Deposit transaction is prone to being front-run by bad actors.

Lines of code Vulnerability details Impact It is possible for an attacker to front-run a user's deposit transaction while transferring fewer amount of assets than the user and minting an equivalent amount of shares as the user could have. Proof of Concept The scenario described below is for the...

Missing access control in mintYieldFee allowing everybody to mint the available YieldFee to himself

Lines of code Vulnerability details Impact Everybody can call the mintYieldFee function in the Vault, when there is yieldFeeTotalSupply available and mint shares to himself for free, which latter results in stealing funds form the Vault. if this is a desired behavior, which it shouldn't based on...

TwabLib::getTwabBetween can return innacurate balances if _startTime and _endTime aren't safely bounded

Lines of code Vulnerability details M-01 TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Vulnerability details Here's the documentation of the get TwabLib::getTwabBetween function : File: twab-controller\src\libraries\TwabLib.sol 278: / 279:...

The output amount validation in Vault.liquidate() is not correct.

Lines of code Vulnerability details Impact The output amount validation is not correct in Vault.liquidate, so the method might accept invalid output amount and refuse valid output amount. Proof of Concept In Vault.liquidate, there is a validation about the output share amount should be less than ...

Arbitrary Pending _setPendingVetoer Address Assignment.

Lines of code Vulnerability details Impact If an attacker successfully impersonates the vetoer, they can set any address as the pending vetoer. This can compromise the integrity of the vetoer role and enable unauthorized access or control over certain functions or actions within the contract. Pro...

Storage collision risk in NounsDAOProxy contracts

Lines of code Vulnerability details Impact NounsDAOProxy contract may lose tracking its implementation address Proof of Concept One of the main vulnerabilities of upgradeable contracts is storing the implementation address in the beginning slots. This address is later used by proxy for delegateca...

Potential for Permanent Lock of Funds in NounsDAOExecutorV2 Contract

Lines of code Vulnerability details Impact The NounsDAOExecutorV2 contract has a potential vulnerability where Ether or ERC20 tokens could become permanently locked in the contract. This could occur if funds are sent to the contract by someone other than the admin, or if the admin loses access to...

Division before Multiplication could incur unnecessary precision loss

Lines of code Vulnerability details Impact Division before multiplication could incur unnecessary precision loss causing loss of funds. Proof of Concept In the dynamicQuorumVotes function of NounsDAOV3DynamicQuorum.sol contract the value of againstVotesBPS is first calculated by dividing a value ...

Upgraded Q -> 2 from #727 [1689056893075]

Judge has assessed an item in Issue 727 as 2 risk. The relevant finding follows: ERC20 check success issue --- The text was updated successfully, but these errors were encountered: All reactions...

Code Execution on the ERC725Account in ILSP6KeyManager.sol

Lines of code Vulnerability details Impact The ILSP6KeyManager interface has a few potential security vulnerabilities. These vulnerabilities allow an attacker to execute malicious code on the ERC725Account, bypass nonce checking, and bypass timestamp checking. These vulnerabilities could be...

The MultiFlowPump.sol/update() function will neither update nor revert any call made to it by any Well Implementation, hence will fail in storing the correct reserve values.

Lines of code Vulnerability details Impact The MultiFlowPump will not be able to update the lastReserves, emaReserves, cumulativeReserves. This will let any attacker to manipulate the value of reserves to any number. Proof of Concept As provided the code of update function, the getDeltaTimestamp...

Inflation attack in well

Lines of code Vulnerability details Impact The Well.sol contract is vulnerable to a first depositor attack allowing someone to directly send funds to the pool in order to obfuscate the totalSupply and steal funds from the subsequent depositor. Proof of Concept Below is how the attack can be carri...

uint128 changeAmount might overflow

Lines of code Vulnerability details Impact This issue is an edge case, that uint128 changeAmount could overflow, making the protocol fail for certain amount of swap. Proof of Concept Let's break down the changeAmount: 1. amountOut/amountIn 2. BASE27 3. normalizer File:...

Unsafe cast in getCollateralRatio()

Lines of code Vulnerability details Impact LibGetters.getCollateralRatio might return the incorrect ratio due to the unsafe cast. Proof of Concept getCollateralRatio outputs the collateral ratio using the total collaterals and issued agTokens. // The stablecoinsIssued value need to be rounded up...

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...

Not using slippage parameter in swap() while swapping causes loss of funds

Lines of code Vulnerability details Impact While making a swap on UniswapV3 the caller should use the slippage parameter amountOutMinimum parameter to avoid losing funds. In swapToEqualAmounts does not use the slippage parameter amountOutMinimum. File: /src/talos/libraries/PoolActions.solL46-L52...

Not using slippage parameter when interacting with AMMs

Lines of code Vulnerability details Impact The slippage parameters are hardcoded to 0, meaning the minimum amount can be 0. The absence of slippage protection causes transactions to be vulnerable to front running. This can result in users potentially losing their funds. Proof of Concept...

Functions don't update after being called

Lines of code Vulnerability details Impact Without updating the reserve or vault value of tokens after calling different functions, the contract may be prone to inconsistent state, security issues, financial implications, and bad user experience. It is important to review and update the reserve...

Reactivated gauges can’t queue up rewards

Lines of code Vulnerability details Impact Reactivated gauges can’t queue up rewards Proof of Concept Active gauges as set by authorised users get their rewards queued up in the FlywheelGaugeRewards.queueRewards function. As part of it, their associated struct QueuedRewards updates its storedCycl...

Calculation during rebalancing can overflow

Lines of code Vulnerability details Proof of Concept Rebalancing logic in TalosBaseStrategy will start by the strategy manager calling TalosBaseStrategy.rebalance to swap imbalanced tokens. This function will call TalosStrategySimple.doRebalance Next, PoolActions.swapEqualAmounts will be called...

Owner will be address(0) because it is not initialized

Lines of code Vulnerability details Impact Owner will be address0 making the functions which use the onlyOwner modifier insolvable Proof of Concept There are contracts in the protocol which use the Ownable from OZ: esLBRBoost.sol, EUSDMiningIncentives.sol, ProtocolRewardsPool.sol,...

distributeRewards can revert because of the too strict slippage check

Lines of code Vulnerability details Impact The report highlights that the distributeRewards function can revert due to a strict slippage check. The provided proof of concept demonstrates the issue, where the slippage is set to 98%, leading to potential transaction failures. Proof of Concept...

In LybraStETHVault.sol (LybraEUSDVaultBase.sol) a user could rigid redeem an amount more than their deposited collateral when the collateral ratio of the user goes below 100% even if they have been super-liquidated.

Lines of code Vulnerability details Impact If the collateral ratio of a user goes below 100%, the user would be able to redeem all of their eUSD for a collateral amount greater than their depositedAssetuser even after they have been super-liquidated. For eg, let us say we have a user X. Now, in...

The LybraRETHVault.depositEtherToMint doesn't keep record of user's ether deposits which results in loss for the user.

Lines of code Vulnerability details Impact High: User will lose his deposited ether. Proof of Concept The collateralAsset address variable which is used in LybraPeUSDVaultBase is assumed to be stETH token address Now the depositEtherToMint function from contract LybraRETHVault.sol which inherits...

_quorumReached does not add all votes

Lines of code Vulnerability details Impact quorumReached is a function that checks if the Amount of votes already cast passes the threshold limit. But the function does not add all votes //@audit-issue quorum reached does not add all votes function quorumReacheduint256 proposalId internal view...

quorumReached does not account for forVotes

Lines of code Vulnerability details Impact quorumReached does not account for forVotes. Proof of Concept The supportVodes mapping of the ProposalExtraData struct consists of three values: forVotes, againstVotes and abstainVotes respectively on keys 0, 1 and 2. The function: function...

A Dutch trade could end up with an unintended lower closing price

Lines of code Vulnerability details Impact notTradingPausedOrFrozen that is turned on and off during an open Dutch trade could have the auction closed with a lower price depending on the timimg, leading to lesser capability to boost the Rtoken and/or stRSR exchange rates as well as a weakened...

Slippage protection minOut autoSwapThreshold is not effective when swapping the token

Lines of code Vulnerability details Impact In the current model, the minimum output minOut amount for the auto-swap is set to match the autoSwapThreshold, which is fixed at 4 CANTO. This configuration might result in potential market risks due to fluctuations in the value of CANTO, potentially...

Lack of input validation

Lines of code Vulnerability details Impact There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable. Proof of Concept After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it,...

Canto pool could be drained.

Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the...

tryCatchLimit can forward less than the specified gasLimit due to how CALL* opcode forward gas

Lines of code Vulnerability details Description To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The problem relays on the fact that we cannot be sure th...

In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed

Lines of code Vulnerability details Impact In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed. Otherwise wrong distribution will be used. Proof of Concept BackingManager.forwardRevenue function sends revenue amount to the...

M-10 Unmitigated

Lines of code Vulnerability details Mitigation of M-10: Issue NOT mitigated Mitigated issue M-10: First 1 wei deposit can produce lose of user xETH funds in wxETH Fix: code-423n4/2023-05-xeth@fbb2972 The issue is similar to the standard inflation attack, except that instead of the attacker's...

Upgraded Q -> 2 from #66 [1686923855595]

Judge has assessed an item in Issue 66 as 2 risk. The relevant finding follows: L-13 The owner is a single point of failure and a centralization risk Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken ...

The low-level call returns true if the address does not exist

Lines of code Vulnerability details Impact As written in the Solidity documentation , the call, delegatecall and staticcall low-level functions return true as its first return value if the account being invoked does not exist, as part of the design of the EVM. The existence of the account must be...

Clone LlamaCore and LlamaPolicy in LlamaFactory.sol may fail or DOS

Lines of code Vulnerability details Impact LlamaFactory uses Clones.cloneDeterministic to create new LlamaCore and LlamaPolicy contracts. The address of the new PrivatePool depends solely on the name parameter keccak256abi.encodePackedname provided by the administrator when calling the deploy...

Execution does not work if the action has a non-zero value

Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...

LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error

Lines of code Vulnerability details Impact LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error: quantity holders. The two cannot be compared. In general quantity holder, so the approver was lower than expected. Proof of Concept diff --git...

Arbitrary delegatecalls from LlamaAccount can be used to steal assets

Lines of code Vulnerability details Impact Using delegatecall to call arbitrary contracts is highly dangerous as it can be used to steal assets. An attacker could sneak in a contract that steals all the assets owned by the LlamaAccount contract. Proof of Concept Below is a diff to the existing...

The owner is a single point of failure and a centralization risk.

Lines of code Vulnerability details Impact & Vunerability Details. Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure, as this contract's owner can perform roles of high importance to the protocol. A single private key may be taken in a...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

ERC20 token bridge does not support token with different decimals

Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards. This means th...

Exchange rate is stale for deposit to calculate shares

Lines of code Vulnerability details Impact The attacker can take profit with the delayed exchange rate updating mechanism. He can deposit to the protocol to take a share of large mev reward generated by the protocol before the exchange rate update. Proof of Concept The getExchangeRate function is...

Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds

Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...

The owner is a single point of failure and a centralization risk (06 Instances)

Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Tools Used...

Changing _treasuryRate can cause lender to lose some interest that it is entitled to

Lines of code Vulnerability details Impact Calling the following ParticleExchange.buyNftFromMarket, ParticleExchange.repayWithNft, ParticleExchange.refinanceLoan, and ParticleExchange.auctionBuyNft functions accrue interestAccrued for the corresponding lender. When calling these functions, the...

Lender can auction the loan without any restriction to cause losses to the borrower

Lines of code Vulnerability details Lender can auction the loan without any restriction to cause losses to the borrower Impact The lender can unilaterally decide to auction a loan at any time, without any restriction. The process can be started by calling startLoanAuction and offers to repay the...

Supplying NFT, which is borrowed from Particle Exchange, to Particle Exchange can cause original lien's borrower to lose such NFT and previously sent msg.value even though its position for original lien is not yet insolvent

Lines of code Vulnerability details Impact After a borrower calls the following ParticleExchange.swapWithEth function, the borrower receives the corresponding NFT. function swapWithEthLien calldata lien, uint256 lienId external payable override validateLienlien, lienId ... /// @dev cannot instant...

Project may fail to be deployed to chains not compatible with Shanghai hardfork

Lines of code Vulnerability details Project may fail to be deployed to chains not compatible with Shanghai hardfork Current settings may produce incompatible bytecode with some of the chains supported by the protocol. Impact The Ambire wallet supports and targets different chains, such as Ethereu...