lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

Frontrunning attack via swap token functionality

Handle thankyou Vulnerability details Impact Amun utilizes both Pangolin and Uniswap's Routers to swap tokens within a given pair. One of the router functions used by Amun is swapExactTokensForTokens. Amun provides this function several arguments that the Router contract then utilizes to commence...

return value of 0 from ecrecover not checked

Handle gpersoon Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

IndexPool.mint() Unchecked arithmetic can overflow that allows stealing of almost all the funds in the pool

Handle WatchPug Vulnerability details /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by using the return value. function mintbytes calldata data public override lock returns uint256...

Wrong invocation of Whirpools's updateFeesAndRewards will cause it to always revert

Lines of code Vulnerability details Impact Deposits will be unwithdrawable from the lockbox Proof of Concept If the entire liquidity of a position has been removed, the withdraw function calls the updateFeesAndRewards function on the Orca pool before attempting to close the position. function...

Insecure and Inflexible Forwarder Approval Mechanism (Full Access Grant)

Lines of code Vulnerability details Impact The current implementation of the onlyApprovedForwarder modifier in the Ocean smart contract has several negative impacts: 1. Security Risk: Users are exposed to a significant security risk if their forwarder is compromised. An attacker can exploit full...

Deriving the price with balanceOf() is dangerous

Lines of code Vulnerability details Impact Deriving the price with balanceOf is dangerous as it can easily be manipulated by direct transfers. Proof of Concept In the getAssetDistributionData function, the asset lying in the LRTDepositPool is retrieved using balanceOfaddressthis:...

the perpetualVaultLP.sol is vulnable by flashloan attack

Lines of code Vulnerability details impact The perpVaultLp contract is susceptible to a flash loan attack. An attacker can exploit the vulnerability by executing flash loan transactions using both the deposit and redeem functions. This allows the attacker to acquire extra rdpx tokens and increase...

depositERC20To() and withdrawTo() is missing onlyEOA() modifier - Leading to loss of user funds

Lines of code Vulnerability details Impact StandardBridge.sol contract has a modifier called onlyEOA. The comment says 132 / 133 @notice Only allow EOAs to call the functions. Note that this is not safe against contracts 134 calling code within their constructors, but also doesn't really matter...

Risk assessment of the finalizeETHWithdrawal function in the bridge contract

Lines of code Vulnerability details Summary The finalizeBridgeETH function: function finalizeETHWithdrawal address from, address to, uint256 amount, bytes calldata extraData external payable finalizeBridgeETHfrom, to, amount, extraData; is a public function, which means that anyone can call it...

When borrowRateMantissa is higher than the limit value, VToken contract will be DOS

Lines of code Vulnerability details Impact File: VToken.sol 678 function accrueInterest public virtual override returns uint256 --skip-- 695 uint256 borrowRateMantissa = interestRateModel.getBorrowRatecashPrior, borrowsPrior, reservesPrior; 696 requireborrowRateMantissa borrowRateMaxMantissa. Thi...

Hard slippage in Reth.withdraw()

Hard slippage in Reth.withdraw Description A hard slippage has been introduced in Reth.withdraw. This is a new occurrence of part of M-12 not the main report, but e.g. this duplicate, namely that the slippage can be changed only by the owner, which under volatile market conditions or a depegging...

Attacker can operate as a staker/operator on eigenLayer without risking any funds

Lines of code Vulnerability details Impact Attacker would get shares in StrategyManager without staking any real funds. This would allow him to earn rewards or act maliciously without fear of getting slashed. Proof of Concept Here is the verifyWithdrawalCredentialsAndBalance function: L175-L226...

Offchain name resolution would fail despite the located DNS resolver being fully functional

Lines of code Vulnerability details Description In OffchainDNSResolver, resolveCallback parses resource records received off-chain and extracts the DNS resolver address: // Look for a valid ENS-DNS TXT record address dnsresolver, bytes memory context = parseRR iter.data, iter.rdataOffset,...

proveAndClaim and proveAndClaimWithResolver can be front-run to claim the same name by a malicious user

Lines of code Vulnerability details Impact In the DNSRegistrar contract, the proveAndClaim and proveAndClaimWithResolver functions are used to claim a name. And this name is not encrypted. This can create a race condition because once this name is claimed, it cannot be claimed by other users. In...

sFrxEth may revert on redeeming non-zero amount

Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. SfrxEth.withdraw calls IsFrxEthSFRXETHADDRESS.redeemamount, addressthis, addressthis;. This function may revert if amount is low due to the following line in...

StabilizerNode.stabilize() should update lastTracking as well to avoid an unnecessary incentive.

Lines of code Vulnerability details Impact StabilizerNode.stabilize should update lastTracking as well to avoid an unnecessary incentive. Current logic pays unnecessary incentives to track the pool. Proof of Concept trackPool pays an incentive per trackingBackoff in order to ensure pool...

LP token is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The addQuote function in the pair.sol smart contract utilizes a pricing formula for liquidity pools that is susceptible to exploitation through flashloan manipulation. By introducing a large quantity of...

CrossChainExecutor contracts do not update the necessary states for failing transactions.

Lines of code Vulnerability details Impact The CrossChainExecutorArbitrum and CrossChainExecutorOptimism contracts both use CallLib library to invoke Calls on external contract. As per the CallLib library implementation, any failing Call results in the entire transaction getting reverted. The...

L2 deposits might be reverted

Lines of code Vulnerability details Impact L1ERC20Bridge and L1EthBridge contracts have claimFailedDeposit function to withdraw funds from the initiated deposit, which failed when finalizing on L2. However, if the caller is allowed in senderCanCallFunction modifier, this function can be used to...

DoS with underlying Rebasing/Deflationary tokens

Lines of code Vulnerability details M -01 Issues with underlying Rebasing/Deflationary tokens Problem When underlying token is Rebasing/Deflationary at some point users will not be able to withdraw, because of the rebasing mechanics balance of tokens of the smart contract may change over time and...

Calling Governor.execute function without sending any ETH can withdraw general ETH funds from the Treasury contract

Lines of code Vulnerability details Impact When calling the following Governor.execute function, the Treasury.execute function is executed. Because Governor.execute is payable, ETH can be sent to the Treasury contract. function execute address calldata targets, uint256 calldata values, bytes...

use of deprecated chainlink oracle method

Lines of code Vulnerability details Impact latestanswer , this method does not error if no answer has been reached, it will simply return 0, since we have checks in function requireanswer 0, "invalidoracleanswer"; we may not get the latest value of current price which can affect the functionality...

Controller.setStrategy tries to withdraw JPEG token with incorrect function strategy.withdraw(address), leading to certain revert and renders setStrategy unuseable

Lines of code Vulnerability details Impact Whenever STRATEGISTs want to switch from currently used strategy to another one, they are required to call the Controller.setStrategy function. This function is responsible for first withdrawing CRV and JPEG tokens from strategy contract into vault, then...

Attacker can steal part of the rewards if one of the extraRewards is rewarded with Convex Token

Handle WatchPug Vulnerability details Given that ConvexYieldWrapper.solwrap allows anyone to wrap with the contract's balance of convexToken to an arbitrary address. function wrapaddress to, address from external require!isShutdown, "shutdown"; uint256 amount =...

how to protect for weird erc20 tokens

Handle gpersoon Vulnerability details Impact The protocol only works as expected when the ERC20 tokens are well behaved. If rebasing tokens or malicious token contracts are used then unexpected results can happen. I don't see any code to restrict the tokens or verify the tokens. Proof of Concept...

CM can delegatecall to any address and bypass all restrictions

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig CM actions within the protocol to only specific contracts and methods. This is achieved by implementing a checkTransaction method, which is invoked by the CM GnosisSafe before every...

Dangerous use of deadline parameter

Lines of code Vulnerability details Summary The protocol is using block.timestamp as the deadline argument while interacting with the Uniswap NFT Position Manager, which completely defeats the purpose of using a deadline. Impact Actions in the Uniswap NonfungiblePositionManager contract are...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

withdrawCarry will not work

Lines of code Vulnerability details Description When calculating the amount of interest gathered this calculation is done: asD::withdrawCarry: File: asD/src/asD.sol 73: uint256 exchangeRate = CTokenInterfacecNote.exchangeRateCurrent; // Scaled by 1 10^18 - 8 + Underlying Token Decimals, i.e. 10^2...

There is no check that price from Chainlink hits min/max answer

Lines of code Vulnerability details Impact Chainlink aggregator has bounds minAnswer and maxAnswer within which the price can be set. In a case like LUNA, Chainlink will return minAnswer instead of real asset value, overvaluing it. Proof of Concept Here is explained that current Aggregators have...

wrong implementation of rayDiv.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps function...

Max Price Ratio Manipulation

Lines of code Vulnerability details Impact Vulnerable Part in Code: pyinit.divpyinit.subpxinit ABDKMath64x64.divuuintMAXPRICERATIO, 1 here is A scenario where the range of acceptable price ratios is between 1 and 100 for instance, due to a misconfiguration or oversight, the constant MAXPRICERATIO...

Re-org attack in factory LiquidationPairFactory.sol

Lines of code Vulnerability details Impact Allowing creation of new LiquidationPairs by Re-org attack may adversely affect pricing in LiquidationPair.sol contracts. Proof of Concept The LiquidationPairFactory.solcreatePair function deploys a new LiquidationPair using the create, where the address...

The protocol uses IRouter01 from Uniswap, which should not be used anymore because of a bug found in the code

Lines of code Vulnerability details Impact The protocol implements Router01 from UniswapV2 to do any swaps of tokens in OptionsPositionManager.sol, but Router01 is deprecated and bugged and should not be used anymore. Proof of Concept As can be seen in the UniswapV2 documentation Router01 should...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

DENIAL OF SERVICE COULD OCCUR IF CHAINLINK PRICE FEEDS ARE BLOCKED

Lines of code Vulnerability details Impact Protocol’s usability becomes very limited when access to Chainlink oracle data feed is blocked The LibOracle.readChainlinkFeed function calls the feed.latestRoundData on the chain link price feed to calculate the quotePrice and retrun it to the...

setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract

Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...

withdrawAllAndUnwrap() the clpToken transfer to AMO.sol may be locked in the contract

Lines of code Vulnerability details Impact in withdrawAllAndUnwrap the clpToken transfer to AMO.sol may be locked in the contract Proof of Concept withdrawAllAndUnwrap You can specify sendToOperator==true to transfer the clpToken to operator The code is as follows: function withdrawAllAndUnwrap...

Users might lose their stETH rebased reward due to the weights change

Lines of code Vulnerability details Vulnerability Details Let's consider the following scenario: Bob deposits 10eth with the weights: stETH: weights0 = 90e18, rETH: weights1 = 5e18. sfrxETH: weights2 = 5e18 Now, since the Lido has 80% of liquid staking market, Asymmetry Finance decides to adjust...

Incorrect minOut calculation in SfrxEth.withdraw()

Lines of code Vulnerability details Impact Final value of mintOut will be lower or higher according to the SFRXETH/FRXETH price ratio. This can result in higher slippage where user can loss funds. Else in other case the slippage will be low and transaction gets reverted unexpectedly Proof of...

Division before multiply results in precision loss

Lines of code Vulnerability details Impact Precision loss occurs when division is carried out before multiplication, that can affect gas calculation in terms of publishing the data to L1. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps Recommendation is made for avoiding...

User can call getReward multiple times causing 51% attack

Lines of code Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. Stakers "may" choose to lock their assets for some...

KIBToken: Unexpected reverts of _calculateCumulativeYield & _calculatePreviousEpochCumulativeYield

Lines of code Vulnerability details Impact In KIBToken the calculateCumulativeYield & calculatePreviousEpochCumulativeYield functions intend to calculate the yields using the formula yield.rayPowtime.rayMulcumulativeYield. function calculateCumulativeYield private view returns uint256 uint256...

Solmate saftransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details In PirexGmx.sol and ERC4626Vault.sol, the contract uses the solmate library which does not check the existence of code at the token address. This is a known issue when using solmate's libraries. Reference: Impact Possible loss of funds and miscalculation. Proof...

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

Wrong calculation in function LBRouter._getAmountsIn make user lose a lot of tokens when swap through JoePair (most of them will gifted to JoePair freely)

Lines of code Vulnerability details Vulnerable detail Function LBRouter.getAmountsIn is a helper function to return the amounts in with given amountOut. This function will check the pair of token and tokenNext is JoePair or LBPair using binStep. If binStep == 0, it will be a JoePair otherwise it...

Frontrunning initialize to negatively affect first liquidity provider possible

Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...

The requestRandomSeed() function can be manipulated

Lines of code Vulnerability details Impact The task of the requestRandomSeed function works in ArtGobblers.sol for Request a new random seed from ChainlinkV1. There is a working rule: Can only be called every 24 hours at the earliest To make the requestRandomSeed function run every 24 hours; The...