Contracts are vulnerable to rebasing accounting-related issues

Lines of code Vulnerability details Impact Rebasing tokens are tokens that have each holder's balanceof increase over time. Aave aTokens are an example of such tokens. If rebasing tokens are used, rewards accrue to the contract holding the tokens, and cannot be withdrawn by the original depositor...

The LybraRETHVault.depositEtherToMint doesn't keep record of user's ether deposits which results in loss for the user.

Lines of code Vulnerability details Impact High: User will lose his deposited ether. Proof of Concept The collateralAsset address variable which is used in LybraPeUSDVaultBase is assumed to be stETH token address Now the depositEtherToMint function from contract LybraRETHVault.sol which inherits...

Wrong proposalThreshold amount in LybraGovernance.sol

Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...

Owner will be address(0) because it is not initialized

Lines of code Vulnerability details Impact Owner will be address0 making the functions which use the onlyOwner modifier insolvable Proof of Concept There are contracts in the protocol which use the Ownable from OZ: esLBRBoost.sol, EUSDMiningIncentives.sol, ProtocolRewardsPool.sol,...

distributeRewards can revert because of the too strict slippage check

Lines of code Vulnerability details Impact The report highlights that the distributeRewards function can revert due to a strict slippage check. The provided proof of concept demonstrates the issue, where the slippage is set to 98%, leading to potential transaction failures. Proof of Concept...

quorumReached does not account for forVotes

Lines of code Vulnerability details Impact quorumReached does not account for forVotes. Proof of Concept The supportVodes mapping of the ProposalExtraData struct consists of three values: forVotes, againstVotes and abstainVotes respectively on keys 0, 1 and 2. The function: function...

_quorumReached does not add all votes

Lines of code Vulnerability details Impact quorumReached is a function that checks if the Amount of votes already cast passes the threshold limit. But the function does not add all votes //@audit-issue quorum reached does not add all votes function quorumReacheduint256 proposalId internal view...

A Dutch trade could end up with an unintended lower closing price

Lines of code Vulnerability details Impact notTradingPausedOrFrozen that is turned on and off during an open Dutch trade could have the auction closed with a lower price depending on the timimg, leading to lesser capability to boost the Rtoken and/or stRSR exchange rates as well as a weakened...

Canto pool could be drained.

Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the...

The calculateWithExactInput uses the same state's values for all transactions in the block

Lines of code Vulnerability details Impact The calculateWithExactInput uses the same state's values for all transactions. So all checks which should regulate swapped amounts will be broken. It can be a case of asset loss if there will be a significant amount of transactions in one block. Proof of...

The validation of the source channel is performed incorrectly

Lines of code Vulnerability details Impact There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens. Proof of Concept When bootstrapping Canto Network, node operators config channel ID for the onboarding...

tryCatchLimit can forward less than the specified gasLimit due to how CALL* opcode forward gas

Lines of code Vulnerability details Description To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The problem relays on the fact that we cannot be sure th...

In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed

Lines of code Vulnerability details Impact In case Distributor.setDistribution use, revenue from rToken RevenueTrader and rsr token RevenueTrader should be distributed. Otherwise wrong distribution will be used. Proof of Concept BackingManager.forwardRevenue function sends revenue amount to the...

M-07 Unmitigated

Lines of code Vulnerability details Mitigation of M-07: Issue NOT mitigated Mitigated issue M-07: Incorrect slippage check in the AMO2.rebalanceUp can be attacked by MEV Fix: code-423n4/2023-05-xeth@630114e The issue is that since the pool is rebalanced around an imbalanced ratio with 68%-75% xET...

M-05 Unmitigated

Lines of code code-423n4/2023-05-xeth@aebc324L230 Vulnerability details If wxETH drips when nothing is staked, then the first staker can claim every drop. Mitigation code-423n4/2023-05-xeth@aebc324 This PR is added in the method accrueDrip to return if totalSupply == 0 to avoid dropping at 0. But...

M-05 Unmitigated

Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...

ERC721 tokens can be forever locked when transferring

Lines of code Vulnerability details Impact An action that transfers ERC721 tokens from the account contract to another contract could result in the ERC721 tokens being locked forever if the receiving contract doesn't support receiving ERC721 tokens. Proof of Concept The LlamaAccount contract uses...

Clone LlamaCore and LlamaPolicy in LlamaFactory.sol may fail or DOS

Lines of code Vulnerability details Impact LlamaFactory uses Clones.cloneDeterministic to create new LlamaCore and LlamaPolicy contracts. The address of the new PrivatePool depends solely on the name parameter keccak256abi.encodePackedname provided by the administrator when calling the deploy...

Execution does not work if the action has a non-zero value

Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...

The low-level call returns true if the address does not exist

Lines of code Vulnerability details Impact As written in the Solidity documentation , the call, delegatecall and staticcall low-level functions return true as its first return value if the account being invoked does not exist, as part of the design of the EVM. The existence of the account must be...

Executing a script action with non-zero value results in frozen funds

Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...

LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error

Lines of code Vulnerability details Impact LlamaRelativeQuorum isActionApproved / isActionDisapproved check condition error: quantity holders. The two cannot be compared. In general quantity holder, so the approver was lower than expected. Proof of Concept diff --git...

malicious policyholder can forbid setRoleHolder/revokeExpiredRole/revokePolicy calls

Lines of code Vulnerability details Impact All policyholders can't trigger functions related to setRoleHolder, such as setRoleHolder/revokeExpiredRole/revokePolicy. So malicious hackers can achieve DoS or use expired roles for a long unexpected time. Proof of Concept In...

Missing Role Validation in LlamaAbsoluteStrategyBase.sol

Lines of code Vulnerability details Bug Description: The LlamaAbsoluteStrategyBase contract serves as a base contract for Llama strategies and implements various functions for action creation, approval, disapproval, and cancellation. However, it fails to validate the roles used in some critical...

The initial total supply of the role can be miscalculated in some cases

Lines of code Vulnerability details Impact Due to miscalculations during LlamaPolicy contract deployment the initial supply of the role can be set wrongly. And most of strategies will not work as intended. Moreover users will not be able to start an Action for some strategies as well. Proof of...

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards. This means th...

Problem with ValiodatorStatus.INITIALIZED

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The default value for Enums in solidity are always the first parameters in them. In the ValidatorStatus Enum however, INITIALIZED is the first value and therefore the default value of the ValidatorStatu...

cancelUnstake lack payoutRewards before mint shares

Lines of code Vulnerability details cancelUnstake will cancel the withdrawal request in the queue can mint shares as the current stakeRate. But it doesn't payoutRewards before mintStakes. Therefor it will mint stRsr as a lower rate, which means it will get more rsr. Impact Withdrawers in the...

Lack of expiration time for cross-chain message passing

Lines of code Vulnerability details Lack of expiration time for cross-chain message passing Summary Lack of expiration time for cross-chain message passing Vulnerability Detail In the current implementation, the L1CrossDomainMessagern.sol inherits from CrossDomainMessager.sol and...

The owner is a single point of failure and a centralization risk.

Lines of code Vulnerability details Impact & Vunerability Details. Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure, as this contract's owner can perform roles of high importance to the protocol. A single private key may be taken in a...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

ERC20 token bridge does not support token with different decimals

Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...

Exchange rate is stale for deposit to calculate shares

Lines of code Vulnerability details Impact The attacker can take profit with the delayed exchange rate updating mechanism. He can deposit to the protocol to take a share of large mev reward generated by the protocol before the exchange rate update. Proof of Concept The getExchangeRate function is...

The owner is a single point of failure and a centralization risk (06 Instances)

Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Tools Used...

Upgraded Q -> 3 from #240 [1686228527253]

Judge has assessed an item in Issue 240 as 3 risk. The relevant finding follows: L-01 --- The text was updated successfully, but these errors were encountered: All reactions...

Lender can front-run calls to auctionBuyNft() to DoS auctions

Lines of code Vulnerability details Lender can front-run calls to auctionBuyNft to DoS auctions Lenders can DoS auction offers by resetting the auction process. Impact The Particle protocol allows lenders to auction their loans in case any interested party wants to repay the NFT of the loan. The...

Supplying NFT, which is borrowed from Particle Exchange, to Particle Exchange can cause original lien's borrower to lose such NFT and previously sent msg.value even though its position for original lien is not yet insolvent

Lines of code Vulnerability details Impact After a borrower calls the following ParticleExchange.swapWithEth function, the borrower receives the corresponding NFT. function swapWithEthLien calldata lien, uint256 lienId external payable override validateLienlien, lienId ... /// @dev cannot instant...

Changing _treasuryRate can cause lender to lose some interest that it is entitled to

Lines of code Vulnerability details Impact Calling the following ParticleExchange.buyNftFromMarket, ParticleExchange.repayWithNft, ParticleExchange.refinanceLoan, and ParticleExchange.auctionBuyNft functions accrue interestAccrued for the corresponding lender. When calling these functions, the...

Lender can auction the loan without any restriction to cause losses to the borrower

Lines of code Vulnerability details Lender can auction the loan without any restriction to cause losses to the borrower Impact The lender can unilaterally decide to auction a loan at any time, without any restriction. The process can be started by calling startLoanAuction and offers to repay the...

Upgraded Q -> 2 from #26 [1685524804490]

Judge has assessed an item in Issue 26 as 2 risk. The relevant finding follows: L-02 Host can reduce rageQuit window --- The text was updated successfully, but these errors were encountered: All reactions...

The distribution logic will be broken after calling rageQuit()

Lines of code Vulnerability details Impact Malicious users might receive more distributed funds than they should with higher distributionShare. Proof of Concept In PartyGovernanceNFT.sol, there is a getDistributionShareOf function to calculate the distribution share of party NFT. function...

Project may fail to be deployed to chains not compatible with Shanghai hardfork

Lines of code Vulnerability details Project may fail to be deployed to chains not compatible with Shanghai hardfork Current settings may produce incompatible bytecode with some of the chains supported by the protocol. Impact The Ambire wallet supports and targets different chains, such as Ethereu...

Upgraded Q -> 2 from #964 [1684819958119]

Judge has assessed an item in Issue 964 as 2 risk. The relevant finding follows: L1 --- The text was updated successfully, but these errors were encountered: All reactions...

Swap leftovers are locked in the JBXBuybackDelegate

Lines of code Vulnerability details Vulnerability details In case that the project JBToken address is bigger than WETH address, projectTokenIsZero is set to false. The test cases of buyback delegate only cover the situation, where the JBToken is lower than WETH. constructor IERC20 projectToken,...

Minting exposes beneficiaries to unlimited slippage while minting the token out, sending back the token in the terminal.

Lines of code Vulnerability details Impact The amount of tokens minted/assets received when minting can be manipulated to an unlimited extent by manipulating the reserves of the pool. Proof of Concept Here the mint function mints the tokens out to the beneficiary. However the Delegate can't speci...

Upgraded Q -> 2 from #467 [1684434787599]

Judge has assessed an item in Issue 467 as 2 risk. The relevant finding follows: L-03 Anyone can memorialize other users' position if the owner approves PositionManager There isn't a check to ensure that the caller is the actual owner of the position, so anyone can memorialize a position if the...

Comptroller.sol#_getHypotheticalLiquiditySnapshot assumes that all UnderlyingTokens have the same precision

Lines of code Vulnerability details Impact File: Comptroller.sol 1316 // Get the normalized price of the asset 1317 Exp memory oraclePrice = Exp mantissa: safeGetUnderlyingPriceasset ; 1318 1319 // Pre-compute conversion factors from vTokens - usd 1320 Exp memory vTokenPrice = mulExp mantissa:...

mint and burn can be attacked by sandwiches

Lines of code Vulnerability details Impact The rewards of mint and burn are calculated based on the ratio of uTokenincluding debt and vToken, so it can be sandwiched by attackers. Proof of Concept Tools Used manual Recommended Mitigation Steps It is recommended to add the minimum receiving quanti...

Comptroller.sol#healAccount did not call updateRewardTokenBorrowIndex to update the reward

Lines of code Vulnerability details Impact healAccount should call updateRewardTokenBorrowIndex to calculate the reward before affecting the debt value. Proof of Concept Tools Used manual Recommended Mitigation Steps call updateRewardTokenBorrowIndex before heal account. Assessed type Other --- T...

Stale risk fund assets may make protocol loose funds

Lines of code Vulnerability details Vulnerability Details When swapping Risk funds in a pool swapPoolsAssetsaddress,uint256,address from one market underlying asset type to convertibleBaseAsset , only a limited selected markets are supplied as input parameter. function swapPoolsAssets address...