Gauge Functionalities Still Accessible After Being "Killed"

Lines of code Vulnerability details Proof-of-Concept The Voter contract contains a killGauge function that allow the emergency council to kill a gauge. The killGauge function will set the isAlive mapping to false. Thus, calling Voter's functions e.g. Voter.updateGauge, Voter.distributegauge again...

rewardsVestingWallet is never initialized

Lines of code Vulnerability details Impact rewardsVestingWallet in BathToken is never initialized thus release will never happen: /// @notice Address of the OZ Vesting Wallet which acts as means to vest bonusToken incentives to pool HODLers IBathBuddy public rewardsVestingWallet; When calling...

QA Report

Impact RubiconRouter.swapEntireBalance is supposed to buy at least buyamtmin of Y output tokens by using the caller's entire X input token balance. The problem is that instead of passing the buyamtmin minus the fee to swap, the code uses the caller's X token balance, maxAmount. This means the cal...

User rewards stop accruing after any _writeCheckpoint calling action

Lines of code Vulnerability details Any user balance affecting action, i.e. deposit, withdraw/withdrawToken or getReward, calls writeCheckpoint to update the balance records used for the earned reward estimation. The issue is that writeCheckpoint always sets false to voted flag for the each new...

massUpdatePools() is susceptible to DoS with block gas limit

Lines of code Vulnerability details Impact massUpdatePools is a public function and it calls the updatePool function for the length of poolInfo. Hence, it is an unbounded loop, depending on the length of poolInfo. If poolInfo.length is big enough, block gas limit may be hit. Proof of Concept Tool...

Rounding-error can be redeemed for free

Originally part of a QA report by gzeon 59 Rounding-error can be redeemed for free If the redeemAmount is 0 but less than the value of 1 share, 0 share will be burned while the user can withdraw non-zero amount. uint256 shares = tokenToSharesredeemAmount; --- The text was updated successfully, bu...

AuraLocker.sol lock() can be used to dos user

Lines of code Vulnerability details Impact User funds permanently stuck in AuraLocker Proof of Concept The lock function allows anyone to deposit and lock tokens for another address. If the most recent lock is not expired, it pushes a new lock to the array of locks for that user in the following...

Exchange Rate Race Condition

Lines of code Vulnerability details GAX-01M: Exchange Rate Race Condition | File | Lines | Type ---|---|--- gALCX.sol | L69-L81 | Improper State Assumption Description The gALCX contains a race condition whereby whenever the contract has no stakes such as when the contract is first deployed the...

YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying

Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...

YieldManager: Uniswap token swaps through fixed path may break yield distribution

Lines of code Vulnerability details Details & Impact All harvested yield tokens are swapped through the Uniswap adapter to USDC. While out of scope, the Uniswap adapter code is relevant here, as I note that the path taken for the swap would be assetFrom - WETH - assetTo unless assetFrom is alread...

Slippage check is too strict when withdrawing ETH collateral from LidoVault

Lines of code Vulnerability details Impact When withdrawing ETH collateral from LidoVault with withdrawCollateral, stETH is exchanged to ETH via Curve while using a slippage value of 2% 200, L136. The resulting exchanged amount receivedETHAmount is then validated to be larger than the requested...

Malicious ERC20 or ERC777 could be used as collateral

Lines of code Cally.solL296 Vulnerability details Impact A malicious ERC20 or ERC777 could be used as collateral and rug the exerciser on exercise through a malicious implementation of ERC20vault.token.safeTransfer. Proof of Concept Any ERC20/ERC777 token is accepted as there is no whitelist. Thi...

Fees in TokenManager.sol:function changeFee() should be upper-bounded

193 comment Warden: Dravee --- The text was updated successfully, but these errors were encountered: All reactions...

updateValset() Insufficient validation of new validator set may brick the contract

Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...

No cumulative power check when updating valset

Lines of code Vulnerability details Impact When batches are submitted by validators in the current valset, they are checked for validity based on signatures and cumulative powers. Each validator in the valset has an associated power which can give certain validators more voting power than others...

if user send uninitialized poolId to function deposit() of PermissionlessBasicPoolFactory, then attacker can cause user fund to be locked forever, and only unlock it if user pays ransom

Lines of code Vulnerability details Impact Function deposit of PermissionlessBasicPoolFactory supposed to revert if user send uninitialized poolId by mistake, but if user does this, attacker can perform front-running attack and create multiple pools with his smart contract and be owner of that...

SpeedBumpPriceGate.sol and FixedPricePassThruGate.sol should check whether gate.beneficiary is address(0)

Lines of code Vulnerability details Impact In SpeedBumpPriceGate\addGate and FixedPricePassThruGate\addGate, it doesn’t check whether gate.beneficiary is address0. Therefore, when doing passThruGate. ETH will be sent to address0. These ETH can never be taken back. Proof of Concept beneficiary can...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details Impact Wrong bookkeeping, albeit limited to the concerned tree with a FoT Token Wrong amount emitted Proof of Concept contracts/MerkleDropFactory.sol: 77: requireIERC20merkleTree.tokenAddress.transferFrommsg.sender, addressthis, value, "ERC20 transfer failed";...

Multiple vestings for the same user will fail

Lines of code Vulnerability details Impact Loss of funds from multiple vestings for a single user Proof of Concept In MerkleVesting and MerkleResistor vestings are distributed using merkle trees. Creators of the vesting submit the Merkle root of the tree and deposit the funds to be distributed. A...

Tokens having more than 18 decimals are not supported

Originally submitted by warden pauliax in 173, duplicate of 49. Tokens having more than 18 decimals are not supported, the calculation will revert here: function decimalMultiplieraddress token internal view returns uint256 return 1018 - IERC20Fulltoken.decimals; --- The text was updated...

transfer is used for transfering ether

Originally submitted by warden pauliax in 173, duplicate of 52. .transfer is used for transfering ether, e.g.: payableto.transferamount; payablemsg.sender.transferamount; It is currently not recommended as recipients with custom fallback functions smart contracts will not be able to handle that...

FixedPricePassThruGate locks excess ETH payments

Lines of code Vulnerability details The FixedPricePassThruGate accepts ETH amounts greater than or equal to the calculated price, but only forwards an amount exactly equal to the calculated price to the configured beneficiary address. Excess ETH sent through the gate will be permanently locked in...

Missing freshness validation in ETH price oracle

Originally submitted by warden horsefacts in 199, duplicate of 17. Missing freshness validation in ETH price oracle The ChainlinkUsdWrapperethPrice function does not check for a nonzero answer or validate that the price was returned in a recent round: ChainlinkUsdWrapperethPrice function ethPrice...

CNft.sol - revert inside safeTransferFrom will break composability & standard behaviour

Lines of code Vulnerability details The function safeTransferFrom is a standard interface in ERC1155, and its expected to succeed if all the parametes are valid, and revert on error, which is not the case here so its a deviation. Refer to the EIP-1155 safeTransferFrom rules: MUST revert if to is...

amount requires to be updated to contract balance increase (12)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Chainlink latestAnswer has been deprecated

Lines of code PriceOracleImplementation.solL29-L31 Vulnerability details Impact latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns zero. There is no check for stale price and round completeness. Price can be stale and lead to wrong return...

Fund loss or theft by attacker with creating a flash loan and setting SuperVault as receiver so executeOperation() will be get called by lendingPool but with attackers specified params

Lines of code Vulnerability details Impact According to Aave documentation, when requesting flash-loan, it's possible to specify a receiver, so function executeOperation of that receiver will be called by lendingPool. In the SuperVault there is no check to prevent this attack so attacker can use...

ABDKMath64 performs multiplication on results of division

Lines of code Vulnerability details Impact Solidity could truncate the results, performing multiplication before division will prevent rounding/truncation in solidity math. Recommended Mitigation Steps Consider ordering multiplication first. --- The text was updated successfully, but these errors...

Calculation without check may result in tiny loss of user funds

Lines of code Vulnerability details Impact Calculation without the bigger than zero check may result in loss of user funds, albeit in tiny amounts as of now. Proof of Concept In this line of redeemToken shares to burn is calculated through tokenToShares method . As there is no check that checks i...

Loss Of Collateral Via Illegitimate Liquidation

Lines of code Vulnerability details Issue: updateLoanParams allows the lender to change the terms of an in-progress loan to lower ltvBPS. removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. A low or 0 ltvBPS...

[WP-M1] supplyTokenTo() may fail when Aave Pool address changed

Lines of code Vulnerability details function supplyTokenTouint256 depositAmount, address to external override nonReentrant uint256 shares = tokenToSharesdepositAmount; requireshares 0, "AaveV3YS/shares-gt-zero"; address underlyingAssetAddress = tokenAddress;...

Lender can immediately liquidate valued Collateral in NFTPairWithOracle contract

Lines of code Vulnerability details Impact A lender can liquidate a borrower's collateral immediately by calling updateLoanParams in the NFTPairWithOracle contract where the ltvBPS for the params struct is set to 0. This bypasses the checks to make sure that the terms are favourable to the...

Early Depositor can DOS Deposits

Lines of code Vulnerability details Impact A malicious, but generous, early depositor can DOS all future deposits. This is accomplished by directly sending aTokens to the AaveV3YieldSource.sol contract after making their first deposit. The amount of aTokens sent to the contract will manipulate th...

_amount requires to be updated to contract balance increase (3)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Swapper3Crv.sol use the wrong address for sushiswap

Lines of code Vulnerability details Impact This seems to be out of scope, but still worth mentioning. This line should be address sushiSwap = SUSHISWAP; --- The text was updated successfully, but these errors were encountered: All reactions...

Orderers Can Unauthorized Transfer User's Share In Single Step

Lines of code Vulnerability details Impact The transferFrom function of vToken.sol can be done without any user permissions or strict security checks, requires only the caller must has ORDERERROLE as the access control, exposing it to the centralize risk if an orderer is compromised or act...

User funds stuck - buy works even after sale ends

Lines of code Vulnerability details Impact Buy function is not checking finalized value. Under specific scenario, Buy function will work even when sale has ended and finalize function has been called. If user buys any token at this moment then he wont be able to claim and will lose funds Proof of...

_mintSharesFor doesn’t check whether the pool is zero.

Lines of code Vulnerability details Impact In StakedCitadel.sol/mintSharesFor, it doesn’t check whether the pool is equal to zero. If pool == 0 and totalSupply != 0, mintSharesFor will revert. And In depositFor, it uses balance as pool. In consequence, when the CTDL balance of StakedCitadel is ze...

Governor Infinitely Extend To Vesting Period

Lines of code Vulnerability details Impact During the review of StakedCitadelVester contract, It has been noticed governor role can extend vesting period indefinitely. There is no upper bound defined in the vesting period. Although, It is dependent on the governor, If governor private key is...

Funding contract fails without discount

Lines of code Vulnerability details Impact The deposit function of Funding.sol calls getAmountOut to determine the amount of citadel the user receives in exchange for an asset. The getAmountOut function contains a bug that results in the return being 0 if funding.discount is set to 0. In the...

StakedCitadel should implement EIP-4626

Lines of code Vulnerability details StakedCitadel should implement EIP-4626 StakedCitadel could be seen as an investment vault and therefore team should consider implementing the recent EIP-4626 standard, as it could enable a lot of potential integrations and would avoid having to deploy wrappers...

LPFarming, yVault and yVaultLPFarming contract white listing can be surpassed

Lines of code Vulnerability details Impact LPFarming, yVault and yVaultLPFarming contracts' white list checks are performed with isContract and can be surpassed. isContract can only be used for positive confirmations, i.e. filtering out EOAs. Setting high severity as it is a direct access control...

Use of deprecated Chainlink oracle aggregator function latestAnswer

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. The function is not present in the latest API reference AggregatorInterfaceV3. Proof of Concept...

yVaultLPFarming: No guarantee JPEG currentBalance > previousBalance

Lines of code Vulnerability details Details & Impact yVault users participating in the farm have to trust that: vault.balanceOfJPEG returns the correct claimable JPEG amount by its strategy / strategies the strategy / strategies will send all claimable JPEG to the farm Should either of these...

Lender can stop others from offering higher rates.

Lines of code NFTLoandFacilitator.lend; L205 Vulnerability details Impact A lender using an upgradeable smart contract could stop other lenders from buying him out, essentially causing a DoS. Proof of Concept Lender uses an upgradeable smart contract that front runs competing lenders and upgrades...

Malicious owner can steal some funds from borrower

Lines of code Vulnerability details Impact Owner can make changes to the protocol with immediate effect. Malicious owner can watch for big lend in the mempool and front run it by maxing out originationFeeRate to 5%. The users, both lender and borrower, will still think that originationFeeRate is...

Borrower can be their own lender and steal funds from buyout due to reentrancy

Lines of code Vulnerability details Impact If borrower lends their own loan, they can repay and close the loan before ownership of the lend ticket is transferred to the new lender. The borrower will keep the NFT + loan amount + accrued interest. Proof of Concept This exploit requires that the...

Emergency mode enable/disable issue

Lines of code Vulnerability details Impact Enabling emergency mode should be one way process that sets contracts in emergency mode. It should be not possible to revert that process, otherwise it puts owner of the contracts in very privileged position. Owner can trigger emergency mode, perform...

Use .call instead of .transfer for increased security

Lines of code Vulnerability details Impact The issue highlighted here will reduce gas costs and avoid hacks Proof of Concept The .transfer function at the following places can be replaced with .call as the former has a hard dependency on gas costs as it forwards a fixed amount of gas: 2300. For...

A large platformFee (>10000), would cause underflow during sendToSplitter (at RoyaltyVault.sol)

Lines of code Vulnerability details Impact at RoyaltyVault.sol Presently platformFee, does not have a upper limit and can be set to any value through setPlatformFee function. If the value is set beyond 10,000 it would cause an underflow during split share calculation at sendToSplitter function...