ETH funds accidentally sent to InfinityStaker cannot be retrieved

Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...

rescueETH function doesn't works as expected

Lines of code Vulnerability details Impact The rescueETH function is implemented to collect any unexpected ETH transferred to the infinityExchange.sol contract, But this function will not work as expected. The function is supposed to return the eth from the contract to the specified destination...

Deprecated CHAINLINK API usage

Lines of code Vulnerability details Impact Usage of deprecated chainlink function to get collateral price. Proof of Concept The Chainlink API latestAnswer used in the FungibleAssetVaultForDAO contract is deprecated: This method returns the last value but that value cannot be fully updated. New V3...

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

Olas can be locked less than 1 week

Lines of code Vulnerability details Impact The minimum lock time for OLAS is 1 week. If a user locks their OLAS for a duration less than that, their voting power becomes zero. However, in OLAS:createLockFor, the system only checks if the unlockTime is greater than the block.timestamp. Consequentl...

Dangerous use of deadline parameter

Lines of code Vulnerability details Summary The protocol is using block.timestamp as the deadline argument while interacting with the Uniswap NFT Position Manager, which completely defeats the purpose of using a deadline. Impact Actions in the Uniswap NonfungiblePositionManager contract are...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

Deriving the price with balanceOf() is dangerous

Lines of code Vulnerability details Impact Deriving the price with balanceOf is dangerous as it can easily be manipulated by direct transfers. Proof of Concept In the getAssetDistributionData function, the asset lying in the LRTDepositPool is retrieved using balanceOfaddressthis:...

CamelotRelayer uses wrong interface for CamelotPair

Lines of code Vulnerability details Impact The CamelotRelayer uses the OracleLibrary as an interface for accessing oracle data from the CamelotPair contract which is the Camelot DEX's equivalent of a pool using the OracleLibrary from UniSwapV3Pool's periphery contracts but because the CamelotPair...

Unprotected initialize functions can front-run by MEV or by an Attacker

Lines of code Vulnerability details Vulnerability Detail It should be avoided that the implementation of proxy contracts can be initialized by third parties. This can be the case if the initialize function is unprotected. Since the implementation contract is not meant to be used directly without ...

Reentrancy Vulnerability in MErc20Delegate.sol

Lines of code Vulnerability details Impact The fallback function delegates calls to the implementation contract using delegatecall. This allows the implementation contract to call back into MErc20Delegate before the original delegatecall completes. An attacker could exploit this vulnerability to...

the check for the roundId == answeredInRound should be set to >= in the ChainlinkCompositeOracle.sol#getPriceAndDecimals

Lines of code Vulnerability details Impact the function getPriceAndDecimals have check that it check if the round id is equal to the answer in round ID. this check should be change to = because some roundID may get the data/answers in the round that is more than the roundId and this case is...

Hard slippage in Reth.withdraw()

Hard slippage in Reth.withdraw Description A hard slippage has been introduced in Reth.withdraw. This is a new occurrence of part of M-12 not the main report, but e.g. this duplicate, namely that the slippage can be changed only by the owner, which under volatile market conditions or a depegging...

Offchain name resolution would fail despite the located DNS resolver being fully functional

Lines of code Vulnerability details Description In OffchainDNSResolver, resolveCallback parses resource records received off-chain and extracts the DNS resolver address: // Look for a valid ENS-DNS TXT record address dnsresolver, bytes memory context = parseRR iter.data, iter.rdataOffset,...

CrossChainExecutor contracts do not update the necessary states for failing transactions.

Lines of code Vulnerability details Impact The CrossChainExecutorArbitrum and CrossChainExecutorOptimism contracts both use CallLib library to invoke Calls on external contract. As per the CallLib library implementation, any failing Call results in the entire transaction getting reverted. The...

Attackers can prevent the creation of pools

Lines of code Vulnerability details Impact A malicious attacker can permanently prevent users from creating pools of certain token pairs. Proof of Concept The deploy function in AlgebraPoolDeployer.sol uses a salt while deploying a new AlgebraPool: 44: function deploy 45: address dataStorage, 46:...

Unsafe downcast

Lines of code Vulnerability details Impact It's possible to generate silent overflows when downcasting. E.g. if the value if bigger than the type being cast, it will overflow starting from zero. Proof of concept For the Price.sol constructor, if observationFrequency is a small value and...

BathToken.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details function deposituint256 assets, address receiver internal returns uint256 shares uint256 pool = underlyingBalance; uint256 before = underlyingToken.balanceOfaddressthis; // Assume caller is depositor underlyingToken.transferFrommsg.sender, addressthis, assets;...

Controller.setStrategy tries to withdraw JPEG token with incorrect function strategy.withdraw(address), leading to certain revert and renders setStrategy unuseable

Lines of code Vulnerability details Impact Whenever STRATEGISTs want to switch from currently used strategy to another one, they are required to call the Controller.setStrategy function. This function is responsible for first withdrawing CRV and JPEG tokens from strategy contract into vault, then...

use of deprecated chainlink oracle method

Lines of code Vulnerability details Impact latestanswer , this method does not error if no answer has been reached, it will simply return 0, since we have checks in function requireanswer 0, "invalidoracleanswer"; we may not get the latest value of current price which can affect the functionality...

PoolTemplate.sol initialize() can be called by attacker during deployment

Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...

Frontrunning attack via swap token functionality

Handle thankyou Vulnerability details Impact Amun utilizes both Pangolin and Uniswap's Routers to swap tokens within a given pair. One of the router functions used by Amun is swapExactTokensForTokens. Amun provides this function several arguments that the Router contract then utilizes to commence...

return value of 0 from ecrecover not checked

Handle gpersoon Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

IndexPool.mint() Unchecked arithmetic can overflow that allows stealing of almost all the funds in the pool

Handle WatchPug Vulnerability details /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by using the return value. function mintbytes calldata data public override lock returns uint256...

Depository.sol#L291 : Lack of slippage protection when deposit tokens in exchange for a bond from a specified product

Lines of code Vulnerability details Impact Lack of slippage protection for an user from minting the OLAs for the given token amount. When the price fluctuation is high, user would suffer with huge loss. Proof of Concept Depository contract would be used to create a product and for a particular...

lack of deadline for uniswap interactions

Lines of code Vulnerability details Impact Lack of deadline can cause a transaction to be executed at an unfavorable time. Causing loss for the trader/liquidity provider. Proof of Concept In all three liquidity interactions with uniswap there is a lack of deadline parameter as block.timestamp is...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Re-org attack in factory LiquidationPairFactory.sol

Lines of code Vulnerability details Impact Allowing creation of new LiquidationPairs by Re-org attack may adversely affect pricing in LiquidationPair.sol contracts. Proof of Concept The LiquidationPairFactory.solcreatePair function deploys a new LiquidationPair using the create, where the address...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

depositERC20To() and withdrawTo() is missing onlyEOA() modifier - Leading to loss of user funds

Lines of code Vulnerability details Impact StandardBridge.sol contract has a modifier called onlyEOA. The comment says 132 / 133 @notice Only allow EOAs to call the functions. Note that this is not safe against contracts 134 calling code within their constructors, but also doesn't really matter...

Risk assessment of the finalizeETHWithdrawal function in the bridge contract

Lines of code Vulnerability details Summary The finalizeBridgeETH function: function finalizeETHWithdrawal address from, address to, uint256 amount, bytes calldata extraData external payable finalizeBridgeETHfrom, to, amount, extraData; is a public function, which means that anyone can call it...

All the lp tokens will be stuck in the AMO2 contract if CVXStaker.withdrawAllAndUnwrap is called with sendToOperator flag

Lines of code Vulnerability details Impact Loss all the stEth and xEth lp tokens. Proof of Concept The CVXStaker.withdrawAllAndUnwrap can be called by the admin. And if the sendToOperator param is true, all the lp tokens of the CVXStaker contract include lp tokens staked in the CVX and left in th...

Attacker can operate as a staker/operator on eigenLayer without risking any funds

Lines of code Vulnerability details Impact Attacker would get shares in StrategyManager without staking any real funds. This would allow him to earn rewards or act maliciously without fear of getting slashed. Proof of Concept Here is the verifyWithdrawalCredentialsAndBalance function: L175-L226...

proveAndClaim and proveAndClaimWithResolver can be front-run to claim the same name by a malicious user

Lines of code Vulnerability details Impact In the DNSRegistrar contract, the proveAndClaim and proveAndClaimWithResolver functions are used to claim a name. And this name is not encrypted. This can create a race condition because once this name is claimed, it cannot be claimed by other users. In...

Users might lose their stETH rebased reward due to the weights change

Lines of code Vulnerability details Vulnerability Details Let's consider the following scenario: Bob deposits 10eth with the weights: stETH: weights0 = 90e18, rETH: weights1 = 5e18. sfrxETH: weights2 = 5e18 Now, since the Lido has 80% of liquid staking market, Asymmetry Finance decides to adjust...

Incorrect minOut calculation in SfrxEth.withdraw()

Lines of code Vulnerability details Impact Final value of mintOut will be lower or higher according to the SFRXETH/FRXETH price ratio. This can result in higher slippage where user can loss funds. Else in other case the slippage will be low and transaction gets reverted unexpectedly Proof of...

Division before multiply results in precision loss

Lines of code Vulnerability details Impact Precision loss occurs when division is carried out before multiplication, that can affect gas calculation in terms of publishing the data to L1. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps Recommendation is made for avoiding...

StabilizerNode.stabilize() should update lastTracking as well to avoid an unnecessary incentive.

Lines of code Vulnerability details Impact StabilizerNode.stabilize should update lastTracking as well to avoid an unnecessary incentive. Current logic pays unnecessary incentives to track the pool. Proof of Concept trackPool pays an incentive per trackingBackoff in order to ensure pool...

LP token is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The addQuote function in the pair.sol smart contract utilizes a pricing formula for liquidity pools that is susceptible to exploitation through flashloan manipulation. By introducing a large quantity of...

Solmate saftransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details In PirexGmx.sol and ERC4626Vault.sol, the contract uses the solmate library which does not check the existence of code at the token address. This is a known issue when using solmate's libraries. Reference: Impact Possible loss of funds and miscalculation. Proof...

L2 deposits might be reverted

Lines of code Vulnerability details Impact L1ERC20Bridge and L1EthBridge contracts have claimFailedDeposit function to withdraw funds from the initiated deposit, which failed when finalizing on L2. However, if the caller is allowed in senderCanCallFunction modifier, this function can be used to...

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

Frontrunning initialize to negatively affect first liquidity provider possible

Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...

The requestRandomSeed() function can be manipulated

Lines of code Vulnerability details Impact The task of the requestRandomSeed function works in ArtGobblers.sol for Request a new random seed from ChainlinkV1. There is a working rule: Can only be called every 24 hours at the earliest To make the requestRandomSeed function run every 24 hours; The...

DoS with underlying Rebasing/Deflationary tokens

Lines of code Vulnerability details M -01 Issues with underlying Rebasing/Deflationary tokens Problem When underlying token is Rebasing/Deflationary at some point users will not be able to withdraw, because of the rebasing mechanics balance of tokens of the smart contract may change over time and...

Calling Governor.execute function without sending any ETH can withdraw general ETH funds from the Treasury contract

Lines of code Vulnerability details Impact When calling the following Governor.execute function, the Treasury.execute function is executed. Because Governor.execute is payable, ETH can be sent to the Treasury contract. function execute address calldata targets, uint256 calldata values, bytes...

user fund loss in redeem() of RariMerkleRedeemer, because of division rounding error in previewRedeem() which is used in _redeem() and _multiRedeem()

Lines of code Vulnerability details Impact Because of the division rounding error in calculating baseToken amount, when users tries to redeem, they receive less baseToken for the amount of cToken they transferred to the RariMerkleRedeemer contract. This bug is more critical when cToken is a very...

Community's escrow allows for signature replay

Lines of code Vulnerability details checkSignatureValidity verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding...

Approve not compatible with Tether (USDT) implementation

Lines of code Vulnerability details Impact Approve not compatible with Tether USDT implementation Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT or CVX's approve function will revert if the current...