[WP-H5] RewardDistributor.setBribeVault() can cause users who haven't claimed their native tokens yet can not claim the reward anymore

Lines of code Vulnerability details In the current implementation, RewardDistributor.claim is using if token != bribeVault token is from rewardsrewardIdentifier.token to detect whether it's a ERC20 token or native token ETH. However, this is not a trustworthy way to determine whether the reward i...

canSafeBoostVault() doesn't actually check the feiAmount passed in

Lines of code Vulnerability details Impact In TurboMaster.sol the onSafeBoost function calls canSafeBoostVault on the booster contract to check if the safe is allowed to boost the vault using the feiAmount which is passed in by the caller as an argument. The problem is that the feiAmount is never...

Shelter.claim does not check if already claimed

Lines of code Vulnerability details The Sheler.withdraw function sets the claimedtokenuser field but does not check if the user is allowed to claim by checking require!claimedtokenuser, "already claimed". function withdrawIERC20 token, address to external override requireactivatedtoken != 0 &&...

Users’ staking rewards can get redeemed by other users

Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...

UniV2ClassDex.sol#uniClassSell() Tokens with fee on transfer are not fully supported

Handle WatchPug Vulnerability details function uniClassSellDexInfo memory dexInfo, address buyToken, address sellToken, uint sellAmount, uint minBuyAmount, address payer, address payee internal returns uint buyAmount address pair = getUniClassPairbuyToken, sellToken, dexInfo.factory;...

MINTING to collateralVault could inflating totalsupply, without giving the balance to anyone

Handle Tomio Vulnerability details Impact First of all, this is an address zero issue, however, this could lead to an imbalance between total supply circulating and the actual balance that was assigned to another user, in the...

Arbitrary call

Handle Tomio Vulnerability details Impact In the https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.solL15 the addVault take 2 parameters as input, convexStakingWrapper, and vaultId, however the convexStakingWrapper is user controllable therefore the user could make an...

fundDepositAndReserveFor function does not exist in protocol

Handle harleythedog Vulnerability details Impact The L2Migrator contract makes use of the function fundDepositAndReserveFor on the ticket broker. In the commit hash for the contest seen from this snippet from the contest page: git clone https://github.com/livepeer/protocol git checkout...

approve() function does not require that _token and _spender args are unique

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the approve function takes in a token to approve the spender to be able to spend but does not check that the token and spender are different addresses which can leave the protocol open to be expo;ited. Proof of Concept function approve...

No slippage protection on _swapUstToUnderlying can lead to lost funds

Handle harleythedog Vulnerability details Impact The function swapUstToUnderlying exists to swap Ust to underlying tokens. The last argument to exchangeunderlying is mindy, which specifies the minimum number of underlying to be returned from the swap. Currently, this value is set to 0, so the...

MsNik

Handle AmitN Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The te...

safeName() can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeName function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,...

safeDecimals can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeDecimals function, found in the SafeMetadata.sol contract and called in 3 different Timeswap Convenience contracts, can cause a revert. This is because the safeDecimals function attempts to use abi.decode to return a uint8 when data.length =...

updateDistribution() can unexpectedly revert

Handle sirhashalot Vulnerability details Impact The updateDistribution can revert unexpectedly, which results in the pointsPerUnit state variable not getting updated. Even more impactful is if the value of distributableXDEFI ever reaches a peak and never returns to this number, it will be...

merge() can cause lock to fail due to tokenId collision

Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...

100

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...

Reliance on exact balance

Handle pauliax Vulnerability details Impact functions addLiquidity721WETH and addLiquidity1155WETH rely on the exact balance of tokens: uint256 balance = count BASE; // We should not be experiencing fees. requirebalance == IERC20Upgradeablevault.balanceOfaddressthis, "Did not receive expected...

SafeERC20 Is Not Used On Token Transfers

Handle leastwood Vulnerability details Impact The transfer function is used on WETH and vault token transfers over OpenZeppelin's SafeERC20 library. As a result, these function may return unintended results which are not handled correctly. The SafeERC20 library ensures transfer and transferFrom...

WJLP contract doesn't check for JOE and JLP token transfers success

Handle hyh Vulnerability details Impact Transactions will not be reverted on failed transfer call, setting system state as if it was successful. This will lead to wrong state accounting down the road with a wide spectrum of possible consequences. Proof of Concept safeJoeTransfer do not check for...

Yeti token rebase checks the additional token amount incorrectly

Handle hyh Vulnerability details Impact The condition isn't checked now as the whole balance is used instead of the Yeti tokens bought back from the market. As it's not checked, the amount added to effectiveYetiTokenBalance during rebase can exceed the actual amount of the Yeti tokens owned by th...

It might not be possible to withdraw tokens from the basket

Handle Czar102 Vulnerability details Impact When enough basket token owners exit, it will be impossible to exit pool with the last MINAMOUNT tokens because of this check. This will result in locking some tokens forever. Recommended Mitigation Steps Consider resigning from this check or performing...

denial of service

Handle certora Vulnerability details the balance of outputToken is checked to be exactly joinTokenStruct.outputAmount. It is not recommeded and it's better to use = Impact The worst scenario is a denial of service in case there is already an amount of the output token in the contract. It is easil...

SingleTokenJoinV2 doesn't take input deadline to consideration

Handle kenzo Vulnerability details SingleNativeTokenExitV2 takes as input from the user a deadline for the trades. However, it does not use this input for the actual trade but sets the deadline to be block.timestamp. Impact Trades will not work as expected. User might set a deadline for the trade...

Extension voting threshold check needs to rerun on each transfer

Handle cmichel Vulnerability details The Extension contract correctly reduces votes from the from address of a transfer and adds it to the to address of the transfer in case both of them voted on it before, but it does not rerun the voting logic in voteOnExtension that actually grants the...

Reward stuck if promotion cancel before all past reward claimed

Handle gzeon Vulnerability details Impact When owner call cancelPromotion, the contract 1. Delete the promotion struct L132 2. Return all token reserved for future epochs L133 If there are token left for previous epochs, they will be stuck in the contract as the promotion struct is gone. Proof of...

Auction.sol#settleAuction() Bonder may not be able to settle a bonded auction, leading to loss of funds

Handle WatchPug Vulnerability details uint256 a = factory.auctionMultiplier basket.ibRatio; uint256 b = bondBlock - auctionStart BASE / factory.auctionDecrement; uint256 newRatio = a - b; address memory pendingTokens, uint256 memory pendingWeights, uint256 minIbRatio = basket.getPendingWeights;...

Wrong calculation of excess depositToken allows stream creator to retrieve depositTokenFlashloanFeeAmount, which may cause fund loss to users

Handle WatchPug Vulnerability details uint256 excess = ERC20token.balanceOfaddressthis - depositTokenAmount - redeemedDepositTokens; In the current implementation, depositTokenFlashloanFeeAmount is not excluded when calculating excess depositToken. Therefore, the stream creator can call...

global unstreamed value is not updated after stream depositor withdraws an amount

Handle hubble Vulnerability details Impact Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream. Proof of Concept File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal;...

unstreamed variable is not updated in withdraw function

Handle csanuragjain Vulnerability details Impact Contract variable unstreamed is not updated in withdraw function which can lead to unstability Proof of Concept 1. Observe the stake function of Stream contract function stakeuint112 amount public lock updateStreammsg.sender ... unstreamed +=...

AbstractRewardMine.sol#setRewardToken is dangerous

Handle 0x0x0x Vulnerability details Impact In case the reward token is changed, totalDeclaredReward will be changed and likely equal to 0. Since userStakePadding and globalStakePadding are accumulated, changing the reward token will not reset those values. Thus, it will create problems...

Permissions - return values not checked when sending ETH

Handle ScopeLift Vulnerability details Impact On lines 85 and 101, ETH is transferred using a .call to an address provided as an input, but there is no verification that the call call succeeded. This can result in a call to emergencyWithdrawGAS or partialWithdrawGAS appearing successful but in...

Timelock delay can be changed by without any delay

Handle 0x0x0x Vulnerability details Impact Delay can be changed without any delay. Therefore, it is possible to call functions from this contract in a single block by changing the delay. This creates a huge attack vector, since if governor private keys would be stolen, everything can be withdrawn...

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively diluting th...

MEV miner can mint larger than expected UDT total supply

Handle elprofesor Vulnerability details Impact UnlockProtocol attempts to calculate gas reimbursement using tx.gasprice, typically users who falsify tx.gasprice would lose gas to miners and therefore not obtain any advantage over the protocol itself. This does present capabilities for miners to...

Frontrunning PublicLock.initialize() can prevent upgrades due to insufficient access control

Handle elprofesor Vulnerability details Impact The unlock protocols base contract Unlock.sol uses setLocktemplate to initialize the implementation contract for the PublicLock proxy. This function will initialize the relevant PublicLock contract which has been deployed separately...

Wrong design/implementation of freeTrial allows attacker to steal funds from the protocol

Handle WatchPug Vulnerability details The current design/implementation of freeTrial allows users to get full refund before the freeTrial ends. Plus, a user can transfer partial of thier time to another user using shareKey. This makes it possible for the attacker to steal from the protocol by...

transferFrom() and shareKey() doesn't check for _from != _recipient

Handle GiveMeTestEther Vulnerability details Impact / POC There is no check from != recipient in transferFrom https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/mixins/MixinTransfer.solL109 the key manager/approver can expire the k...

Malicious user can DOS lock by falsely reaching maxNumberOfKeys using shareKey

Handle kenzo Vulnerability details A malicious user can call shareKey repeatedly, transferring miniscule amounts of his key to different accounts, thereby minting new keys until maxNumberOfKeys is reached. Impact Malicious user can grief and make lock purchasing become disabled. Proof of Concept ...

Wrong design of swap() results in unexpected and unfavorable outputs

Handle WatchPug Vulnerability details The current formula to calculate the amountOut for a swap is: function calculateSwap uint256 amountIn, uint256 reserveIn, uint256 reserveOut public pure returns uint256 amountOut // x Y X uint256 numerator = amountIn reserveIn reserveOut; // x + X ^ 2 uint256...

IbbtcVaultZap.sol#setGuardian doesn't set the guardian, but governance

Handle 0x0x0x Vulnerability details Proof of Concept This function is intended to change the guardian, but the code changes the governance address as seen in the code: function setGuardianaddress guardian external onlyGovernance; governance = guardian; It should be replaced with the following cod...

Newly Registered Assets Skew Consultation Results

Handle leastwood Vulnerability details Impact The TwapOracle.consult function iterates over all token pairs which belong to either VADER or USDV and then calculates the price of the respective asset by using both UniswapV2 and Chainlink price data. This helps to further protect against price...

Can not update target price

Handle jonah1005 Vulnerability details Impact The sanity checks in rampTargetPrice are broken SwapUtils.solL1571-L1581 if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require futureTargetPricePrecise =...

initialBalance and finalBalance calculated in a different way

Handle gpersoon Vulnerability details Impact The function executeTrades of Slingshot.sol calulates the initialBalance and finalBalance in a different way. If toToken == nativeToken then: initialBalance == executioner.balance; finalBalance == wrappedNativeToken.balanceOfaddressexecutioner This cou...

WrappedIbbtc and WrappedIbbtcEth contracts do not filter out price feed outliers

Handle hyh Vulnerability details Impact If price feed is manipulated in any way or there is any malfunction based volatility on the market, both contracts will pass it on a user. In the same time it's possible to construct mitigation mechanics for such cases, so user economics be affected by...

liquidation factor < collateral factor for Sigma type

Handle cmichel Vulnerability details The MochiProfileV0 defines liquidation and collateral factors for different asset types. For the AssetClass.Sigma type, the liquidation factor is less than the collateral factor: function liquidationFactoraddress asset public view override returns float memory...

Improper Validation Of create2 Return Value

Handle leastwood Vulnerability details Impact The BeaconProxyDeployer.deploy function is used to deploy lightweight proxy contracts that act as each asset's vault. The function does not revert properly if there is a failed contract deployment or revert from the create2 opcode as it does not...

registerAsset() can overwrite _assetClass value

Handle gpersoon Vulnerability details Impact Everyone can call the function registerAsset of MochiProfileV0.sol Assuming the liquidity for the asset is sufficient, registerAsset will reset the assetClass of an already registered asset to AssetClass.Sigma. When the assetClass is changed to...

Change in interest rate can disable repay of loan

Handle pmerkleplant Vulnerability details Impact The ability of a borrower to repay a loan is disabled if the interest rate is set too high by the InterestRateModel. However, there is neither a check when setting the interest rate nor an indication in the IInterestRateModel's specs of this...

Auction bonder can steal user funds if bond block is high enough

Handle kenzo Vulnerability details After an auction has started, as time passes and according to the bondBlock, newRatio which starts at 2ibRatio gets smaller and smaller and therefore less and less tokens need to remain in the basket. This is not capped, and after a while, newRatio can become...