Wrongly implemented modifier allow everybody to mint Rabbit Hole tickets.

Lines of code Vulnerability details Impact As specified on RabbitHole C4 contest page, RabbitHoleTickets smart contract 'is an 1155 reward contract used by the RabbitHole team.' Meaning that the assets managed by this smart contract have value. Moreover this contract implements ERC-2981: NFT...

## [H-02] Return value of 0 from ecrecover not checked

Lines of code Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

QuestFactory is suspicious of the reorg attack

Lines of code Vulnerability details Description The createQuest function deploys a quest contract using the create, where the address derivation depends only on the QuestFactory nonce. At the same time, some of the chains Polygon, Optimism, Arbitrum to which the QuestFactory will be deployed are...

ONLYMINTER MODIFIER WILL NOT REVERT WHEN MSG.SENDER IS NOT MINTERADDRESS

Lines of code Vulnerability details Impact onlyMinter in RabbitHoleReceipt.sol and RabbitHoleTickets.sol is noted to be housing only msg.sender == minterAddress in its code logic. RabbitHoleReceipt.solL58-L61 RabbitHoleTickets.solL47-L50 modifier onlyMinter msg.sender == minterAddress; ; It will...

Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

Attacker can steal the NFT bought by sending it to another vault he control

Lines of code Vulnerability details Impact The mitigation of H-08 try to validate the vault returned by market with the VaultRegistry. However, it only validated if the vault exists, but not if it is the correct vault. A similar attack described in code-423n4/2022-12-tessera-findings47 can be...

Overflow Vulnerability in Splits Contract Due to Maximum Splits Receivers Limitation (_MAX_SPLITS_RECEIVERS = 200)

Lines of code Vulnerability details Impact If more than 200 splits receivers are added for a single user, the constant MAXSPLITSRECEIVERS will be exceeded, causing unexpected behavior in the contract uint256 internal constant MAXSPLITSRECEIVERS = 200; Proof of Concept a. Create an array of splits...

Incorrect _removeTokenEnumeration implementation of ERC1155Enumerable

Lines of code Vulnerability details Impact removeTokenFromAllTokensEnumeration can never be called, because of wrong order of if statement and idTotalSupplyid -= amount;. This leads to totalSupply do not correctly minus 1 when all token amounts for a specific tokenId get burned. Proof of Concept...

Improper check for Zero Address

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is an error in the if statement of the referenced line of code. It should check for zero address and return an error. This will prevent the creating a new contract for an existing option pair, eve...

In TimeswapV2LiquidityToken.sol and TimeswapV2Token.sol, different positions might be minted to the same id.

Lines of code Vulnerability details Impact In this protocol, all positions should have unique ids to track and update their status. Currently, different positions might be minted to the same id and the main logic for the positions will be broken. Proof of Concept TimeswapV2LiquidityToken.mint set...

Upgraded Q -> M from #229 [1674661441196]

Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Support for IERC165 interface id is missed Contract: Impact: Contract fails to support a valid interface which could lead to failure of genuine calls Steps: Observe the supportsInterface function...

Upgraded Q -> M from #113 [1674422768939]

Judge has assessed an item in Issue 113 as M risk. The relevant finding follows: During handling the open fees, the tigAsset is distributed to gov. But, it is not approved before to be consumed by gov. So, the first user's transaction to initiate a market order, will fail. During handling the clo...

Upgraded Q -> M from #100 [1674425909347]

Judge has assessed an item in Issue 100 as M risk. The relevant finding follows: Lines of code Vulnerability details Impact The wrong amount of LP tokens will be minted and the wrong amount of A/B tokens will be deposited. Proof of Concept According to the PDF document provided, the number of LP...

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

Inconsistent min deposit

Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...

commitToLien() can pass in an illegal payment token

Lines of code Vulnerability details Impact Stealing vault assets Proof of Concept There are currently two ways to create new Liens in the system 1. user call AstariaRouter.commitToLiens, the internal implementation of this is through VaultImplementation.commitToLien to create 2. user can call...

Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function

Lines of code Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest calculation. This could result in an incorrect interest amount being calculated, which could lead to incorrect payments being...

Transfer of assets should come before deleting and burning the collateral id

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Clldata id is burnt and deleted before transfer Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...

Future Epoch Pending Redemption Balance Set Vulnerability

Lines of code Vulnerability details Impact The setPendingRedemptionBalance function allows an admin to set the balance of a user's pending redemption for a specific epoch. However, it does not properly check that the epoch being set is in the past and not in the future. An attacker could...

Rounding error "confiscastes" some collateral

Lines of code Vulnerability details Impact There are no adjustments for collateral that is not returned on redemptions due to rounding errors. It will stay in the assetSender however, it will look as if was fully paid out. The rounding error also depends on the burned quantity, so it may be...

Upgraded G -> 3 from #31 [1673740310963]

Judge has assessed an item in Issue 31 as 3 risk. The relevant finding follows: gegae --- The text was updated successfully, but these errors were encountered: All reactions...

SmartAccount implementation contract can be destroyed by anyone

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by anyone Impact Locking all user's funds forever due to DoS for all functions. Proof of Concept There are 2 main reasons for this vulnerability: 1. The expected behaviour of interacting with the...

handleAggregatedOps() does not handle non-atomic transactions which results in whole function revert if one transaction does not go through

Lines of code Vulnerability details Impact Function reverts if one account or paymaster is not validated, which leads to a waste of time and gas. Proof of Concept EntryPoint.UserOpsPerAggregator takes in an array of opsPerAggregator in its parameter and loops through each struct. In the function,...

PROTOCOL MIGHT NOT BE ABLE TO OPERATE DUE TO LACK OF FUNDS

Lines of code Vulnerability details Impact Redeem/withdraw functionality will fail under certain conditions and users who want to redeem/withdraw their AVAX will not be able to. Proof of Concept Users stake their AVAX and in return get ggAVAX. The AVAX provided by the users is then staked by the...

Possible to block withdrawal of staked funds after recordStakingEnd or stakingError

Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...

NODE OPERATORS CAN WITHDRAW ALL THEIR GGP COLLATERAL BEFORE VALIDATION PERIOD ENDS THEREBY AVOIDING SLASHING.

Lines of code Vulnerability details Impact 1. Node operators can avoid slashing, thus no penalties. 2. Node operators can withdraw their entire GGP collateral before the validation period is over. Proof of Concept The withdrawGGP function in Staking.sol transfers back to node operator excess GGP...

Upgraded Q -> M from #4 [1671756144822]

Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy: Insertion timestamp ignored The documentation states that "If the users have the same quantity as well, the bid that was placed later will have Raes removed.". However, with the current implementation, this i...

Reentrancy attack allows to get loan for free

Lines of code Vulnerability details Impact Reentrancy attack allows to get loan for free when startLiquidationAuction is called on last collateral token. Proof of Concept When user has a bad debt, then anyone can start auction for his nft. To purchase token, liquidator can call...

PaprController.onERC721Received() assigns collateral to operator's vault instead of the nft owner's one

Lines of code Vulnerability details Impact The collateral is assigned to the operator's vault because of a parameter mismatch. This impacts the ability of third parties to integrate the PaprController contract. You're not able to create an intermediary contract that adds collateral to a user's...

Collateral NFT deposited to a wrong address, when transferred directly to PaprController

Lines of code Vulnerability details Impact Users will lose collateral NFTs when they are transferred to PaprController by an approved address or an operator. Proof of Concept The PaprController allows users to deposit NFTs as collateral to borrow Papr tokens. One of the way of depositing is by...

Upgraded Q -> M from #22 [1671528533640]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: NC-2 Return values of approve not checked --- The text was updated successfully, but these errors were encountered: All reactions...

Borrowers may earn auction proceeds without filling the debt shortfall

Lines of code Vulnerability details Impact The proceeds from the collateral auctions will not be used to fill the debt shortfall, but be transferred directly to the borrower. Proof of Concept Assume N is an allowed NFT, B is a borrower, the vault V is vaultInfoBN: 1. B add two NFTsN-1 and N-2 as...

Insufficient Timestamp Validation for Signed Messages

Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...

Upgraded Q -> M from #334 [1671456734920]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...

Price manipulation if baseToken have transfer hook

Lines of code Vulnerability details Impact Pair calculate the price by dividing the fractional token reserve with base token reserve. If the token have a before transfer hook, there would be a time where the fractional token reserves changed but the base token reserve have not, where the executio...

_transferFrom() in Pair contract doesn't update approval amounts when transferring user fractional tokens

Lines of code Vulnerability details Impact Contract Pair is and ERC20 token which represents user fractional token balance and it has all the features of the standard ERC20 tokens. function transferFrom has been written for transferring token but the logic isn't complete and it doesn't consider...

## MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT

Lines of code Vulnerability details MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT These functions below are set some emergency scenarios. But caviar.Owner able to triggered these functions as he want. Need to set some require statement in order to actually check these scenarios before his...

Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod

Lines of code Vulnerability details Impact The functions verifyUnsuccessfulState and verifySuccessfulState should always have a differing behavior with regards to reversion, i.e. when one does not revert, the other should revert. In one condition, this is not true. Namely, when we have pool.succe...

Groupbuy: Construction of merkle tree allows some unintended IDs to be bought

Lines of code Vulnerability details Impact In GroupBuy.purchase, when no proof is provided, it is required that the provided token ID is equal to the stored merkleRoot: if purchaseProof.length == 0 // Hashes tokenId to verify merkle root if proof is empty if bytes32tokenId != merkleRoot revert...

Wrong position size calculation in TradingLibrary.pnl()

Lines of code Vulnerability details Impact Users will pay less closing fees than they should when they have a profitable short position. Also, they will pay more fees when they have a lost short position. Proof of Concept TradingLibrary.pnl calculates the new position size like below. function...

_priceData.price is not verified in _limitClose

Lines of code Vulnerability details Impact In the function limitClose from the TradingExtension contract the priceData.price is not verified with the getVerifiedPrice function instead its value is directly used, and because the the getVerifiedPrice internally calls the function...

ERC20 approvals may need to be set to 0 beforehand

Lines of code Vulnerability details Impact There are some instances where there is an ERC20 approval for a max uint256 amount. ERC20 tokens such as USDT require the address allowance to be set to 0 beforehand, so this would cause reverts for those tokens. Proof of Concept -Token such as USDT gets...

Pool cannot recover from the emergency mode

Lines of code Vulnerability details Impact Pool cannot recover from the emergency mode. If the admin turn on the emergency mode, the user cannot swap or addLiqudity in the pool any more. Proof of Concept In the Pool Contract, the admin factory owner can set the status of the pool to ermergency:...

Owner can rug PrePOMarket using re-initialized finalLongPayout.

Lines of code Vulnerability details Description In PrePOMarket.sol, the finalLongPayout represents the finalized value of a single long token in the market. It is settled post ICO / IPO according to predetermined rules. The issue is that this value may be re-initialized as many times as owner...

depositAndTrade::exactInputSingleParams the possible return values not checked

Lines of code Vulnerability details Impact The return values ​​from collateral.deposit and collateral.transferFrom are not used. This means that the values ​​returned by those functions will not be stored or used in the code. The swapRouter.exactInputSingle function also likely returns no value, ...

userToDeposits is always increasing, can eventually reach cap

Lines of code Vulnerability details Impact In contract DepositRecord when a deposit is recorded through function recordDeposit: function recordDepositaddress sender, uint256 amount external override onlyAllowedHooks requireamount + globalNetDepositAmount amount globalNetDepositAmount -= amount;...

Liquidity cannot be removed by an approved address via Router

Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...

Unsafe usage of ERC20 methods

Lines of code Vulnerability details There are many weird ERC20 tokens that don't follow the standard ERC20 interface. Depending on the ERC20 token, some transfer errors may result in passing unnoticed, or some successful transfers may be treated as failed. The current implementation assumes that...

Redeem should revert if the TokenSender.sol doesn’t have enough outputtoken to reimburse to users.

Lines of code https://github.com/prepo-io/prepo-monorepo/blob/49a7ed94272db013245d9364e69be713a8aef0a2/apps/smart-contracts/core/contracts/TokenSender.solL41 Vulnerability details According to the comments in the code of RedeemHook.hook function : Once a market has ended, users can directly settl...

PrePOMarket.redeem() business logic may raise users' concerns of their assets

Lines of code Vulnerability details Impact When a user tries to redeem assets, current business logic may fail and pop the error msg fee = 0 repeatedly. Users may not understand what's happening behind, thus raise concers about the safety of their assets since it looks like their assets are out o...