Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Lines of code Vulnerability details Impact Staking rewards are calculated based on the user's share of total points in the corresponding asset pool, this is the sum of the points associated to the staker's positions divided by the total points from all positions in the pool. We can see this...

Upgraded Q -> 2 from #345 [1678798666534]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Issue 1 - An attacker can leave the protocol in a "drawing" state for extended period of time --- The text was updated successfully, but these errors were encountered: All reactions...

Incorrect EIP1271 magic value returned from DAO.isValidSignature

Lines of code Vulnerability details Impact An unexpected return value from the EIP1271 signature verification can lead to authorization for unwanted operations in external protocols. Proof of Concept As shown in the EIP1271 standard specification, when a signature is not valid, the returned magic...

Lottery owner can manipulate the RNG to favour themselves, or other certain participants

Lines of code Vulnerability details The docs state that Chainlink VRF will be used as the source of randomness, whose subscription model is described here. A call is made to Chainlink's VRFCoordinatorV2 requestRandomWords function, after which a response is sent back in the form of a call to...

If random number is too low, the lottery not completely random

Summary Random numbers below a certain limit will always return at least one rightmost bit, while numbers above this limit will return random bits. Explanation: 1. The winning ticket is generated based on an array of numbers generated by module randomNumber to selectionMax-n.:...

claimPerDraw() can accounts for referrals after the ticket registration deadline

Lines of code Vulnerability details When accounting for referrals, the beforeTicketRegistrationDeadline ensure tickets cannot be purchased after the draw registration deadline. The issue is that the referral registration happens for the current draw regardless of which draw the tickets are...

ReaperVaultERC4626.sol is not EIP-4626 compliant

Lines of code Vulnerability details Impact Other protocols integrated with Ethos Reserve may mistakenly assume that its function complies with EIP-4626. Therefore, this may lead to integration issues in the future, which could result in various problems for both parties. Proof of Concept All...

LUSDT non-compliance with the EIP-2612 standard

Lines of code Vulnerability details Impact Inability to integrate LUSDT into contracts of other services where the DOMAINSEPARATOR is used or strict adherence to the EIP2612 standard is required. Various network analyzers that automatically determine the type of contracts will not be able to...

Losses are double counted if there currently locked profits

Lines of code Vulnerability details Impact Losses are double counted and vault participants lose funds Proof of Concept if roi 0 vars.gain = uint256roi; vars.fees = chargeFeesvars.stratAddr, vars.gain; strategy.gains += vars.gain; ... // Profit is locked and gradually released per block // NOTE:...

Using _freefunds() to calculate share price lead to shares miscalculations and could benefit treasury

Lines of code Vulnerability details Impact Function freeFunds calculates the amount of free funds available after profit locking and it's used to for calculating share price, issuing shares during deposit, or burning shares during withdrawal. Value returned by freeFunds is time-dependant, because...

KUMASwap incorrectly reverts when when _maxCoupons has been reached

Lines of code Vulnerability details Impact Selling bonds with coupons that are already accounted will fail unexpectedly Proof of Concept if coupons.length == maxCoupons revert Errors.MAXCOUPONSREACHED; The above lines will cause ALL bonds sales to revert when coupons.length has reached maxCoupons...

Transferring the allotAmount reward to MultisigManager leads to the loss of reward when no wallet is enabled in the RewardsPool

Lines of code Vulnerability details Impact Transferring the allotAmount reward to MultisigManager leads to the loss of reward Proof of Concept If we refers to the original M-21 finding: code-423n4/2022-12-gogopool-findings143 Division by zero error can block RewardsPoolstartRewardCycle if all...

Upgraded Q -> 2 from #353 [1676219078358]

Judge has assessed an item in Issue 353 as 2 risk. The relevant finding follows: 06 UPGRADEABLE CONTRACT IS MISSING A GAP50 STORAGE VARIABLE TO ALLOW FOR NEW STORAGE VARIABLES IN LATER VERSIONS --- The text was updated successfully, but these errors were encountered: All reactions...

Missed owner accrual in MultiRewardStaking _withdraw() leads to reward loss

Lines of code Vulnerability details Impact Function withdraw can be called from an approved caller to withdraw owner funds. The function accrues rewards for caller and receiver but misses the accrual for owner. If, for example, the owner didn't accrue any reward from the beginning of time and all...

Upgraded Q -> 2 from #615 [1675724239375]

Judge has assessed an item in Issue 615 as 2 risk. The relevant finding follows: Unbounded gas usage in claim function of Quest contract The claim function has an unbounded gas usage that traverses different arrays many times. The call to RabbitHoleReceipt.getOwnedTokenIdsOfQuest iterates all...

Upgraded Q -> 3 from #664 [1675726078144]

Judge has assessed an item in Issue 664 as 3 risk. The relevant finding follows: L-1 ERC20 Quest: withdrawFee function should only be able to be called once instead of multiple times Issue: The withdrawFee function can be called multiple times by admin after a quest ends, resulting in more than t...

Code breaks if first user is not expected user

Lines of code Vulnerability details Code breaks if first user is not expected user Summary Rather than iterate and continue if user is not the expected one, this code breaks all the execution if first user is userId Vulnerability Detail Execution is broke most of the times at first iteration for ...

Squeezing drips from a sender can be front-run and prevented by the sender

Lines of code Vulnerability details Squeezing drips from a sender requires providing the sequence of drips configurations see NatSpec description in L337-L338: /// It can start at an arbitrary past configuration, but must describe all the configurations /// which have been used since then includi...

Anyone can call the DripsHub.split function to frontrun the DripsHub.setSplits function call of the trusted user who owns the splittable funds

Lines of code Vulnerability details Impact As mentioned by the following DripsHub.split function's comment, the user, who owns the splittable funds, needs to be trusted by the receivers for such splittable funds. Yet, when this trusted user wants to call the DripsHub.setSplits function below to...

Use abi.encode instead of abi.encodePacked to prevent data collisions for object hashing

Lines of code Vulnerability details M-01 Use abi.encode instead of abi.encodePacked Impact hash collisions on the data stored for object hashing Proof of Concept From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft...

Locked Ether

Lines of code Vulnerability details Description Contract with a payable function, but without a withdrawal capacity. Impact Every Ether sent to LendgineRouter will be lost. Proof of Concept File: src/periphery/LendgineRouter.sol 142: function mintMintParams calldata params external payable...

Fee on transfer tokens will not behave as expected

Lines of code Vulnerability details Impact In Numoen, it does not specifically restrict the type of ERC20 collateral used for borrowing. If fee on transfer tokens is/are entailed, it will specifically make mint revert in Lendgine.sol when checking if balanceAfter balanceBefore + collateral. Proof...

Precision loss in the invariant function can lead to loss of funds

Lines of code Vulnerability details Impact An attacker can steal the funds without affecting the invariant. Proof of Concept We can say the function Pair.invariant is the heart of the protocol. All the malicious trades should be prevented by this function. Pair.sol 52: /// @inheritdoc IPair 53:...

Lack of slippage protection when swapping on Uniswap v2/v3

Lines of code Vulnerability details Impact Lack of slippage protection when swapping on Uniswap v2/v3. It'll create the potential to be sandwiched by MEV bots and result in user loss. Proof of Concept In the LendgineRouter.mint function, the contract would swap all the token0 to token1 in...

Loss of funds - User has control of the fallback function

Lines of code Vulnerability details Imapct: Lendengine check the balanceBefore and after of token1, after sending tokens via a mintFallback function. During this fallback the user has access to theses tokens so far as it's returned + collateral the fallback is satisfied. A attacker can take out...

## [H-02] Return value of 0 from ecrecover not checked

Lines of code Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

Wrongly implemented modifier allow everybody to mint Rabbit Hole tickets.

Lines of code Vulnerability details Impact As specified on RabbitHole C4 contest page, RabbitHoleTickets smart contract 'is an 1155 reward contract used by the RabbitHole team.' Meaning that the assets managed by this smart contract have value. Moreover this contract implements ERC-2981: NFT...

Overflow Vulnerability in Splits Contract Due to Maximum Splits Receivers Limitation (_MAX_SPLITS_RECEIVERS = 200)

Lines of code Vulnerability details Impact If more than 200 splits receivers are added for a single user, the constant MAXSPLITSRECEIVERS will be exceeded, causing unexpected behavior in the contract uint256 internal constant MAXSPLITSRECEIVERS = 200; Proof of Concept a. Create an array of splits...

Improper check for Zero Address

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is an error in the if statement of the referenced line of code. It should check for zero address and return an error. This will prevent the creating a new contract for an existing option pair, eve...

A Malicious User can Lock All Funds in an Option

Lines of code Vulnerability details Impact By calling the mint and burn functions with the 'amount0' and 'amount1' equal to the the option pair's respective balances of token0 and token1, a user can cause a given option's "Option.totalLong0" and "Option.totalLong1" to both be set to 0. The effect...

Upgraded Q -> M from #404 [1674736828553]

Judge has assessed an item in Issue 404 as M risk. The relevant finding follows: L‑06 Owner can renounce while system is paused The contract owner or single user with a role is not prevented from renouncing the role/ownership while the contract is paused, which would cause any user assets stored ...

Upgraded Q -> M from #229 [1674661441196]

Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Support for IERC165 interface id is missed Contract: Impact: Contract fails to support a valid interface which could lead to failure of genuine calls Steps: Observe the supportsInterface function...

Upgraded Q -> M from #100 [1674425909347]

Judge has assessed an item in Issue 100 as M risk. The relevant finding follows: Lines of code Vulnerability details Impact The wrong amount of LP tokens will be minted and the wrong amount of A/B tokens will be deposited. Proof of Concept According to the PDF document provided, the number of LP...

Upgraded Q -> M from #445 [1674423223201]

Judge has assessed an item in Issue 445 as M risk. The relevant finding follows: 5 Function crossChain in GovNFT should have limit for maximum tokens allowed to be transferred, because of gas limit in the dest chain. if a user transferred a lot of tokens because there was two loop inside each oth...

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function

Lines of code Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest calculation. This could result in an incorrect interest amount being calculated, which could lead to incorrect payments being...

Inconsistent min deposit

Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...

Transfer of assets should come before deleting and burning the collateral id

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Clldata id is burnt and deleted before transfer Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...

The calculation logic for the currentEpochStartTimestamp in the constructor of the CashManager.sol is wrong

Lines of code Vulnerability details Impact This wrong calculation logic for the currentEpochStartTimestamp lead to the situation the currentEpoch that the wrong result is assigned will be stored into the storages in the several functions in the CashManager.sol. Proof of Concept Epoch parameters...

Future Epoch Pending Redemption Balance Set Vulnerability

Lines of code Vulnerability details Impact The setPendingRedemptionBalance function allows an admin to set the balance of a user's pending redemption for a specific epoch. However, it does not properly check that the epoch being set is in the past and not in the future. An attacker could...

Admin should be able to refund or redeem the sanctioned users

Lines of code Vulnerability details Impact Sanctioned user's funds are locked Proof of Concept It is understood that the sanctioned users can not mint nor redeem because the functions requestMint and requestRedemption are protected by the modifier checkKYC. And it is also understood that the...

Upgraded G -> 3 from #31 [1673740310963]

Judge has assessed an item in Issue 31 as 3 risk. The relevant finding follows: gegae --- The text was updated successfully, but these errors were encountered: All reactions...

handleAggregatedOps() does not handle non-atomic transactions which results in whole function revert if one transaction does not go through

Lines of code Vulnerability details Impact Function reverts if one account or paymaster is not validated, which leads to a waste of time and gas. Proof of Concept EntryPoint.UserOpsPerAggregator takes in an array of opsPerAggregator in its parameter and loops through each struct. In the function,...

validateUserOp does not check if missingAccountFunds matchs the signature

Lines of code Vulnerability details validateUserOp function does not check to see if missingAccountFunds uint256 matchs the signature or not . this can be abused if an attacker front run the tx and call validateUserOp in entrypoint using same sig but with a different missingaccountfunds number...

The isContract function in LibAddress that uses EXTCODESIZE can be vulnerable to the "Contract Creation Code Execution" attack

Lines of code Vulnerability details Impact It will allow the attacker to potentially execute malicious code in the implementation contract at Proof of Concept contract Victim function isContractaddress account public view returnsbool uint32 csize; assembly size := extcodesizeaccount return csize ...

Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail

Lines of code Vulnerability details Impact The function requireFromEntryPointOrOwner is being called within the execute and executeBatch functions to check if the msg.sender is either the owner or the EntryPoint contract, but these functions have onlyOwner modifier, which will only allow the owne...

PROTOCOL MIGHT NOT BE ABLE TO OPERATE DUE TO LACK OF FUNDS

Lines of code Vulnerability details Impact Redeem/withdraw functionality will fail under certain conditions and users who want to redeem/withdraw their AVAX will not be able to. Proof of Concept Users stake their AVAX and in return get ggAVAX. The AVAX provided by the users is then staked by the...

NODE OPERATORS CAN WITHDRAW ALL THEIR GGP COLLATERAL BEFORE VALIDATION PERIOD ENDS THEREBY AVOIDING SLASHING.

Lines of code Vulnerability details Impact 1. Node operators can avoid slashing, thus no penalties. 2. Node operators can withdraw their entire GGP collateral before the validation period is over. Proof of Concept The withdrawGGP function in Staking.sol transfers back to node operator excess GGP...

Possible to block withdrawal of staked funds after recordStakingEnd or stakingError

Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...

Reentrancy attack allows to get loan for free

Lines of code Vulnerability details Impact Reentrancy attack allows to get loan for free when startLiquidationAuction is called on last collateral token. Proof of Concept When user has a bad debt, then anyone can start auction for his nft. To purchase token, liquidator can call...