 tokens may end up locked in contracts th...

fee distribution is only for the msg.to contract, instead of the to address of the call traces, which is not reasonable for the gas economic system.

Lines of code Vulnerability details Impact The target contract of the fee distribution is got by contract := msg.To in the evmhooks.go . So the fee distribution is only for the msg.to contract, instead of the to address of the call traces. It means that any one use a contract wallet or setup a...

Potential mismanaging of the access and roles

Lines of code Vulnerability details Impact In initiateMigration method we are setting migratedTo to an address of the potential migration contract Later on, if completeMigration is called, it basically checks if the provided oldContract is equal to migratedTo when we enter the migrateReward metho...

Allowance underflow

Lines of code Vulnerability details Impact I think the following check is unnecessary but furthermore, there should be a comparison if the allowance amount allowed is equal or greater than shares amount. Otherwise, we would end up with underflow of the uint value Proof of Concept Tools Used Manua...

Wrong comparison

Lines of code Vulnerability details Impact I think the following check is unnecessary but furthermore, there should be a comparison if the allowance amount allowed is equal or greater than shares amount. Otherwise, we would end up with underflow of the uint value Proof of Concept Tools Used Manua...

NameWrapper: Cannot prevent transfer while upgrade even with CANNOT_TRANSFER fuse regardless of the upgraded NameWrapper's implementation

Lines of code Vulnerability details Impact Upon upgrade to a new NameWrapper contract, owner of the node will be set to the given wrappedOwner. Since the node will be burned before calling the upgraded NameWrapper, the upgraded NameWrapper cannot check the old owner. Therefore, no matter the...

Nonce is not updated after EVM Transaction

Lines of code Vulnerability details Impact It was observed that nonce is not updated while performing the EVM transaction. This could lead to Replay attacks Proof of Concept 1. Observe the CallEVM function func k Keeper CallEVM ctx sdk.Context, from common.Address, to common.Address, amount...

Upgraded Q -> M from #418 [1669043788344]

Judge has assessed an item in Issue 418 as M risk. The relevant finding follows: 1. LBRouter's swapAVAXForExactTokens not working as intended LBRouter's swapAVAXForExactTokens will only work when sending exact msg.value = amountIn0. The functionality which returns excess funds to the user in the...

Unchecked transfer

Lines of code Vulnerability details Impact The return value of an external transfer/transferFrom call is not checked Proof of Concept you can check Vulnerability in code here: Tools Used Recommended Mitigation Steps Use SafeERC20, or ensure that the transfer/transferFrom return value is checked...

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

Legitimate token / USD pairs with more than 8 decimals are not handled correctly

Lines of code Vulnerability details Impact The decimals returned by the Chainlink oracles are assumed to be 8 throughout this protocol. However, there are legitimate token / USD pairs that have the corresponding Chainlink oracles to return more than 8 decimals; for example, the AMPL / USD pair's...

Borrower can mark his line of credit as repaid by calling line.close(fakeId) repeatedly

Lines of code Vulnerability details Description This vulnerability can be summarized in the following 4 observations: 1. There are no checks to prevent calling line.close with id that doesn’t correspond to any open position. 2. The effect of calling line.close with a fake position id is...

SpigotLib._claimRevenue is marked public instead of internal

Lines of code Vulnerability details Impact SpigotLib.claimRevenue is marked public instead of internal. This public function is wrapped in the external claimRevenue function. Attacker can call claimRevenue to claim Revenue Tokens into the Spigot escrow for later withradrawal. Tools Used Manual...

SpigotedLineLib::trade won’t work with tokens with approval race protection (USDT)

Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...

The execute() function of SeaportProxy.sol will always fail.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. While L69 of SeaportProxy.sol is successful in preventing the function being called by a contract other than the LooksRareAggregator, unfortunately, the current implementation will fail the calling from...

Multi Step upgrades introduce security risk

Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...

Reentrancy in createAuction() function

Lines of code Vulnerability details Impact Some ERC20 tokens missing return values and don't fail in case of an unsuccessful transfer. Also, ERC777 tokens could call the tokens receivers during the transfer. If baseToken would be such a token that combines both properties - this could lead to a...

SizeSealed.withdraw will revert on mulDivDown if a.data.lowest is the value zero, which can prevent withdraws for an auction

Lines of code Vulnerability details Proof of Concept The call to mulDivDown on L377 will revert if the third argument denominador is the value zero. See Solmate implementation. It's possible for a.data.lowestBase to receive the value zero, which will prevent the transfers from L381 and L384. Impa...

A total of 3 risks: one with imperfect concurrency judgment logic, one with unrobust business logic, and one with unreasonable timestamp settings

Lines of code Vulnerability details RISK 1: When creating an auction, if the exact same token is transferred to the contract in a very short period of time, it will cause one of the auctions to fail to be created. is caused by the following statement: if balanceAfterTransfer - balanceBeforeTransf...

Bid can be cancelled after being finalized

Lines of code Vulnerability details Impact The SizeSealed contract's cancelBid function can be called after auction has been finalized, thereby allowing the bidder to withdraw their quoteToken after bid is finalized This is possible by bypassing the if a.data.lowestQuote != typeuint128.max ||...

Oracle's getPrice() returns the wrong price in certain combinations of oracle feed and token decimals

Lines of code Vulnerability details Impact The oracle's getPrice returns a price that is off by several orders of magnitued depending of the combination of decimals for the Chainlink's pricefeed and underlaying token's pricefeed Actually it based on the decimals set when adding the feed tot he...

Fees charged from entire theoretical pledge amount instead of actual pledge amount

Lines of code Vulnerability details Description Paladin receives a 5% cut from Boost purchases, as documented on the website "Warden takes a 5% fee on Boost purchases, and 5% on Quest incentives. However, there are various pricing tiers for Quest creators. Contact the Paladin team for more info."...

DBR can be reused between multiple debtor accounts

Lines of code Vulnerability details Impact A borrower can reuse DBR between various accounts. When a user attempts to call forceReplenish, the borrower will transfer the held DBR to the targeted account. In theory, a borrower can have infinite accounts in DBR debt but enough DBR on a single accou...

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...

Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked

Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...

targetVotes can never be reached by pledge creators

Lines of code Vulnerability details Impact When creating a pledge via the createPledge function, creators are required to input their targetVotes which is the maximum target of votes to have including their own balances plus delegation. However, in the pledge function, there is a check to ensure...

untyped data signing

Lines of code Vulnerability details in function deployHolographableContract the bytes32 hash is directly encoded without adding any domain separator . this will cause several issues an attacker can front run the signature and use them on same contract on another chain . eg a user wants to call...

Optimistic bridging pattern, can lead to bridge exploitation

Lines of code Vulnerability details Impact Zero deposit Bridging. Wherease users can fake the depositing process but can mint multiple tokens in the destination chain. The bridging is optimistic, whereas the validation restricts to just checking the function selector and a no-error pattern, this...

MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high

Lines of code Vulnerability details Description Operators in Holograph do their job by calling executeJob with the bridged in bytes from source chain. If the primary job operator did not execute the job during his allocated block slot, he is punished by taking a single bond amount and transfer it...

If user sets a low gasPrice the operator would have to choose between being locked out of the pod or executing the job anyway

Lines of code Vulnerability details During the beaming process the user compensates the operator for the gas he has to pay by sending some source-chain-native-tokens via hToken. The amount he has to pay is determined according to the gasPrice set by the user, which is supposed to be the maximum g...

MED - NFTs become no longer holographable once new factory is connected.

Lines of code Vulnerability details Description The basic premise of the Holograph platform is that NFTs / ERC20s are holographable, in other words they will have the same address across all ERC20 compatible blockchains. This invariant is used countless times in the code base. For example, when...

Reentrancy can increase allowance can be used to take more funds than expected

Lines of code Vulnerability details Reentrancy can increase allowance can be used to take more funds than expected In the same way as the typical front run of ERC20 approve/transferFrom, you would be able to take money when calling maliciousERC20.beforeApprove hook, this would realize a...

Upgraded Q -> H from 744 [1666621202565]

Judge has assessed an item in Issue 744 as High risk. The relevant finding follows: 1. writeCheckpoint will fail to insert an initial checkpoint Due to solidity 0.8 overflow/underflow protection, accessing checkpointstoTokenIdnCheckpoints - 1 will throw if nCheckpoints == 0. As it is not possible...

Anyone can steal all the non-fee balance in LBPair.sol

Lines of code Vulnerability details Proof of concept When a user wants to execute a directswap tx, the way to check the tokens that he put in for the swap is by this code uint256 amountIn = swapForY ? tokenX.receivedpair.reserveX, pair.feesX.total : tokenY.receivedpair.reserveY, pair.feesY.total;...

Upgraded Q -> M from 400 [1666366553858]

Judge has assessed an item in Issue 400 as Medium risk. The relevant finding follows: Use safeTransferFrom instead of transferFrom transferFrom can be replaced with safeTransferFrom as it makes sure that the receiver can handle ERC721 tokens and prevents it from being stuck in the contracts Refer...

After proposed 0.8.0 upgrade kicks in, L2 finalizeInboundTransfer might not work.

Lines of code Vulnerability details Description L2GraphTokenGateway uses the onlyL1Counterpart modifier to make sure finalizeInboundTransfer is only called from L1GraphTokenGateway. Its implementation is: modifier onlyL1Counterpart require msg.sender ==...

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Lines of code Vulnerability details Impact The canMatchMakerAsk and canMatchMakerBid functions in StandardPolicyERC1155.sol will only return 1 as the amount instead of the order.amount value. This value is then used in the executeTokenTransfer call during the execution flow and leads to only 1...

Transfer reminder of msg.value is bad practice

Lines of code Vulnerability details Impact Transfer reminder of msg.value is bad practice. Can lead to out of gas, reentrancy and so on. Proof of Concept Tools Used Static analytics Recommended Mitigation Steps Can create method getReminder and user to call to get all reminders for him. --- The...

Reentrancy

Lines of code Vulnerability details Reentrancy in BlurExchange.executeInput,Input contracts/BlurExchange.sol128-175: External calls: - executeFundsTransfersell.order.trader,buy.order.trader,sell.order.paymentToken,sell.order.fees,price contracts/BlurExchange.sol147-153 -...

_executeTokenTransfer() can silently fail for malicious ERC721 implementations.

Lines of code Vulnerability details Impact execute calls executeTokenTransfer to perform the NFT transfer from seller to buyer. The function assumes correct safeTransferFrom functionality and does not check balances. In case of malicious - or poorly designed pausable ERC721 implementations, this...