[bootloader] A bytecode hash without the bytecode (preimage) can be marked as known, breaking the prover

Lines of code Vulnerability details This is a report of a finding in bootloader.yul. While the file is out of scope of the contest, the sponsor stated that they would still accept findings in the file and would judge them separately from the contest. Impact A bytecode hash for which the bytecode...

NonceHolder.setValueUnderNonce does not increase the minNonce when using sequential account nonce ordering

Lines of code Vulnerability details Impact The current available nonce can't be synchronized to the client and rpc resp in real time. As a result, the client can't use the correct nonce to signature transaction. Proof of Concept If the nonceOrdering type of the account is...

An attacker can manipulate the call stack of the transaction to impersonate another address and set a different value for the origin variable.

Lines of code Vulnerability details Impact By changing the transaction's call stack, an attacker can use the origin variable to pretend to be another address, as a result, the attacker can be able to enter the system without authorization and carry out evil deeds. Proof of Concept The vulnerabili...

Flawed calculation in getPoolReward leads to permanent loss of rewards

Lines of code Vulnerability details In NeoTokyoStaker.getPoolReward, a users reward is calculated as follows: 1388: uint256 share = points PRECISION / pool.totalPoints totalReward; 1390: share /= PRECISION; points represents the users total points in the pool over a specific potentially long time...

Permit authorized callers can burn any amount of BYTES 2.0 tokens from an arbitrary address

Lines of code Vulnerability details Impact Using the burn function of BYTES 2.0, an authorized caller can burn an arbitrary amount of tokens from any address. I'm aware that it was mentioned in README.md of the project that this type of finding is out of the scope. but I believe it is still...

Attacker can abuse rounding down to get reward without depositing anything in LP pool

Lines of code Vulnerability details Impact In function withdrawLP, it calculates the amount of points from the amount input parameter. unchecked uint256 points = amount 100 / 1e18 lpPosition.multiplier / DIVISOR; // Update the caller's LP token stake. lpPosition.amount -= amount; lpPosition.point...

Total reward is miscalculating

Lines of code Vulnerability details Impact In the getPoolReward the calcul of totalReward is wrong because the rewardRate is not updated. When block.timestamp is less or equal to windows.startTime the reward rate should equal to the current window rate not the previous one. Proof of Concept...

# configureLP function should check LP stakers present before changing LP address.

Lines of code Vulnerability details configureLP function should check LP stakers existence before changing LP address. Permitted users are allowed to change LP address when lpLocked is false. So this does not follow the comments above. Proof of concept 1701 This function allows a permitted user t...

Error in the calculation of daoShare value in the getPoolReward function

Lines of code Vulnerability details Impact In the getPoolReward function inside the NeoTokyoStaker contract there is an error in the calculation of the daoShare value which represents the part of rewards sent to the treasury, this means that the treasury will receive less rewards that what it is...

Infinite mint via points underflow (in scope)

Lines of code Vulnerability details Impact Due to unchecked math in the withdrawLP function, a user can trigger an underflow in their points and infinitely increase their rewards. The problem exists in several places. Problem 1. The configureTimelockOptions function allows setting...

Winnings might be unable to catch up with prize pot

Lines of code Vulnerability details Impact Profit may become ineffective, meaning that funds are effectively stuck in the contract. Proof of Concept Funds are owned by the Lottery and the only way out is through payouts. However, since the jackpot is bound by jackpotBound the expected payout taki...

Likelihood of becoming zero numbers for the numbers of the winning ticket

Lines of code Vulnerability details Impact The logic of the function reconstructTicket may give more zero numbers inside the packed winning ticket. Proof of Concept As this issue may already be a sponsor-acknowledge case, however, it's worth explaining. Considering the case 7/35 for a lottery gam...

Wrong reward calculation if the reward token doesn't have 18 decimals

Lines of code Vulnerability details Impact If the rewardToken has less than 16 decimals, users will not be able to claim the correct value of their prize. Try not to think it will be DAI only. We will probably use DAI for the first product, but think more in general approach @0xluckydev5064 It is...

Loss of reward for stakingRewardRecipient

Lines of code Vulnerability details Impact Anyone can call claimRewards function with rewardType = LotteryRewardType.STAKING, in which function LotteryMath.calculateRewards is used to calculate reward to transfer to beneficiary. By observing number of ticketsSold calculated from the...

Price manipulation attack

Lines of code Vulnerability details Impact The PriceFeed.sol was marked OOS but I believe this to be a valid issue. If the chainlink feed fails which is does from time to time, the Tellor price feed takes over no matter what the delta is compared to the chainlink price. This is an issue because t...

Re-entrancy inside BorrowOperations if collateral is ERC777

Lines of code Vulnerability details Impact Invariant violations through re-entrancy if the collateral token is ERC777 Proof of Concept If the collateral token will be an ERC777 token, a malicious user could use the safeTransfer from L231 to re-enter the BorrowOperations contract context and call...

No Contract Compiled Yet, missing "contract RegistryUtils{...}" in in file packages/contracts/src/framework/utils/RegistryUtils.sol

Lines of code Vulnerability details Impact packages/contracts/src/framework/utils/RegistryUtils.sol file is missing "contract", here there is one function function isSubdomainValid and it will not compile. isSubdomainValid is called in several places,...

Upgraded Q -> 2 from #11 [1678055765655]

Judge has assessed an item in Issue 11 as 2 risk. The relevant finding follows: Low-01 SwingTraderManager.totalProfit may be updated incorrectly Impact In SwingTraderManager.sellMalt, when amountSold + dustThreshold = maxAmount, the function will return directly and will not update totalProfit,...

Upgraded Q -> 2 from #633 [1677880427560]

Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...

changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)

Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...

SwingTraderManager.swingTraders() shoudn't contain duplicate traderContracts.

Lines of code Vulnerability details Impact If SwingTraderManager.swingTraders contains duplicate traderContracts, several functions like buyMalt and sellMalt wouldn't work as expected as they work according to traders' balances. Proof of Concept During the swing trader addition, there is no...

Artificial Inflation of Interest-Bearing Balances

Lines of code Vulnerability details Impact It is possible to artificially inflate one's balance, compromising the integrity of the KIB token entirely. The vulnerability arises from how the balances are updated and utilize "stale" values that were loaded into memory. As such, a self-transfer would...

Unsafe typecasting

Lines of code Vulnerability details Impact In the RToken.issueTo function unsafe typecasting of uint256 to int256 is performed while invoking the Throttle.useAvailable function. function issueToaddress recipient, uint256 amount public notPausedOrFrozen exchangeRateIsValidAfter requireamount 0,...

Early staker can disable staking by issuing and sending a bit to Furance

Lines of code Vulnerability details This one is caused by mitigation to issue M-05 Impact Early issuer can issue less than one wad e.g. 9e17 wei and send it to the Furnace contract, then whenever anyone is trying to issue more RTokens melt would be called, since there’s less than 1 wad in total...

Slashed amount may not be cover the staker reward payout

Lines of code Vulnerability details Impact Slashed amount may not be cover the staker reward payout Proof of Concept In the current fix, If the staked balance cannot cover the slashed amount, seize the staked balance. Staking staking = StakinggetContractAddress"Staking"; if staking.getGGPStakeown...

StRSR: attacker can steal excess rsr that is returned after seizure

Lines of code Vulnerability details Note: This issue deals with excess rsr that was seized from stRSR but is returned again. The M-12 issue also deals with excess rsr. However M-12 deals with the fact that not all rsr is returned to stRSR, whereas this issue deals with the fact that an attacker c...

Upgraded Q -> 2 from #157 [1676219053268]

Judge has assessed an item in Issue 157 as 2 risk. The relevant finding follows: L-08 No Storage Gap for BaseSmartAccount and ModuleManager --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #619 [1675724566035]

Judge has assessed an item in Issue 619 as 3 risk. The relevant finding follows: The function withdrawRemainingTokens can be changed in a safer way to handle the withdraw from the owner and the protocol fee as well. This prevent risks allocated with the protocol fees. By the docs this function is...

Upgraded Q -> 3 from #664 [1675726122175]

Judge has assessed an item in Issue 664 as 3 risk. The relevant finding follows: L-2 ERC1155 Quest: withdrawRemainingTokens should factor in total number of receipts minted before withdrawal Issue: There may be users with unredeemed receipts who will not be able to claim if all the remaining toke...

setDrips may distribute the drip too fast if the time hints are not good enough

Lines of code Vulnerability details Impact The setDrips function is used to configure a drip. It can either be withdrawing it, adding a new one, or even managing an existing one by updating the configuration. Internally, it account for the drips that are yet to be distributed to refund them to th...

Other users cannot help a CIDNFT holder add subprotocols to the NFT

Lines of code Vulnerability details Impact Other users cannot approve and help CIDNFT holders add subprotocols to the NFT, breaking protocol specifications. Proof of Concept In the video walkthrough, around the 8 minute mark, it is mentioned that users can help NFT holders add subprotocols to the...

AddressRegistry might have non-actual record

Lines of code Vulnerability details Impact AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers. Proof of Concept To register favorite NFT user calls register function from AddressRegistry. Then he sold this NFT to...

[M-01] emitUserMetadata function may fail due to exceed gas limit

Lines of code Vulnerability details Impact The function emitUserMetadata in DripsHub may fail due to unbounded loop over userMetadata can be very large due to the user input. However, function could be called only from drivers, it's still public and large array could be passed. And the loop in...

Unsafe casting of an int128 to uint128 can cause wrong accounting in _receiveDripsResult

Lines of code Vulnerability details Impact Unsafe casting of int128 to uint128 is dangerous and makes user receive more assets than they should. Proof of Concept state.amtDeltascycle can be a negative value. The delta value at each point is simply the relative change from the previous cycle. If...

Reentrancy in callBatched

Lines of code Vulnerability details Proof of Concept The Caller contract implements callBatched function in order to execute a batch of calls within one call. The function has payable declaration to be able to send ETH inside the call. The NATSPEC is also provided in parallel; /// @notice Execute...

_transferFromCaller is not compatible with USDT and similar tokens

Lines of code Vulnerability details transferFromCaller is not compatible with USDT and similar tokens Summary Setting directly typeuint256.max won't work for USDTTether. This is done at both transferFromCaller: NFTDriver.solL289 AddressDriver.solL174 Description Some tokens like USDT do not work...

Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.

Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...

ERC721 safeTransferFrom is not enough to safeguard a subprotocol NFT

Lines of code Vulnerability details Proof of Concept There is a safeguard mechanism to ensure that no transfers of the subprotocol NFT happen after said NFT is tied to the CID NFT. Without it, someone could transfer or even burn the subprotocol NFT while it is still associated. // The CID Protoco...

Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds

Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...

No-check liquidity is != 0

Lines of code Vulnerability details Impact Proof of Concept Tools Used manual Recommended Mitigation Steps --- The text was updated successfully, but these errors were encountered: All reactions...

withdrawFee should only be allowed to called once.

Lines of code Vulnerability details Impact In the current implementation, the function withdrawFee can be called multiple times. It should only be allowed to called once. Calling more than once would let owner steal from legit users as there won’t be enough funds left for legit users to claim...

The onlyMinter modifier checks the wrong condition.

Lines of code Vulnerability details Impact In RabbitHoleReceipt.sol and RabbitHoleTicket.sol, receipts and tickets can be minted by anyone. Proof of Concept The first line inside the modifier can be passed without reverting for any callers. modifier onlyMinter msg.sender == minterAddress; ; Tools...

QuestFactory is suspicious of the reorg attack

Lines of code Vulnerability details Description The createQuest function deploys a quest contract using the create, where the address derivation depends only on the QuestFactory nonce. At the same time, some of the chains Polygon, Optimism, Arbitrum to which the QuestFactory will be deployed are...

ONLYMINTER MODIFIER WILL NOT REVERT WHEN MSG.SENDER IS NOT MINTERADDRESS

Lines of code Vulnerability details Impact onlyMinter in RabbitHoleReceipt.sol and RabbitHoleTickets.sol is noted to be housing only msg.sender == minterAddress in its code logic. RabbitHoleReceipt.solL58-L61 RabbitHoleTickets.solL47-L50 modifier onlyMinter msg.sender == minterAddress; ; It will...

Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

Lack of flexibility in updating cycle length leading to potential contract redeployment.

Lines of code Vulnerability details Impact function cycleOfuint32 timestamp private view returns uint32 cycle unchecked return timestamp / cycleSecs + 1; and function currCycleStart private view returns uint32 timestamp uint32 currTimestamp = currTimestamp; // slither-disable-next-line weak-prng...

Mitigation of M-04: See comments

Lines of code Vulnerability details The PR does NOT fix the issue described in the finding, and instead addresses issue 45. The change breaks out of the loop, which solves the case where the price is the same as the lowest bid, but doesn't address the case where the price is higher than the lowes...

Incorrect calculation

Lines of code Vulnerability details Impact On line 119, the result of the conversion is always going to be zero. Therefore, functions that apply onlyDriver modifier will never be executed. Proof of Concept Please deploy the code below to test the modifier's broken implementation. //...

Attacker can delay proposal rejection

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings24 was not mitigated and still applies like it is described there. --- The text was updated successfully, but these errors were encountered: All reactions...

Incorrect _removeTokenEnumeration implementation of ERC1155Enumerable

Lines of code Vulnerability details Impact removeTokenFromAllTokensEnumeration can never be called, because of wrong order of if statement and idTotalSupplyid -= amount;. This leads to totalSupply do not correctly minus 1 when all token amounts for a specific tokenId get burned. Proof of Concept...