[WP-H3] saleRecipient can rug buyers

Lines of code Vulnerability details In TokenSaleUpgradeable.solbuy, tokenIn will be transferred from the buyer directly to the saleRecipient without requiring/locking/releasing the correspoining amount of tokenOut. This allows the saleRecipient to rug the users simply by not transferring tokenOut...

Double transfer in the transferAndCall function of ERC677

Handle shw Vulnerability details Impact The implementation of the transferAndCall function in ERC677 is incorrect. It transfers the value amount of tokens twice instead of once. Since the Flan contract inherits ERC667, anyone calling the transferAndCall function on Flan is affected by this...

You can grief migrations by sending SCX to the UniswapHelper

Handle camden Vulnerability details Impact The attack here allows the attacker to prevent migrations. The attack here is recoverable because we can just call buyFlanAndBurn f it worked as expected with SCX as the input token to buy Flan with the extra SCX, then run the migration again. Proof of...

Improper Validation Of Chainlink's latestRoundData Function

Handle leastwood Vulnerability details Impact latestRoundData is missing additional validation to ensure that the round is complete and has returned a valid/expected price. This is documented here. Proof of Concept , int256 daiPrice, , , = DAI.latestRoundData; , int256 usdcPrice, , , =...

OpenLevV1Lib's and LPool's doTransferOut functions call native payable.transfer, which can be unusable for smart contract calls

Handle hyh Vulnerability details Impact When OpenLev operations use a wrapped native token, the whole user withdraw is being handled with a payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way any programmatical usage...

Failed transfer with low level call could be overlooked

Handle harleythedog Vulnerability details Impact In LaunchEvent.sol, the function safeTransferAVAX is as follows: function safeTransferAVAXaddress to, uint256 value internal bool success, = to.callvalue: valuenew bytes0; requiresuccess, "LaunchEvent: avax transfer failed"; This function is utiliz...

l1CirculatingSupply may not give correct value after a mass withdrawal from L2

Handle hubble Vulnerability details Impact In the event of a mass withdrawal from L2, the l2SupplyFromL1 is set to 0 in the function decreaseL2SupplyFromL1. Now if LPT is moved again from L1 to L2, some of them may be the excess LPT withdrawn from above case. So the value of l1CirculatingSupply...

fundDepositAndReserveFor function does not exist in protocol

Handle harleythedog Vulnerability details Impact The L2Migrator contract makes use of the function fundDepositAndReserveFor on the ticket broker. In the commit hash for the contest seen from this snippet from the contest page: git clone https://github.com/livepeer/protocol git checkout...

Missing Re-entrancy Guard

Handle defsec Vulnerability details Impact The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability. Proof of Concept 1. Navigate to the following contract. function finishDepositStableuint256 idx external...

repayDebt in Vault.sol could DOS functionality for markets

Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...

When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.

Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...

TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value

Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...

TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity

Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...

updateDistribution() can unexpectedly revert

Handle sirhashalot Vulnerability details Impact The updateDistribution can revert unexpectedly, which results in the pointsPerUnit state variable not getting updated. Even more impactful is if the value of distributableXDEFI ever reaches a peak and never returns to this number, it will be...

23

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Missing burn function in _unlock function

Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...

100

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...

totalLiquidityWeight Is Updated When Adding New Token Pairs Which Skews Price Data For getVaderPrice and getUSDVPrice

Handle leastwood Vulnerability details Impact The addVaderPair function is called by the onlyOwner role. The relevant data in the twapData mapping is set by querying the respective liquidity pool and Chainlink oracle. totalLiquidityWeight for the VADER path is also incremented by the...

mintSynth can be frontrun to steal money

Handle danb Vulnerability details nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; mintSynth has a from parameter, this is where they take the money for the transaction. If an address has allowance for the contract, anyone can use it and take it using mintSynth. Impact If a user sets...

VaderPoolV2 owner can steal all user assets which are approved VaderPoolV2

Handle TomFrenchBlockchain Vulnerability details Impact Possible theft of all user assets with an ERC20 approval on VaderPoolV2 Proof of Concept The owner of VaderPoolV2 can call the setTokenSupport function which allows the caller to supply any address from which to take the assets to provide th...

Reentrancy in contracts/BorrowerOperations.sol

Handle heiho1 Vulnerability details Impact There are several potential re-entrant functions in contracts/BorrowerOperations.sol: = Function addColl on line 346 is potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes adjustTrove which potentially...

Return variable can remain unassigned in _sendForReceiver

Handle sirhashalot Vulnerability details Impact The sendForReceiver function only sets a return function in the "if" code block, not the "else" case. If the "else" case is true, no value is returned. The result of this oversight is that the sendForReceiver function called from the distribute...

A vault can be locked from MarketplaceZap and StakingZap

Handle p4st13r4 Vulnerability details Impact Any user that owns a vToken of a particular vault can lock the functionalities of NFTXMarketplaceZap.sol and NFTXStakingZap.sol for everyone. Every operation performed by the marketplace, that deals with vToken minting, performs this check:...

SafeERC20 Is Not Used On Token Transfers

Handle leastwood Vulnerability details Impact The transfer function is used on WETH and vault token transfers over OpenZeppelin's SafeERC20 library. As a result, these function may return unintended results which are not handled correctly. The SafeERC20 library ensures transfer and transferFrom...

It might not be possible to withdraw tokens from the basket

Handle Czar102 Vulnerability details Impact When enough basket token owners exit, it will be impossible to exit pool with the last MINAMOUNT tokens because of this check. This will result in locking some tokens forever. Recommended Mitigation Steps Consider resigning from this check or performing...

SingleTokenJoinV2 doesn't take input deadline to consideration

Handle kenzo Vulnerability details SingleNativeTokenExitV2 takes as input from the user a deadline for the trades. However, it does not use this input for the actual trade but sets the deadline to be block.timestamp. Impact Trades will not work as expected. User might set a deadline for the trade...

PriceOracle Does Not Filter Price Feed Outliers

Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...

claimRewards Does Not Prevent Users From Claiming Rewards After A Promotion's End Epoch

Handle leastwood Vulnerability details Impact claimRewards allows a user to collect their TWAB calculated rewards for a provided set of epochIds. The contract utilises a claimedEpochs mapping which tracks claimed rewards per user. Each claimed epoch is represented by a single bit within a uint256...

Possibility to drain TwabRewards smart contract tokens (even with valid ticket)

Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing uint256 overflow in updateClaimedEpoch Proof of Concept The vulnerability arises because of uint256 overflow in updateClaimedEpoch return userClaimedEpochs | uint2561 The attacker needs to have in...

Can claim epoch > 255 repeatedly due to bitshift truncation

Handle gzeon Vulnerability details Can claim epoch 255 repeatedly due to bitshift truncation Impact TwabRewards contract store user claimed reward in a claimedEpochs bitmap. function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return userClaimedEpochs epoch...

Auction.sol#settleAuction() Bonder may not be able to settle a bonded auction, leading to loss of funds

Handle WatchPug Vulnerability details uint256 a = factory.auctionMultiplier basket.ibRatio; uint256 b = bondBlock - auctionStart BASE / factory.auctionDecrement; uint256 newRatio = a - b; address memory pendingTokens, uint256 memory pendingWeights, uint256 minIbRatio = basket.getPendingWeights;...

Basket.sol#auctionBurn calculates ibRatio wrong

Handle 0x0x0x Vulnerability details The function is implemented as follows: function auctionBurnuint256 amount onlyAuction nonReentrant external override uint256 startSupply = totalSupply; handleFeesstartSupply; burnmsg.sender, amount; uint256 newIbRatio = ibRatio startSupply / startSupply -...

unstreamed variable is not updated in withdraw function

Handle csanuragjain Vulnerability details Impact Contract variable unstreamed is not updated in withdraw function which can lead to unstability Proof of Concept 1. Observe the stake function of Stream contract function stakeuint112 amount public lock updateStreammsg.sender ... unstreamed +=...

Reward token not correctly recovered

Handle cmichel Vulnerability details The Streaming contract allows recovering the reward token by calling recoverTokensrewardToken, recipient. However, the excess amount is computed incorrectly as ERC20token.balanceOfaddressthis - rewardTokenAmount + rewardTokenFeeAmount: function...

Public variable unstreamed can be smaller than ∑ts.tokens due to unstreamed not being updated in withdraw()

Handle WatchPug Vulnerability details unstreamed is a public variable, and it's been actively managed in stake, updateStreamInternal. However, since users can also withdraw unstreamed depositToken, the global variable unstreamed should be updated in withdraw as well. For example: 1. Alice deposit...

stabilize() is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details When the price of Malt is off the lowerThreshold and upperThreshold, StabilizerNode.sol will market buy/sell Malt. However, since the market sell can be triggered by anyone, and there is no slippage control, it makes it vulnerable to flashloan sandwich attack...

MiningService.setBonding should use BONDING role instead of REINVESTOR one

Handle hyh Vulnerability details Impact BONDINGROLE cannot be managed after it was initialized. Proof of Concept setBonding set the wrong role via swapRole: Recommended Mitigation Steps Set BONDINGROLE instead of REINVESTORROLE in setBonding function: Now: function setBondingaddress bonding publi...

AddLiquidity allows sandwich attacks on direct use within hard coded 5% slippage tolerance

Handle hyh Vulnerability details Impact Liquidity provision can happen at a manipulated price which leads to immediate loss for liquidity provider i.e. IL happens right after liquidity provision in this case. This yields direct loss for an account owner, for example schematically: 0. Suppose...

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively diluting th...

Wrong design/implementation of freeTrial allows attacker to steal funds from the protocol

Handle WatchPug Vulnerability details The current design/implementation of freeTrial allows users to get full refund before the freeTrial ends. Plus, a user can transfer partial of thier time to another user using shareKey. This makes it possible for the attacker to steal from the protocol by...

Malicious user can DOS lock by falsely reaching maxNumberOfKeys using shareKey

Handle kenzo Vulnerability details A malicious user can call shareKey repeatedly, transferring miniscule amounts of his key to different accounts, thereby minting new keys until maxNumberOfKeys is reached. Impact Malicious user can grief and make lock purchasing become disabled. Proof of Concept ...

function mint() No Tokens Will be Transfer to _recipient

Handle Meta0xNull Vulnerability details Impact mintrecipient, amount; At the end of mint, mint seems like responsible to transfer tokens to recipient but there is no code no function of mint in this contract. Thus No Tokens Will be Transfer to recipient. recipient who do not Receive Their Tokens...

ERC20.transfer return value is ignored

Handle pants Vulnerability details ERC20 transfer and transferFrom return values are ignored. There is no whitelist, therefore users can use ERC20 tokens that transfer/transferFrom returns False instead of revert. for example: YaxisVoteProxy.sol line 55 MetaVault.sol line 579 MockPickleJar.sol li...

NestedFactory.sol#_submitInOrders() Wrong implementation cause users to be overcharged

Handle WatchPug Vulnerability details When executing orders, the actual amountSpent + feesAmount can be lower than inputTokenAmount, the unspent amount should be returned to the user. However, in the current implementation, the unspent amount will be taken as part of the fee. function...

ERC1155Supply vulnerability in OpenZeppelin Contracts

Handle defsec Vulnerability details Impact When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total...

Insufficient check on updateVestedTokens function

Handle rfa Vulnerability details Impact This function can be used by the beneficiary to update their vested token, however the function is callable by anyone, there is no check if the msg.sender/caller is the correct beneficiary, the only check is , but this check is user controllable, therefore...

FSDVesting: Claiming tributes should call FSD token's corresponding functions

Handle hickuphh3 Vulnerability details Impact The claiming of staking and governance tributes for the a beneficiary's vested tokens should be no different than other users / EOAs. However, the claimTribute and claimGovernanceTribute are missing the actual claiming calls to the corresponding...

Contract BasicSale is missing an approve(address(vestLock), 2**256-1) call

Handle Reigada Vulnerability details Impact As we can see in the contracts AirdropDistribution and InvestorDistribution, they both have the following approve call: mainToken.approveaddressvestLock, 2256-1; This is necessary because both contracts transfer tokens to the vesting contract by calling...

Contract Selfdestruct via delegatecall

Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...