[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

Handle WatchPug Vulnerability details For the first minter of an Exchange pool, the ratio of X/Y and the totalSupply of the LP token can be manipulated. A sophisticated attacker can mint and burn all of the LP tokens but 1 Wei, and then artificially create a situation of rebasing up by transferri...

setSherlockCoreAddress can be frontruned.

Handle wuwe1 Vulnerability details Proof of Concept SherDistributionManager.sol and AaveV2Strategy.sol are affected by this. For sdm, attacker can monitor mempool and frontrun the setSherlockCoreAddress . By setting the sherlockCore as a address controlled by attacker. Attacker can call pullRewar...

Incorrect erc20 interface

Handle 0v3rf10w Vulnerability details Impact Incorrect erc20 implementation can lead to failure when interacting with contarcts Proof of Concept IBridgeMinterToken contracts/token/BridgeMinter.sol5-13 has incorrect ERC20 function interface:IBridgeMinterToken.transferaddress,uint256...

l1CirculatingSupply may not give correct value after a mass withdrawal from L2

Handle hubble Vulnerability details Impact In the event of a mass withdrawal from L2, the l2SupplyFromL1 is set to 0 in the function decreaseL2SupplyFromL1. Now if LPT is moved again from L1 to L2, some of them may be the excess LPT withdrawn from above case. So the value of l1CirculatingSupply...

[WP-M35] PoolTemplate#applyCover Unbounded for loops allows an attacker to malfunction applyCover(), making it impossible to change the marketStatus of the Pool to Payingout status

Handle WatchPug Vulnerability details function applyCover uint256 pending, uint256 payoutNumerator, uint256 payoutDenominator, uint256 incidentTimestamp, bytes32 merkleRoot, string calldata rawdata, string calldata memo external override onlyOwner requirepaused == false, "ERROR: UNABLETOAPPLY";...

Missing Re-entrancy Guard

Handle defsec Vulnerability details Impact The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability. Proof of Concept 1. Navigate to the following contract. function finishDepositStableuint256 idx external...

repayDebt in Vault.sol could DOS functionality for markets

Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...

TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value

Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...

When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.

Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...

TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity

Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...

Missing burn function in _unlock function

Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...

23

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

totalLiquidityWeight Is Updated When Adding New Token Pairs Which Skews Price Data For getVaderPrice and getUSDVPrice

Handle leastwood Vulnerability details Impact The addVaderPair function is called by the onlyOwner role. The relevant data in the twapData mapping is set by querying the respective liquidity pool and Chainlink oracle. totalLiquidityWeight for the VADER path is also incremented by the...

Reentrancy in contracts/BorrowerOperations.sol

Handle heiho1 Vulnerability details Impact There are several potential re-entrant functions in contracts/BorrowerOperations.sol: = Function addColl on line 346 is potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes adjustTrove which potentially...

mintSynth can be frontrun to steal money

Handle danb Vulnerability details nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; mintSynth has a from parameter, this is where they take the money for the transaction. If an address has allowance for the contract, anyone can use it and take it using mintSynth. Impact If a user sets...

VaderPoolV2 owner can steal all user assets which are approved VaderPoolV2

Handle TomFrenchBlockchain Vulnerability details Impact Possible theft of all user assets with an ERC20 approval on VaderPoolV2 Proof of Concept The owner of VaderPoolV2 can call the setTokenSupport function which allows the caller to supply any address from which to take the assets to provide th...

A vault can be locked from MarketplaceZap and StakingZap

Handle p4st13r4 Vulnerability details Impact Any user that owns a vToken of a particular vault can lock the functionalities of NFTXMarketplaceZap.sol and NFTXStakingZap.sol for everyone. Every operation performed by the marketplace, that deals with vToken minting, performs this check:...

Oracle can be manipulted to consider only a single pair for pricing

Handle TomFrenchBlockchain Vulnerability details Impact Loss of resilience of oracle to a faulty pricing for a single pair. Proof of Concept In the oracle we calculate the TVL of each pool by pulling the reserves and multiplying both assets by the result of a supposedly manipulation resistant...

Return variable can remain unassigned in _sendForReceiver

Handle sirhashalot Vulnerability details Impact The sendForReceiver function only sets a return function in the "if" code block, not the "else" case. If the "else" case is true, no value is returned. The result of this oversight is that the sendForReceiver function called from the distribute...

Zap contracts vulnerable to DoS

Handle shenwilly Vulnerability details Impact If the zap contract has a non-zero balance of vault token then users won't be able to mint that particular vault. This is because the minting functions only check if the minted token is equal to the current balance inside the contract, which will alwa...

buyAndSwap1155WETH() function may cause loss of user assets

Handle cccz Vulnerability details Impact In the NFTXMarketplaceZap.sol contract, the buyAndSwap1155WETH function uses the WETH provided by the user to exchange VaultToken, but when executing the buyVaultToken method, msg.value is used instead of maxWethIn. Since msg.value is 0, the call will fail...

PriceOracle Does Not Filter Price Feed Outliers

Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...

Attacker can empty all the funds by creating fake promotions

Handle WatchPug Vulnerability details The current implementation of calculateRewardAmount allows a arbitrary epochId, which can even be a epochId numberOfEpochs. A malicious user can call claimRewards with epochIds larger than numberOfEpochs and claim other users' rewards. Furthermore, since...

Possibility to drain TwabRewards smart contract tokens (even with valid ticket)

Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing uint256 overflow in updateClaimedEpoch Proof of Concept The vulnerability arises because of uint256 overflow in updateClaimedEpoch return userClaimedEpochs | uint2561 The attacker needs to have in...

claimRewards Does Not Prevent Users From Claiming Rewards After A Promotion's End Epoch

Handle leastwood Vulnerability details Impact claimRewards allows a user to collect their TWAB calculated rewards for a provided set of epochIds. The contract utilises a claimedEpochs mapping which tracks claimed rewards per user. Each claimed epoch is represented by a single bit within a uint256...

cancelPromotion() Unable to cancel unstarted promotions

Handle WatchPug Vulnerability details For unstarted promotions, cancelPromotion will revert at block.timestamp - promotion.startTimestamp in getCurrentEpochId. Call stack: cancelPromotion - getRemainingRewards - getCurrentEpochId. function getRemainingRewardsPromotion memory promotion internal vi...

Can claim epoch > 255 repeatedly due to bitshift truncation

Handle gzeon Vulnerability details Can claim epoch 255 repeatedly due to bitshift truncation Impact TwabRewards contract store user claimed reward in a claimedEpochs bitmap. function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return userClaimedEpochs epoch...

Non compatile with all tokens

Handle 0x1f8b Vulnerability details Impact It could not work with all tokens. Proof of Concept The method fromTokenAmount inside the contract Token18 can't work with tokens with 0 decimals, the result of UFixed18Lib.ratio will throw and error because it will divide by zero. It's mandatory to chec...

User deposits don't have min. return checks

Handle cmichel Vulnerability details The LPIssuer.deposit first computes balanced amounts on the user's defined tokenAmounts. The idea is that LP tokens give the same percentage share of each vault tokens' tvl, therefore the provided amounts should be balanced, meaning, the depositAmount / tvl...

Possible price manipulation while adding liquidity to uniV3

Handle 0x421f Vulnerability details Right now if we see the code there are no checks before liq being added to check if pool is manipulated. Hence there rises possibility of sandwich attack vector here, more so with concentrated liq imo Could be done with flash loan or with own tokens Attack woul...

Reward token not correctly recovered

Handle cmichel Vulnerability details The Streaming contract allows recovering the reward token by calling recoverTokensrewardToken, recipient. However, the excess amount is computed incorrectly as ERC20token.balanceOfaddressthis - rewardTokenAmount + rewardTokenFeeAmount: function...

Public variable unstreamed can be smaller than ∑ts.tokens due to unstreamed not being updated in withdraw()

Handle WatchPug Vulnerability details unstreamed is a public variable, and it's been actively managed in stake, updateStreamInternal. However, since users can also withdraw unstreamed depositToken, the global variable unstreamed should be updated in withdraw as well. For example: 1. Alice deposit...

MiningService.setBonding should use BONDING role instead of REINVESTOR one

Handle hyh Vulnerability details Impact BONDINGROLE cannot be managed after it was initialized. Proof of Concept setBonding set the wrong role via swapRole: Recommended Mitigation Steps Set BONDINGROLE instead of REINVESTORROLE in setBonding function: Now: function setBondingaddress bonding publi...

stabilize() is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details When the price of Malt is off the lowerThreshold and upperThreshold, StabilizerNode.sol will market buy/sell Malt. However, since the market sell can be triggered by anyone, and there is no slippage control, it makes it vulnerable to flashloan sandwich attack...

keyPrice is global and change on keyPrice can damage lockManager or keyOwner

Handle 0x0x0x Vulnerability details Impact A lock manager changes keyPrice. If the price is increased, then possible refunds are also increased and it can result in theft of funds. If the price is reduced, by doing so lock manager can reduce the refund payments and scam the users. Tools Used Manu...

Improper Upper Bound Definition on the Fee

Handle defsec Vulnerability details Impact In the adjustGlobalParams function on line 1603of "", adjustGlobalParams function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. Proof of Concept The setFee function that begins o...

Using/Importing ERC1155Supply.sol from openzeppelin version 4.3.2

Handle hubble Vulnerability details Using/importing openZeppelin version 4.3.2 file ERC1155Supply.sol which has a security advisory. Reference : GHSA-wmpv-c2jp-j2xg Proof of Concept File : collateral/OverlayV1OVLCollateral.sol line 7: import...

Cached version of ovl may be outdated

Handle pauliax Vulnerability details Impact contract OverlayV1OVLCollateral and OverlayV1Governance cache ovl address: IOverlayTokenNew immutable public ovl; This variable is initialized in the constructor and fetched from the mothership contract: mothership = IOverlayV1Mothershipmothership; ovl ...

ERC20.transfer return value is ignored

Handle pants Vulnerability details ERC20 transfer and transferFrom return values are ignored. There is no whitelist, therefore users can use ERC20 tokens that transfer/transferFrom returns False instead of revert. for example: YaxisVoteProxy.sol line 55 MetaVault.sol line 579 MockPickleJar.sol li...

ERC1155Supply vulnerability in OpenZeppelin Contracts

Handle defsec Vulnerability details Impact When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total...

NestedFactory.sol#_submitInOrders() Wrong implementation cause users to be overcharged

Handle WatchPug Vulnerability details When executing orders, the actual amountSpent + feesAmount can be lower than inputTokenAmount, the unspent amount should be returned to the user. However, in the current implementation, the unspent amount will be taken as part of the fee. function...

NFT flashloans can bypass sale constraints

Handle pauliax Vulnerability details Impact Public sale has a constraint that for the first 4 weeks only NFT holders can access the sale: if currentEra firstPublicEra requirenft.balanceOfmsg.sender 0, "You need NFT to participate in the sale."; However, this check can be easily bypassed with the...

Double Spend in AirDropDistribution.sol

Handle elprofesor Vulnerability details HIGH Impact Due to improper validation of input, approved airdrop users are able to double spend airdrop allocated tokens. This is due to insufficient validation in validate and claimExact which allows the user to reset the amount of tokens they have claime...

FSDVesting: Claiming tributes should call FSD token's corresponding functions

Handle hickuphh3 Vulnerability details Impact The claiming of staking and governance tributes for the a beneficiary's vested tokens should be no different than other users / EOAs. However, the claimTribute and claimGovernanceTribute are missing the actual claiming calls to the corresponding...

Vestings' revoke status can be set by anyone

Handle cmichel Vulnerability details The idea of revoking vesting supposedly exists for the admins to call Vesting.revoke and claim back a user's vesting. However, if the user wants to protect their vesting from being revoked by the admin, they can create a new vest with isRevocable = false and a...

Contract BasicSale is missing an approve(address(vestLock), 2**256-1) call

Handle Reigada Vulnerability details Impact As we can see in the contracts AirdropDistribution and InvestorDistribution, they both have the following approve call: mainToken.approveaddressvestLock, 2256-1; This is necessary because both contracts transfer tokens to the vesting contract by calling...

Contract Selfdestruct via delegatecall

Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...

WrappedIbbtcEth.sol Sanity check of pricePerShare should be enforced

Handle WatchPug Vulnerability details /// @dev Update live ibBTC price per share from core /// @dev We cache this to reduce gas costs of mint / burn / transfer operations. /// @dev Update function is permissionless, and must be updated at least once every X time as a sanity check to ensure value ...

Leftover balance in the Executioner contract can be drained

Handle gzeon Vulnerability details Impact Leftover balance in the Executioner contract can be drained by swapping the target assetnative/erc20 into another asset. Slingshot.executeTrades allow user to execute trade using modules as long as the module is registered in the ModuleRegistry. The...