WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

Handle hyh Vulnerability details Impact Malicious user can monitor SetPricePerShare event and, if it was run long enough time ago and market moved, but, since there were no SetPricePerShare fired, the contract's pricePerShare is outdated, so a user can mint with pricePerShare that is current for...

anyone can create a vault by directly calling the factory

Handle jonah1005 Vulnerability details Impact MochiVaultFactory.solL26-L37 There's no permission control in the vaultFactory. Anyone can create a vault. The transaction would be reverted when the government tries to deploy such an asset. As the protocol checks whether the vault is a valid vault b...

Chainlink Adapter Missing Validation Of latestRoundData() Outputs

Handle leastwood Vulnerability details Impact ChainlinkAdapter.getPrice queries a Chainlink oracle to retrieve the latest price for a given asset. However, this external call does not validate the data retrieved is fresh. Proof of Concept Tools Used Manual code review Recommended Mitigation Steps...

Debt accrual is path-dependant and inaccurate

Handle cmichel Vulnerability details The total debt in MochiVault.accrueDebt increases by the current debt times the debt index growth. This is correct but the total debt is then reduced again by the calling user's discounted debt, meaning, the total debt depends on which specific user performs t...

Epoch may rounded to zero in deposit depositRewardTokens and takeOutRewardTokens

Handle jonah1005 Vulnerability details division bias in deposit depositRewardTokens and takeOutRewardTokens Impact When the owner deposits reward into the contract, the remainder would not be counted. These dust tokens would be left in the contract. There's a similar issue in takeOutRewardTokens...

Incorrect updateGlobalExchangeRate implementation

Handle xYrYuYx Vulnerability details Impact UpdateGlobalExchangeRate has incorrect implementation when totalGlobalShares is zero. If any user didn't start stake, totalGlobalShares is 0, and every stake it will increase. but there is possibility that totalGlobalShares can be 0 amount later by...

Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch. This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch. For example, when allocatedTokensPerEpoch is 1 CQT,...

allocatedTokensPerEpoch cannot be changed under special scenario

Handle csanuragjain Vulnerability details Impact allocatedTokensPerEpoch will fail to change and higher rewards would be given. Proof of Concept 1. Navigate to 2. Check the setAllocatedTokensPerEpoch function function setAllocatedTokensPerEpochuint128 amount public onlyOwner requireamount 0,...

QuickAccManager Smart Contract signature verification can be exploited

Handle cmichel Vulnerability details Several different signature modes can be used and Identity.execute forwards the signature parameter to the SignatureValidator library. The returned signer is then used for the privileges check: address signer = SignatureValidator.recoverAddrImplhash, signature...

lack of access modifier in mintReturn()

Handle JMukesh Vulnerability details Impact Due to lack of access modifier in mintReturn , any malicious actor can set its value to false due which function which will call mintaddress f, uint256 a will always fail which include: custodialInitiate mintZcTokenAddingNotional Proof of Concept Tools...

Wrong indexes: positionId vs incentiveId

Handle 0xsanson Vulnerability details Impact In multiple functions in ConcentratedLiquidityPoolManager, the index positionId is used instead of the correct incentiveId when dealing with the incentives mapping. Of course the issue is that incentives cannot be used, or in some cases only by lucky...

DDOS by cancelling orders or removing approvals

Handle cmichel Vulnerability details The market assumes that the maker of an order approved the swivel contract as there are many calls that move funds from the maker to the contract, see Swivel.initiateVaultFillingZcTokenInitiate/initiateZcTokenFillingVaultInitiate: uToken.transferFromo.maker,...

Incentive should check that it hasn't started yet

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager.addIncentive function can add an incentive that already has a non-zero incentive.secondsClaimed. Impact Rewards will be wrong. Recommended Mitigation Steps Add a check: requireincentive.secondsClaimed == 0, "!secondsClaimed...

Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect

Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...

Incorrect timing

Handle goatbug Vulnerability details Impact uint256 public constant TIMELOCKDURATION = 4 60 24; // 1 day This is not one day. 4 60 24 != 86400 where 86400 is seconds in a day. Proof of Concept Incorrect timelocks in both the basket and factory can allow parameters to be modified quicker than...

Bond div set to zero

Handle goatbug Vulnerability details Impact bondPercentDiv can be set to zero by the owner. This would give a div by zero error in line 61 bondAmount = basketToken.totalSupply / factory.bondPercentDiv; and brick any portfolio balancing ever. Proof of Concept Provide direct links to all referenced...

_addLiquidity will lose user funds due to frontrunning.

Handle tensors Vulnerability details Impact If addLiquidity is ever called with funds at stake anything more than a few thousand dollars it becomes profitable for MEV bots and other frontrunners to frontrun the addLiquidity call by skewing the pool reserves lowering the amount of LP tokens return...

Vault treats all tokens exactly the same that creates (huge) arbitrage opportunities.

Handle jonah1005 Vulnerability details Impact The v3 vault treats all valid tokens exactly the same. Depositing 1M DAI would get the same share as depositing 1M USDT. User can withdraw their share in another token. Though there's withdrawalProtectionFee 0.1 percent, the vault is still a no slippa...

notionalCallback can be tricked by anyone

Handle pauliax Vulnerability details Impact Anyone can call function notionalCallback with arbitrary params and pass the auth check. The only auth check can be easily bypassed by setting sender param to the address of this contract. It allows to choose any parameter that I want: function...

ChainLink price data could be stale

Handle cmichel Vulnerability details Vulnerability Details There is no check in ExchangeRate.buildExchangeRate if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicat...

lack of validation for the v and s value in recover() funciton

Handle JMukesh Vulnerability details Impact due to lack of checking of v and s value in recover it become prone to signature malleability Proof of Concept check out the tryRecover of ECDSA.sol Tools Used manual reveiw Recommended Mitigation Steps add necessary check to make the signature unique -...

Arithmetic Error - manualRebalance function has multiple arithmetic bugs

Handle tabish Vulnerability details In short there are 2 errors in manualRebalance function : a ratio currentLockRatio has been compared to balance newLockRatio and at another point in the same function subtracted . 1 Expanding on the first one - checking newLockRatio Solution: Instead the if...

Lack of sufficient power check in updateValset of Gravity

Handle shw Vulnerability details Impact The updateValset function does not check whether the new valset has sufficient power to pass a vote see the constructor for more details. If the new valset does not, any function calling checkValidatorSignatures will be disabled since the transaction revert...

ERC20s that block transfer to particular addresses enable DoS/Censorship

Handle nascent Vulnerability details Tokens that prevent transfers to particular addresses most commonly address0 as is the OpenZeppelin standard enables DoS against a batch. If the attacker submits the bad transaction, the relayer wont submit the batch. The attacker never has to worry about the...

Strategy.sol: startPool() can possibly be flashloaned

Handle hickuphh3 Vulnerability details Impact Since startPool is callable by anyone, an attacker can flash loan to first imbalance the pool, get the strategy to deposit in the imbalanced ratio, then rebalance the pool to the original ratio, thus causing the strategy to suffer from impermanent los...

ERC20Rewards.sol: Use TransferHelper for rewardsToken

Handle hickuphh3 Vulnerability details Impact As it is used in other contracts, rewardsToken shouldn't be an exception. --- The text was updated successfully, but these errors were encountered: All reactions...

initializeMarket always initialize the latest market

Handle jonah1005 Vulnerability details Impact In longshore contract's initializeMarket, while it should initialize according to the parameter marketIndex, it initialize latestMarket. This would break two market, the market of marketIndex' and market of latestMarket. User's fund would get stuck at...

Synths minted to the wrong market when initializing

Handle 0xImpostor Vulnerability details Impact Synthetix tokens are not minted to the correct market index since the creation of the synth market and the initialization are 2 separate steps. Proof of Concept 1. Create 2 synth market without initializing them 2. Call initializeMarket twice 3. Synt...

Allowance cannot be reset once it is set to the maximum

Handle shw Vulnerability details Impact The approve functions of the pool LP tokens and synths do nothing if the allowances is already the maximum number, i.e., typeuint256.max. Therefore, Alice cannot change her allowance to Bob once she approved him with the maximum approval. Proof of Concept...

Router.swapSynthToAsset(uint256,address,address) has unchecked transfer

Handle heiho1 Vulnerability details Impact Router.swapSynthToAssetuint256,address,address on line 249 ignores the boolean return on transfers. This is a brittle implementation because it relies on the boolean return value being hard-coded to true. Tokens may return false and not revert in which...

Router.addDividend(address,uint256) has potentially unsafe arithmetic

Handle heiho1 Vulnerability details Impact Router.addDividendaddress,uint256 has potentially unsafe division before multiplication. This could lead to truncation. Proof of Concept Tools Used Slither Recommended Mitigation Steps Potentially this issue is mitigated by recent Solidity changes to...

DaoVault.withdraw(address,address) potentially subject to timestamp manipulation

Handle heiho1 Vulnerability details Impact DaoVault.withdrawaddress,address uses block.timestamp based comparisons can be affected by miner behavior, leading to withdrawal impacts on the user. Proof of Concept Tools Used Slither Recommended Mitigation Steps An external time oracle like ChainLink...

[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds

Handle maplesyrup Vulnerability details Impact This is a medium risk vulnerability as it can affect funds within pools that are created via this contract. With no withdraw functions being implemented, it is possible that funds can be locked in the contract with no way to retrieve earnings or...

Synth: approveAndCall sets unnecessary approval

Handle cmichel Vulnerability details Vulnerability Details The Synth.approveAndCall function approves the recipient contract with the max value instead of only the required amount. Impact For safety, the approval should not be set to the max value, especially if the amount that the contract may u...

LendingPair._safeTransfer does not work with all ERC20 tokens

Handle cmichel Vulnerability details The LendingPair.safeTransfer function will revert if tokens do not return a boolean because the interface ERC20.transfer function it uses indicates that this function always returns a boolean. Some tokens like USDT don't correctly implement the EIP20 standard...

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in UniswapV3Oracle.ethPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

Lending Pair initialize function can be front run.

Handle jonah1005 Vulnerability details Impact LendingPair does not initialize tokenMaster, controller, tokens. A hacker can listen the deployer address and front run the initialize transaction. The initialized contract would look almost exactly the same if the hacker only replace lpTokenMaster wi...

Router liquidity on receiving chain can be double-dipped by the user

Handle 0xRajeev Vulnerability details Impact During fulfill on the receiving chain, if the user has set up an external contract at txData.callTo, the catch blocks for both IFulfillHelper.addFunds and IFulfillHelper.excute perform transferAsset to the predetermined fallback address...

TransactionIDs may not be reused by user

Handle cmichel Vulnerability details Vulnerability Details The fulfill signature is only on txData.transactionId, relayerFee which allows the router to steal user funds for cross-chain transfers that go to the same router and use the same transaction ID as an earlier transfer. Example: a successf...

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

distributeStrategyGainLoss can be abused

Handle gpersoon Vulnerability details Impact The function distributeStrategyGainLoss does the following check to allow access to the function: requireindex 0 || index = NCOINS + 1, "!VaultAdaptor"; However the expression index 0 || index = NCOINS + 1 is always TRUE, because the OR || is used shou...

erc20 transfers do not check the return value

Handle pauliax Vulnerability details Impact When transfering erc20 tokens, functions transfer and transferFrom are used. These functions return boolean to indicate if the action was sucessfull, however, none of the usages check the returned value: collateralToken.transferFrommsg.sender,...

No check transferFrom() return value

Handle s1m0 Vulnerability details Impact The smart contract doesn't check the return value of token.transfer and token.transferFrom, some erc20 token might not revert in case of error but return false. In the TracerPerpetualSwaps:deposit and Insurance:deposit this would allow a user to deposit fo...

Wrong funding index in settle when no base?

Handle cmichel Vulnerability details The TracerPerpetualSwaps.settle function updates the user's last index to currentGlobalFundingIndex, however a comment states: "// Note: global rates reference the last fully established rate hence the -1, and not the current global rate. User rates reference...

Wrong trading pricing calculations

Handle 0xsanson Vulnerability details Impact In the Pricing contract, an agent can manipulate the trading prices by spamming an high amount of trades. Indeed an agent can create an high amount of orders at an arbitrary price and with a near-zero amount so the agent doesn't even need large funds;...

Awarding takes reserve fee several times

Handle cmichel Vulnerability details The PrizePool.captureAwardBalance function takes fees repeatedly on the same interest. One would expect unaccountedPrizeBalance to be 0 in any repeated calls, but it's not. Assume the following example scenario with a 10% reserve fee: user calls...

BadgerYieldSource balanceOfToken share calculation seems wrong

Handle cmichel Vulnerability details When suppling to the BadgerYieldSource, some amount of badger is deposited to badgerSett and one receives badgerSett share tokens in return which are stored in the balances mapping of the user. So far this is correct. The balanceOfToken function should then...

Flows can bypass market and global pause

Handle 0xRajeev Vulnerability details Impact Ability to pause all token transfers and all state changes for contracts is a “guarded-launch” best-practice for emergency situations for newly launched projects. The project implements this using a marketsPaused flag per market and a globalPause flag...

Unchecked return value from ERC20

Handle cmichel Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. According to the standard the return value must be checked for true, otherwise the transfer wil...

User could deposit for free

Handle s1m0 Vulnerability details Impact deposit function doesn't check the return value of transferFrom that means if the erc20 token return false instead of reverting the user could deposit for free. Tools Used Manual analysis Recommended Mitigation Steps Use openzeppelin's SafeERC20 library. -...