Contract Selfdestruct via delegatecall

Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...

WrappedIbbtcEth.sol Sanity check of pricePerShare should be enforced

Handle WatchPug Vulnerability details /// @dev Update live ibBTC price per share from core /// @dev We cache this to reduce gas costs of mint / burn / transfer operations. /// @dev Update function is permissionless, and must be updated at least once every X time as a sanity check to ensure value ...

Leftover balance in the Executioner contract can be drained

Handle gzeon Vulnerability details Impact Leftover balance in the Executioner contract can be drained by swapping the target assetnative/erc20 into another asset. Slingshot.executeTrades allow user to execute trade using modules as long as the module is registered in the ModuleRegistry. The...

Improper Validation Of create2 Return Value

Handle leastwood Vulnerability details Impact The BeaconProxyDeployer.deploy function is used to deploy lightweight proxy contracts that act as each asset's vault. The function does not revert properly if there is a failed contract deployment or revert from the create2 opcode as it does not...

registerAsset() can overwrite _assetClass value

Handle gpersoon Vulnerability details Impact Everyone can call the function registerAsset of MochiProfileV0.sol Assuming the liquidity for the asset is sufficient, registerAsset will reset the assetClass of an already registered asset to AssetClass.Sigma. When the assetClass is changed to...

Epoch may rounded to zero in deposit depositRewardTokens and takeOutRewardTokens

Handle jonah1005 Vulnerability details division bias in deposit depositRewardTokens and takeOutRewardTokens Impact When the owner deposits reward into the contract, the remainder would not be counted. These dust tokens would be left in the contract. There's a similar issue in takeOutRewardTokens...

Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch. This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch. For example, when allocatedTokensPerEpoch is 1 CQT,...

allocatedTokensPerEpoch cannot be changed under special scenario

Handle csanuragjain Vulnerability details Impact allocatedTokensPerEpoch will fail to change and higher rewards would be given. Proof of Concept 1. Navigate to 2. Check the setAllocatedTokensPerEpoch function function setAllocatedTokensPerEpochuint128 amount public onlyOwner requireamount 0,...

Incorrect updateGlobalExchangeRate implementation

Handle xYrYuYx Vulnerability details Impact UpdateGlobalExchangeRate has incorrect implementation when totalGlobalShares is zero. If any user didn't start stake, totalGlobalShares is 0, and every stake it will increase. but there is possibility that totalGlobalShares can be 0 amount later by...

QuickAccManager Smart Contract signature verification can be exploited

Handle cmichel Vulnerability details Several different signature modes can be used and Identity.execute forwards the signature parameter to the SignatureValidator library. The returned signer is then used for the privileges check: address signer = SignatureValidator.recoverAddrImplhash, signature...

cancel() calculates hashTx in the wrong way

Handle gpersoon Vulnerability details Impact The function cancel of contract QuickAccManager uses the wrong way to calculate the hash that has to be cancelled. It uses: "bytes32 hashTx = keccak256abi.encodeaddressthis, block.chainid, accHash, nonce, txns;" Where it should use "bytes32 hash =...

lack of access modifier in mintReturn()

Handle JMukesh Vulnerability details Impact Due to lack of access modifier in mintReturn , any malicious actor can set its value to false due which function which will call mintaddress f, uint256 a will always fail which include: custodialInitiate mintZcTokenAddingNotional Proof of Concept Tools...

unchecked return value from approve()

Handle JMukesh Vulnerability details Impact contract uses an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed, returning false instead. The impact is that, tokens that don’t actually perform the approve and return false are still...

Wrong indexes: positionId vs incentiveId

Handle 0xsanson Vulnerability details Impact In multiple functions in ConcentratedLiquidityPoolManager, the index positionId is used instead of the correct incentiveId when dealing with the incentives mapping. Of course the issue is that incentives cannot be used, or in some cases only by lucky...

Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect

Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...

TridentRouter.addLiquidity() Add liquidity to IndexPool through TridentRouter may casue loss of a small portion of users funds

Handle WatchPug Vulnerability details The mint function in IndexPool requires the liquidity provider to transfer in amounts no less than the amounts of tokens' reserve proportionally to the toMint amount. However, the TridentRouter won't calculate the toMint amount and amountsIn for the liquidity...

UniswapV3Helper: getSqrtPriceX96() doesn't work for tokens with non-18 decimals

Handle hickuphh3 Vulnerability details Impact The getSqrtPriceX96 will return incorrect values for pairs comprising of non-18 decimals. This affects the amounts calculated for a position. Proof of Concept Let us take the ETH-WBTC pair as an example. Note that WBTC has 8 decimals, and is an active...

Incorrect timing

Handle goatbug Vulnerability details Impact uint256 public constant TIMELOCKDURATION = 4 60 24; // 1 day This is not one day. 4 60 24 != 86400 where 86400 is seconds in a day. Proof of Concept Incorrect timelocks in both the basket and factory can allow parameters to be modified quicker than...

Bond div set to zero

Handle goatbug Vulnerability details Impact bondPercentDiv can be set to zero by the owner. This would give a div by zero error in line 61 bondAmount = basketToken.totalSupply / factory.bondPercentDiv; and brick any portfolio balancing ever. Proof of Concept Provide direct links to all referenced...

_addLiquidity will lose user funds due to frontrunning.

Handle tensors Vulnerability details Impact If addLiquidity is ever called with funds at stake anything more than a few thousand dollars it becomes profitable for MEV bots and other frontrunners to frontrun the addLiquidity call by skewing the pool reserves lowering the amount of LP tokens return...

The function addToken does not check if the token was already added

Handle hrkrshnn Vulnerability details addToken does not check if the token was already added The function addToken does not check if the token was already present. function addToken address vault, address token external override notHalted onlyStrategist requireallowedTokenstoken, "!allowedTokens"...

Vault treats all tokens exactly the same that creates (huge) arbitrage opportunities.

Handle jonah1005 Vulnerability details Impact The v3 vault treats all valid tokens exactly the same. Depositing 1M DAI would get the same share as depositing 1M USDT. User can withdraw their share in another token. Though there's withdrawalProtectionFee 0.1 percent, the vault is still a no slippa...

lack of validation for the v and s value in recover() funciton

Handle JMukesh Vulnerability details Impact due to lack of checking of v and s value in recover it become prone to signature malleability Proof of Concept check out the tryRecover of ECDSA.sol Tools Used manual reveiw Recommended Mitigation Steps add necessary check to make the signature unique -...

Lack of sufficient power check in updateValset of Gravity

Handle shw Vulnerability details Impact The updateValset function does not check whether the new valset has sufficient power to pass a vote see the constructor for more details. If the new valset does not, any function calling checkValidatorSignatures will be disabled since the transaction revert...

notionalCallback can be tricked by anyone

Handle pauliax Vulnerability details Impact Anyone can call function notionalCallback with arbitrary params and pass the auth check. The only auth check can be easily bypassed by setting sender param to the address of this contract. It allows to choose any parameter that I want: function...

ChainLink price data could be stale

Handle cmichel Vulnerability details Vulnerability Details There is no check in ExchangeRate.buildExchangeRate if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicat...

Idiosyncratic fCash valuation is incorrect

Handle tensors Vulnerability details Impact The docs say that: "Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of the...

ERC20Rewards.sol: Use TransferHelper for rewardsToken

Handle hickuphh3 Vulnerability details Impact As it is used in other contracts, rewardsToken shouldn't be an exception. --- The text was updated successfully, but these errors were encountered: All reactions...

Strategy.sol: startPool() can possibly be flashloaned

Handle hickuphh3 Vulnerability details Impact Since startPool is callable by anyone, an attacker can flash loan to first imbalance the pool, get the strategy to deposit in the imbalanced ratio, then rebalance the pool to the original ratio, thus causing the strategy to suffer from impermanent los...

initializeMarket always initialize the latest market

Handle jonah1005 Vulnerability details Impact In longshore contract's initializeMarket, while it should initialize according to the parameter marketIndex, it initialize latestMarket. This would break two market, the market of marketIndex' and market of latestMarket. User's fund would get stuck at...

Yield sources cannot be swapped back

Handle shw Vulnerability details Impact The setYieldSource function of SwappableYieldSource calls the safeApprove function to approve the yield sources with the maximum allowance of transferring underlying tokens. However, according to OpenZeppelin's implementation, the safeApprove function...

Single under-funded protocol can break paying off debt

Handle cmichel Vulnerability details The SherXERC20.payOffDebtAll function iterates over all protocols of the token. If a single project does not have enough funds to cover the premium payments, the transactions come to a halt, see payOffDebt: debt = accruedDebtps, protocol, blocks; // this can...

Allowance cannot be reset once it is set to the maximum

Handle shw Vulnerability details Impact The approve functions of the pool LP tokens and synths do nothing if the allowances is already the maximum number, i.e., typeuint256.max. Therefore, Alice cannot change her allowance to Bob once she approved him with the maximum approval. Proof of Concept...

DaoVault.withdraw(address,address) potentially subject to timestamp manipulation

Handle heiho1 Vulnerability details Impact DaoVault.withdrawaddress,address uses block.timestamp based comparisons can be affected by miner behavior, leading to withdrawal impacts on the user. Proof of Concept Tools Used Slither Recommended Mitigation Steps An external time oracle like ChainLink...

Dao has unchecked transfers

Handle heiho1 Vulnerability details Impact Dao.moveBASEBalanceaddress and Dao.handleTransferInaddress,uint256 do not check transfer return values on lines 220 and 266. If the token implementation returns false and does not revert, then potentially the user can deposit for free. Proof of Concept...

Router.swapSynthToAsset(uint256,address,address) has unchecked transfer

Handle heiho1 Vulnerability details Impact Router.swapSynthToAssetuint256,address,address on line 249 ignores the boolean return on transfers. This is a brittle implementation because it relies on the boolean return value being hard-coded to true. Tokens may return false and not revert in which...

[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds

Handle maplesyrup Vulnerability details Impact This is a medium risk vulnerability as it can affect funds within pools that are created via this contract. With no withdraw functions being implemented, it is possible that funds can be locked in the contract with no way to retrieve earnings or...

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in UniswapV3Oracle.ethPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

LendingPair._safeTransfer does not work with all ERC20 tokens

Handle cmichel Vulnerability details The LendingPair.safeTransfer function will revert if tokens do not return a boolean because the interface ERC20.transfer function it uses indicates that this function always returns a boolean. Some tokens like USDT don't correctly implement the EIP20 standard...

Lending Pair initialize function can be front run.

Handle jonah1005 Vulnerability details Impact LendingPair does not initialize tokenMaster, controller, tokens. A hacker can listen the deployer address and front run the initialize transaction. The initialized contract would look almost exactly the same if the hacker only replace lpTokenMaster wi...

Router liquidity on receiving chain can be double-dipped by the user

Handle 0xRajeev Vulnerability details Impact During fulfill on the receiving chain, if the user has set up an external contract at txData.callTo, the catch blocks for both IFulfillHelper.addFunds and IFulfillHelper.excute perform transferAsset to the predetermined fallback address...

TransactionIDs may not be reused by user

Handle cmichel Vulnerability details Vulnerability Details The fulfill signature is only on txData.transactionId, relayerFee which allows the router to steal user funds for cross-chain transfers that go to the same router and use the same transaction ID as an earlier transfer. Example: a successf...

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

distributeStrategyGainLoss can be abused

Handle gpersoon Vulnerability details Impact The function distributeStrategyGainLoss does the following check to allow access to the function: requireindex 0 || index = NCOINS + 1, "!VaultAdaptor"; However the expression index 0 || index = NCOINS + 1 is always TRUE, because the OR || is used shou...

Wrong funding index in settle when no base?

Handle cmichel Vulnerability details The TracerPerpetualSwaps.settle function updates the user's last index to currentGlobalFundingIndex, however a comment states: "// Note: global rates reference the last fully established rate hence the -1, and not the current global rate. User rates reference...

Use of incorrect index leads to incorrect updation of funding rates

Handle 0xRajeev Vulnerability details Impact The updateFundingRate function updates the funding rate and insurance funding rate. While the instant/new funding rates are calculated correctly, the cumulative funding rate calculation is incorrect because it is always adding the instant to 0, not the...

Initialization functions can be front-run with malicious values

Handle 0xRajeev Vulnerability details Impact Most contracts have public visibility initialization functions that can be front-run, allowing an attacker to incorrectly initialize the contracts. Due to the use of the delegatecall proxy pattern, PrizePool/YieldSourcePrizePool/StakePrizePool,...

withdraw timelock can be circumvented

Handle cmichel Vulnerability details One can withdraw the entire PrizePool deposit by circumventing the timelock. Assume the user has no credits for ease of computation: user calls withdrawWithTimelockFromuser, amount=userBalance with their entire balance. This "mints" an equivalent amount of...

Awarding takes reserve fee several times

Handle cmichel Vulnerability details The PrizePool.captureAwardBalance function takes fees repeatedly on the same interest. One would expect unaccountedPrizeBalance to be 0 in any repeated calls, but it's not. Assume the following example scenario with a 10% reserve fee: user calls...

Card affiliate payouts are skipped if a single card does not have an affiliate

Handle cmichel Vulnerability details Vulnerability Details The Market.initialize function sets the cardAffiliateCut to zero if a single cardAffiliateAddresses is the zero address. for uint256 i = 0; i numberOfCards; i++ if cardAffiliateAddressesi == address0 cardAffiliateCut = 0; Impact Even if a...