function mint() in FERC1155 don't follow check-effect-interact pattern, it's possible to call protocol contracts after tokens minted and before totalSupply updated

Lines of code Vulnerability details Impact Function mint mints new fractions for an ID and is only callable by VaultRegistry. code mints tokens then updates totalSupply value. when minting contract may make external call to target address, in that external call contract state is wrong, tokens are...

Not update ethBalance after users cash out in Migration may cause loss of funds

Lines of code Vulnerability details Impact In Buyout.cash function, users will burn their fractions to cash out ETH. The ETH amount is proportionate the number of fractions they have. So when someone burn fractions, total amount of ETH ethBalance should be updated accordingly. But in cash functio...

Distribution of reserved tokens may run out of gas

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the function that distributes the reserved tokens will run out of gas, and the reserved tokens will be un-distributable until the current cycle is over, and the splits are changed. If cycles are long, the...

Unused deadline checker modifier may result in user fund loss due to unexpect transaction ordering (MEV)

Lines of code Vulne...

Centralized mint

Lines of code Vulnerability details Impact The mint method is too centralized. Proof of Concept Using the mint function of ERC20MinterBurnerDecimals, the minter address can mint arbitrary amount of tokens. If the private key of the owner or minter address is compromised, the attacker will be able...

baseRatePerBlock not updated when a new base rate is set

Lines of code Vulnerability details Impact When an admin sets a new baseRatePerYear in setBaseRatePerYear, the baseRatePerBlock is not updated. If the deltaBlocks has not passed yet, it will also not be updated when getSupplyRate is called, i.e. a stale value will be returned there. Recommended...

test

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- Th...

Critical address change

Lines of code Vulnerability details Impact Changing critical addresses in contracts should be a two-step process. in order to prevent changing admin by mistake Proof of Concept check these links: OpenZeppelin/openzeppelin-contracts1488 OpenZeppelin/openzeppelin-contracts2369 Tools Used Manual...

Fees should be paid by the user when lend() to Swivel

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...

Deflationary/fee-on-transfer tokens are not supported

Lines of code Lender.solL215 Lender.solL337 Lender.solL398 Lender.solL456 Lender.solL521 Lender.solL564 Lender.solL617 Vulnerability details Impact When an amount of underlying tokens is sent to the Lender.sol contract during a lend, the actual amount gained by the contract might not be exactly t...

Illuminate PT redeeming allows for burning from other accounts

Lines of code Vulnerability details Illuminate PT burns shares from a user supplied address account instead of user's account. With such a discrepancy a malicious user can burn all other's user shares by having the necessary shares on her balance, while burning them from everyone else. Setting th...

Griefers can prevent users from claiming YIELDY_TOKENs from the warm up

Lines of code Vulnerability details Impact When warmUpPeriod is greater than 0, anyone can deny i.e.: grief any user from claiming their YIELDYTOKENs from Staking.sol. Proof of Concept 1. Admin sets the warmUpPeriod to 2. 2. A user deposits a decent amount STAKINGTOKENs, with the expectation that...

Staking: Attacker can stake very few tokens for others to increase the lock time of others' tokens.

Lines of code Vulnerability details Impact In the stake function of the Staking contract, anyone can stake tokens for others. And each time a token is staked, the lock time of all tokens is increased. This allows an attacker to stake few tokens for others to increase the lock time of others'...

initiateBuyout and sell functions on NibbleVault.sol Reentrancy vulnerability

Lines of code Vulnerability details Impact 1. In NibbleVault.sol, it is possible for a contract to prevent the Sell event from being fired after being sent ether. From calling the sell function on line 390, an attacker contract is able to keep the event hidden from being listened to by stopping t...

Functions in CNote.sol are internal instead of external/public

Lines of code Vulnerability details Impact Most of the functions in CNote.sol are internal mutability and have no other locations they are being called. This renders most of the functionalities in the contract to be uncallable. Tools Used Manual review Recommended Mitigation Steps Change to the...

MasterChef's emergencyWithdraw can be reentered drawing all lptokens from the contract if pool.lpToken allows for transfer flow control

Lines of code Vulnerability details User's LP funds accounting update in emergencyWithdraw happens after lpToken transfer. If pool.lpToken allows for the control of transfer call flow or can be upgraded to allow it in the future i.e. beforetokentransfer, afterTokenTransfer type of hooks, or an...

Base rate update frequency can be bypassed by an admin

Lines of code Vulnerability details Impact Base rate update frequency can be bypassed by an admin. Above function require updateFrequency blocks to be passed. Proof of Concept function updateBaseRateuint newBaseRatePerYear public // check the current block number uint blockNumber = block.number;...

zeroswap/UniswapV2Pair.sol Token reserves per lp token can be manipulated due to lack of MINIMUM_LIQUIDITY when minting the first liquidity with migrator

Lines of code Vulnerability details if totalSupply == 0 address migrator = IUniswapV2Factoryfactory.migrator; if msg.sender == migrator liquidity = IMigratormigrator.desiredLiquidity; requireliquidity 0 && liquidity != uint256-1, "Bad desired liquidity"; else requiremigrator == address0, "Must no...

InfinityExchange owner can grief with high fees

Lines of code Vulnerability details Impact The owner of the InfinityExchange contract can set any high fee values for PROTOCOLFEEBPS via the InfinityExchange.setProtocolFee function. The fee value should be limited to a maximum of 10000. If set to higher values and due to the usage across functio...

Owner can grief with high gas units

Lines of code Vulnerability details Impact The owner of the InfinityExchange contract can frontrun sellers/buyers e.g InfinityExchange.matchOneToOneOrders, InfinityExchange.matchOneToManyOrders functions and set arbitrarily high gas units with updateWethTranferGas which can either cause an...

Incorrect accounting results in loss of user stake

Lines of code InfinityStaker.solL116-L131 InfinityStaker.solL290-L325 Vulnerability details Impact In InfinityStaker.sol, when calling the unstake function updateUserStakedAmounts is called to readjust the user staked amounts. If a user stakes an amount in a duration and has an already vested amo...

Maker buy order with no specified NFT tokenIds may get fulfilled in matchOneToManyOrders without receiving any NFT

Lines of code Vulnerability details The call stack: matchOneToManyOrders - matchOneMakerSellToManyMakerBuys - execMatchOneMakerSellToManyMakerBuys - execMatchOneToManyOrders - transferMultipleNFTs Based on the context, a maker buy order can set OrderItem.tokens as an empty array to indicate that...

auraBAL can be stuck into the Strategy contract

Lines of code Vulnerability details Impact The internal harvest function defined is responsible to claim auraBAL from the aura locker and within the function it swaps them to auraBAL - BAL/ETH BPT - WETH - AURA, finally it locks AURA to the locker to increase the position. For claiming auraBAL it...

Fee-on-transfer support

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer to...

If token == BADGER, the _handleRewardTransfer function does not work

Lines of code MyStrategy.solL405-L413 BaseStrategy.solL346-L353 Vault.solL396-L415 Vulnerability details Impact In MyStrategy.sol, when claiming bribes or sweeping reward tokens, the handleRewardTransfer function is called which calls sendToBadgerTree to send the amount of BADGER in the contract ...

YearnCurveVaultOperator's depositETH can leave the remainder ETH funds frozen and unaccounted for, then utilized by another caller

Lines of code Vulnerability details depositETH effectively do not control the utilization of input token and can freeze WETH input funds in native ETH form on the contract balance when Yearn pool doesn't perform liquidity addition for any reason. Due to presence of the additional WETH - ETH step,...

Deposit and mint function will be rendered useless for users who are depositing using eth since balances will never be finalised

Lines of code Vulnerability details The penultimate function in NotionalV2.batchBalanceAndTradeAction calculates the withdrawals and finalises the balance as mentioned : but the following calculation will revert on an underflow since balanceState.netAssetTransferInternalPrecision is set to 0 in...

Deposit of wrappedFCash does not follow EIP 4626

Lines of code Vulnerability details Impact The deposit of wfCashERC4626 is not 4626 compatible. wfCashERC4626.solL168-L175 According to EIP4626 MUST revert if all of assets cannot be deposited due to deposit limit being reached, slippage, the user not approving enough underlying tokens to the Vau...

deposit through onERC1155Received can be locked by attackers, making the function useless

Lines of code Vulnerability details Impact Disable depositing through onERC1155Receive, potentially breaking all integrations using this function as entry point. Proof of concept An attacker can transfer another fCash position to the wrapper contract, which will trigger ERC1155Actions.transfer ⇒...

Loss of underlying tokens due to ERC4626 non-compliance in withdraw function in wfCashERC4626.sol

Lines of code Vulnerability details Impact The withdraw function in wfCashERC4626 is missing the code that transfers the underlying tokens to the receiver. According to the EIP-4626 standard, withdraw function Burns shares from owner and sends exactly assets of underlying tokens to receiver...

Upgraded Q -> M from 98 [1654475216526]

Judge has assessed an item in Issue 98 as Medium risk. The relevant finding follows: Set Limits on setFee A Malicious owner could set feeRate to = 100 1e18 / 100; which would give the entire value of an exercise transaction to the protocol, create a limit on the fees the owner can set. --- The te...

THE FIRST AMM STAKER WILL HAVE CONTROL OVER HOW THE SHARES ARE CALCULATED

Lines of code Vulnerability details Impact The first staker can take control of how the subsequent shares are going to be distributed by simply staking 1wei amount of the token and frontrunning future stakers. The reasons of this are related on how the variables are updated and with the amounts...

uint256 => uint120 silent overflow

Lines of code Vulnerability details When converting a number from uint256 to a smaller type, solidity truncates it without raising errors. In our case, this operation is performed when saving numerator and denominator to the storage variable orderStatusorderHash code link...

Verifying criteria is prone to known merkle proof attacks

Lines of code Vulnerability details The Merkle hash root does not indicate the tree depth, enabling a second-preimage attack in which an attacker creates a document other than the original that has the same Merkle hash root. For the example above, an attacker can create a new document containing...

Truncation in OrderValidator can lead to resetting the fill and selling more tokens

Lines of code Vulnerability details Impact A partial order's fractions numerator and denominator can be reset to 0 due to a truncation. This can be used to craft malicious orders: 1. Consider user Alice, who has 100 ERC1155 tokens, who approved all of their tokens to the marketplaceContract. 2...

Bad use of safeApprove

Lines of code Vulnerability details Impact Function deposit in booster could revert when stake option is true if the contract has an allowance of the token for rewarcontract 0. The same in many contracts but in VE3DRewardPool.sol a user can get his rewards blocked. Proof of Concept If the contrac...

Bribe.sol Tokens with fee on transfer are not supported

Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, Bribe.solnotifyRewardAmount assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in...

BathToken uninitialized rewardsVestingWallet leading to loss of funds

Lines of code Vulnerability details Impact Contract BathToken.sol implements distributeBonusTokenRewards function that allows distributing non-underlying bath token incentives to pool withdrawers. In case of rewardsVestingWallet being set implementation triggers release function of...

Order Overflow

Lines of code Vulnerability details Impact In the partial fill orderStatus calculation, there could be an overflow in the numerator and denominator calculation. This overflow could lead a buyer to buy more NFT/Other tokens than order amount. First example of impact: An NFT seller has two orders:...

ExtraRewardsDistributor deposits don’t work with fee-on transfer tokens

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every safetransfer or safetransferFrom . Proof of Concept The ExtraRewardsDistributor’s...

ConvexMasterChef: When _lpToken is duplicated, reward calculation is incorrect

Lines of code Vulnerability details Impact Same as IDX-002 in In the ConvexMasterChef contract, a new staking pool can be added using the add function. The staking token for the new pool is defined using the lpToken variable. However, there is no additional checking whether the lpToken is already...

[WP-H3] Lack of liquidation makes it possible for alToken to be undercollateralized

Lines of code Vulnerability details function liquidate address yieldToken, uint256 shares, uint256 minimumAmountOut external override lock returns uint256 onlyWhitelisted; checkArgumentshares 0; YieldTokenParams storage yieldTokenParams = yieldTokensyieldToken; address underlyingToken =...

[LidoVault.sol][_withdrawFromYieldPool] Should not call return receivedETHAmount before the require check

Lines of code Vulnerability details Impact It is possible that users cannot receive ETH if sending ETH to users is not successful because the require check is unreachable. Proof of Concept withdrawFromYieldPool function executes the following code if user requests ETH withdrawal. if asset ==...

TokenType mismatch with true type can be exploited to steal funds

Lines of code Vulnerability details A vault can be created for different TokenTypes, namely ERC20 and ERC721. These tokens have different logic, so a user needs to pass the type of the underlying token when creating a vault. At the end of createVault the user's tokens are pulled into the contract...

Attackers can prevent the transfer of the highest-value Cosmos to Ethereum transactions

Lines of code Vulnerability details In order to ensure that profitable batches are eventually created we must avoid locking up the high fee 'good transactions' into obviously bad batches. To add to the difficulty we don't actually know what any token in this process is worth or what ETH gas costs...

Batch Transfer will likely fail on ERC777 transfers, either maliciously or accidentally

Lines of code Vulnerability details Impact If users attempt to bridge ERC777s from Cosmos to Ethereum, it is highly likely that the transfers will revert. The issue lies in the combination of using safeTransfer and the idea of batching. safeTransfer will revert for any failed transfer meaning tha...

Voting power of new validators not checked in updateValset function, Gravity.sol

Lines of code Gravity.solL276-L358 Vulnerability details Impact While the voting power of the current valset is checked when the checkValidatorSignatures function is called in updateValset, the power of the new valset is not. This could cause some functions to not work since whenever...

Avoid payable.transfer

Originally submitted by warden horsefacts in 199, duplicate of 52. Avoid payable.transfer EthPool and EthVault both use payableaddress.transfer to transfer ETH. It's considered a best practice to avoid this pattern for ETH transfers, since it forwards a fixed amount of gas and may revert if futur...

SpeedBumpPriceGate.sol has high likelyhood of overcharging buyer during decay phase

Lines of code Vulnerability details Impact Contract overcharges user Proof of Concept L79 passes through the entire ether balance sent. Since price decays each block it is likely that the transaction won't be processed during the same block that it was submitted. In situations like this the price...

Protocol unusable for some ERC20 tokens (bad tokens)

Lines of code Vulnerability details Impact Protocol unusable for some ERC20 tokens bad tokens PoC Some tokens don't correctly implement the EIP20 standard and their transfer/transferFrom return void The so called bad tokens. More info This makes the transaction revert when calling. Recommended Us...