Upgraded Q -> M from #22 [1671528533640]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: NC-2 Return values of approve not checked --- The text was updated successfully, but these errors were encountered: All reactions...

Insufficient Timestamp Validation for Signed Messages

Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...

Bidding data structure is corrupted, leading to unfair removal from queue.

Lines of code Vulnerability details Description processBidsInQueue in GroupBuy handles integrating a new bid into the existing structure. If bumps out lower-paying bids until the new bid is completely fulfilled or the remaining bids are too high. When the lowest paying bid has higher quantity tha...

Upgraded Q -> M from #334 [1671456734920]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...

Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod

Lines of code Vulnerability details Impact The functions verifyUnsuccessfulState and verifySuccessfulState should always have a differing behavior with regards to reversion, i.e. when one does not revert, the other should revert. In one condition, this is not true. Namely, when we have pool.succe...

LP Rewards can be increased infinitely by a malicious liquidity provider

Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...

ERC20 approvals may need to be set to 0 beforehand

Lines of code Vulnerability details Impact There are some instances where there is an ERC20 approval for a max uint256 amount. ERC20 tokens such as USDT require the address allowance to be set to 0 beforehand, so this would cause reverts for those tokens. Proof of Concept -Token such as USDT gets...

Redeem should revert if the TokenSender.sol doesn’t have enough outputtoken to reimburse to users.

Lines of code https://github.com/prepo-io/prepo-monorepo/blob/49a7ed94272db013245d9364e69be713a8aef0a2/apps/smart-contracts/core/contracts/TokenSender.solL41 Vulnerability details According to the comments in the code of RedeemHook.hook function : Once a market has ended, users can directly settl...

depositAndTrade::exactInputSingleParams the possible return values not checked

Lines of code Vulnerability details Impact The return values ​​from collateral.deposit and collateral.transferFrom are not used. This means that the values ​​returned by those functions will not be stored or used in the code. The swapRouter.exactInputSingle function also likely returns no value, ...

Ability to redeem excess collateral

Lines of code Vulnerability details Vulnerability details redeem of PrePOMarket.sol redeems long and short tokens in exchange for collateral tokens. Long and short tokens are default ERC20 tokens with 18 decimals, while the collateral ERC20 token uses the decimals of the underlying base token. Th...

Owner can rug PrePOMarket using re-initialized finalLongPayout.

Lines of code Vulnerability details Description In PrePOMarket.sol, the finalLongPayout represents the finalized value of a single long token in the market. It is settled post ICO / IPO according to predetermined rules. The issue is that this value may be re-initialized as many times as owner...

Liquidity cannot be removed by an approved address via Router

Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...

Attacker can set anyone as the tokenSender role

Lines of code Vulnerability details Impact The setTokenSender function which is the function that is responsible to set the token sender role is made public with no access control, which makes attacker escalate his privileges to the token sender role Proof of Concept truffle console --networkId 5...

Unsafe usage of ERC20 methods

Lines of code Vulnerability details There are many weird ERC20 tokens that don't follow the standard ERC20 interface. Depending on the ERC20 token, some transfer errors may result in passing unnoticed, or some successful transfers may be treated as failed. The current implementation assumes that...

userToDeposits is always increasing, can eventually reach cap

Lines of code Vulnerability details Impact In contract DepositRecord when a deposit is recorded through function recordDeposit: function recordDepositaddress sender, uint256 amount external override onlyAllowedHooks requireamount + globalNetDepositAmount amount globalNetDepositAmount -= amount;...

Unsafe casting from uint256 to uint8 cause wrong index of asset and feeder in NFTFloorOracle

Lines of code Vulnerability details Impact In NFTFloorPrice, it has a set of feeders and a set of assets. Feeders will set price for assets. Of coursers, with the growing NFT space, number of assets collection could be much more than 256 and because Paraspace uses median price from keepers so...

Dutch auction getPrice() formula can lead to price reaching 0 and eventually reverting and locking the function.

Lines of code Vulnerability details Impact In the function getPrice the current price is calculated by taking the start price and subtracting the product of dropPersecond and time elapsed. start price - dropPreSecond timeElapsed. The issue with this is that given the right inputs for dropPerSecon...

Artist will never get their payout for their NFT in FixedPrice and OpenEdition

Lines of code Vulnerability details Impact There is no logic for transferring Ether that artist gain from their NFT sales in both FixedPrice and OpenEdition contracts. For these 2 contracts there is only logic for transferring 5% fee to the protocol. Therefore, artist will gain nothing from selli...

Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage.

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. We can see how priceDeviation is calculated and compared to...

Users can lose funds if they call buy with _amount larger than type(uint48).max.

Lines of code Vulnerability details Impact The function buy take amount of type uint256 as input. amount is used to check if msg.value is correct depending on the sale price as follows: requireamount sale.price == msg.value, "WRONG PRICE"; but is not casted to uint48 as done to calculate the newI...

MintableIncentivizedERC721 incorrectly implements safe transfers

Lines of code Vulnerability details Impact MintableIncentivizedERC721 incorrectly implements safeTransfer and safeTransferFrom by simply replicating the unsafe transfer/transferFrom function. Raising as medium because as a consequence of this, these ERC721 tokens may end up locked in contracts th...

Upgraded Q -> M from #454 [1670445333683]

Judge has assessed an item in Issue 454 as M risk. The relevant finding follows: L‑01 Don't use payable.transfer/payable.send The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient is either an EOA account, or...

Upgraded Q -> M from #35 [1670345543949]

Judge has assessed an item in Issue 35 as M risk. The relevant finding follows: No. 2 Any smart contract that uses transfer or send is taking a hard dependency on gas costs by forwarding a fixed amount of gas: 2300. If gas costs are subject to change, then smart contracts can’t depend on any...

Upgraded Q -> M from #402 [1670185822442]

Judge has assessed an item in Issue 402 as M risk. The relevant finding follows: Staked Gmx RewardTracker may retain allowances Summary: Both the configureGmxState function and the setContractContracts c, address contractAddress can be used to update the PirexGmx contract's stakedGmx storage...

NameWrapper: expired names behave unwrapped

Lines of code Vulnerability details Impact expired Names are supposed to be unregistered, but it behaves like unwrapped parent with CANNOTCREATESUBDOMAIN fuse can "create" again an expired name parent can ENS.setSubdomainOwner before burning CANNOTCREATESUBDOMAIN to be able to use the subdomain...

MINTING OF NFT AT WILL

Lines of code Vulnerability details Impact register is an unrestricted public function where any new msg.sender is going to get through the modifier onlyUnregistered. With a non-zero recipient argument passed into the function, a new NFT is going to be minted to the recipient. Consequently, an...

Nonce is not updated after EVM Transaction

Lines of code Vulnerability details Impact It was observed that nonce is not updated while performing the EVM transaction. This could lead to Replay attacks Proof of Concept 1. Observe the CallEVM function func k Keeper CallEVM ctx sdk.Context, from common.Address, to common.Address, amount...

Medium: Vaults can be griefed to not be able to be used for deposits

Lines of code Vulnerability details Description Interaction with SavETHVault and StakingFundsVault require a minimum amount of MINSTAKINGAMOUNT. In order to be used for staking, there needs to be 24 ETH or 4 ETH for the desired BLS public key in those vaults. The issue is that vaults can be grief...

Unchecked transfer

Lines of code Vulnerability details Impact The return value of an external transfer/transferFrom call is not checked Proof of Concept you can check Vulnerability in code here: Tools Used Recommended Mitigation Steps Use SafeERC20, or ensure that the transfer/transferFrom return value is checked...

Upgraded Q -> M from #449 [1668465467675]

Judge has assessed an item in Issue 449 as M risk. The relevant finding follows: FlashLoanFee should be bounded | Low | 1 --- The text was updated successfully, but these errors were encountered: All reactions...

The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction.

Lines of code Vulnerability details Impact The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction. Proof of Concept In non-atomic some of the orders could fail and funds should return and the end of execute function - . But the returnETHIfAny...

SpigotedLineLib::trade won’t work with tokens with approval race protection (USDT)

Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...

Use of .transfer()

Lines of code Vulnerability details Impact Note: I realize that this was flagged in the C4udit output, though it seems to believe that it's an ERC20 transfer. The use of transfer to send ETH only forwards 2300 gas to the recipient. This is not enough gas to execute a gnosis safe delegatecall. Fun...

Multi Step upgrades introduce security risk

Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...

Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details Impact In bid function, the safetransferfrom function doesn't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds , because if...

A total of 3 risks: one with imperfect concurrency judgment logic, one with unrobust business logic, and one with unreasonable timestamp settings

Lines of code Vulnerability details RISK 1: When creating an auction, if the exact same token is transferred to the contract in a very short period of time, it will cause one of the auctions to fail to be created. is caused by the following statement: if balanceAfterTransfer - balanceBeforeTransf...

Denial of service when baseAmount is equal to zero

Lines of code Vulnerability details Vulnerability details Description There is a finalize function in the SizeSealed smart contract. The function traverses the array of the bids sorted by price descending. On each iteration, it calculates the quotePerBase. When this variable is calculated, the...

seller can change lowestBaseand lowestQuote and the seller can make it diffrent values causing a dos or loss of funds

Lines of code Vulnerability details Impact When I a seller finalizes the auction they change the lowestQuote and lowestBase.When users withdraw from the auction after the auction is finalized. QuoteBought is calculated with the new amounts which can cause dos or refund their leftover quote amount...

Protocol won’t work with rebasing tokens

Lines of code Vulnerability details Proof of Concept Some tokens may make arbitrary balance modifications outside of transfers e.g. Ampleforth style rebasing tokens, Compound style airdrops of governance tokens, mintable / burnable tokens. If such a token as used, since in the protocol we cache t...

Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked

Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...

Oracle.sol uses deprecated Chainlink method latestAnswer()

Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...

Front-running of a pledge call

Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...

Chainlink latestAnswer is deprecated

Lines of code Vulnerability details Impact Since Chainlink latestAnswer is deprecated, use latestRoundData instead. Since it is deprecated, there is chance of Chainlink to stop supporting this function. Proof of Concept uint price = feedstoken.feed.latestAnswer; Tools Used Manual Analysis...

MED - NFTs become no longer holographable once new factory is connected.

Lines of code Vulnerability details Description The basic premise of the Holograph platform is that NFTs / ERC20s are holographable, in other words they will have the same address across all ERC20 compatible blockchains. This invariant is used countless times in the code base. For example, when...

Reentrancy can increase allowance can be used to take more funds than expected

Lines of code Vulnerability details Reentrancy can increase allowance can be used to take more funds than expected In the same way as the typical front run of ERC20 approve/transferFrom, you would be able to take money when calling maliciousERC20.beforeApprove hook, this would realize a...

_payoutEth() gas computation can make call revert even if balance is sufficient

Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which computes the gasCost, then proceeds to check balance - gasCost 10000 before sending the result...

Signature replay attacks

Lines of code Vulnerability details Description There is a function deployHolographableContract from the HolographFactory smart contract. Among other things, the function verifies the ECDSA signature. The signed data for verification is constructed as a concatenation of different user-provided...

Incorrect usage of try/catch block

Lines of code Vulnerability details Vulnerability details Description There is a function getBridgeOutRequestPayload in HolographBridge contract. It has the following: / @dev the revertedBridgeOutRequest function is wrapped into a try/catch function / try this.revertedBridgeOutRequestmsg.sender,...

untyped data signing

Lines of code Vulnerability details in function deployHolographableContract the bytes32 hash is directly encoded without adding any domain separator . this will cause several issues an attacker can front run the signature and use them on same contract on another chain . eg a user wants to call...

Wrong calculation in LBRouter._getAmountsIn.

Lines of code Vulnerability details Impact It calculates the amountsIn wrongly here and the function returns the wrong result. Proof of Concept Currently, getAmountsIn calculates the amountsIn like below. amountsIni - 1 = reserveIn amountOut 1000 / reserveOut - amountOut 997 + 1; As we can see...