Lack of method to delete a rewardsDistributor in Comptroller.sol can break rewards distribution permanently

Lines of code Vulnerability details Proof of Concept The storage array rewardsDistributors will be used to distribute the rewards across the hooks in Comptroller.sol, namely preMintHook, preRedeemHook, preBorrowHook, preRepayHook, preSeizeHook and preTransferHook We can see addRewardsDistributor...

Bad debt auctions can be DoSed forever

Lines of code Vulnerability details Vulnerability Details For function Shortfall::placeBid in shortfall contract on L183 and L190 , the previous highest bidder’s funds stored in the shortfall contract has to be sent back to the bidder. This operation has to be successful before any new bid can be...

vTokenPrice used instead of weightedVTokenPrice when calculating snapshot.totalCollateral in _getHypotheticalLiquiditySnapshot

Lines of code Vulnerability details Impact In the getHypotheticalLiquiditySnapshot function when the value of snapshot.totalCollateral is calculated the vTokenPrice is used instead of weightedVTokenPrice, this will lead the function to return the wrong value for snapshot.totalCollateral resulting...

mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.

Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...

Attacker can DoS create a extraordinary proposals

Lines of code Vulnerability details Impact An attacker can prevent the creation of proposals in ExtraordinaryFunding.solproposeExtraordinary by front-running the proposal, which will give him the same hash as the correct user desired, and setting endBlock to the past, which will invalidate the...

Upgraded Q -> 2 from #99 [1683646958313]

Judge has assessed an item in Issue 99 as 2 risk. The relevant finding follows: 03 ALLOWING ShortCollateral.refresh FUNCTION TO BE CALLABLE BY ANYONE CAN BE DANGEROUS --- The text was updated successfully, but these errors were encountered: All reactions...

Reappearance of M-02 in WstEth.withdraw()

Reappearance of M-02 in WstEth.withdraw Description The changes in WstEth.withdraw has introduced a new issue exactly parallel to the one present in SfrxEth.withdraw which was reported in M-02: sFrxEth may revert on redeeming non-zero amount, i.e. WstEth.withdrawamount may revert when amount 0. F...

Chainlink price feed responses are not validated

NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...

Mitigation of M-05: Issue not mitigated, mitigation errors

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-05: Issue not mitigated, mitigation errors Link to Issue: code-423n4/2023-03-asymmetry-findings812 Comments The issue describes missing checks associated with staking requirements for the WstEth and Reth derivative. The...

isContract() is not a reliable way of checking if the input is an EOA

Lines of code Vulnerability details Impact depositIntoStrategyWithSignature is checking if the msg.sender is EOA or the contract and it is doing it by check isContract which is not right Proof of Concept The isContract check can be passed even though if msg.sender is a smart contract if Function ...

Upgraded Q -> 3 from #326 [1683219203160]

Judge has assessed an item in Issue 326 as 3 risk. The relevant finding follows: L-05 Integer overflow by unsafe casting Description Keep in mind that the version of solidity used, despite being greater than 0.8, does not prevent integer overflows during casting, it only does so in mathematical...

Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation.

Lines of code Vulnerability details Impact Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation. Proof of Concept Let's take a look at the following code snippet from StrategyManagerslashQueuedWithdrawal. // keeps track of the index in the indicesToSkip array...

StrategyBase.sharesToUnderlying() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of sharesToUnderlying, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

Medium Access Control Unauthorized access to restricted functions

Lines of code Vulnerability details Impact compromising the owner or whitelister roles could allow an attacker to manipulate critical whitelist and configuration logic, potentially damaging the use of the protocol. By taking control of privileged access, the attacker could enable rapid withdrawal...

Upgraded Q -> 3 from #853 [1683219256548]

Judge has assessed an item in Issue 853 as 3 risk. The relevant finding follows: LC-02 USE THE SAFECAST LIBRARY FOR CASTING VALUES TO AVOID OVERFLOW/UNDERFLOW File: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -= uint128weightSum; --- The...

Context not implemented as per need of the code

Lines of code Vulnerability details Impact Logical and mathematical flaws might occur due to lack of the check . Proof of Concept As per comment in: //check if the withdrawal occured after mostRecentWithdrawalBlockNumber but no check is involved in the code which would cause mathematical flaws in...

Upgraded Q -> 2 from #200 [1683080702977]

Judge has assessed an item in Issue 200 as 2 risk. The relevant finding follows: L-03 KangarooVaultminDepositAmount should be a fairly high number to prevent 0 deposits or dust deposits that may affect the deposit/withdrawal process --- The text was updated successfully, but these errors were...

Upgraded Q -> 3 from #407 [1683102761347]

Judge has assessed an item in Issue 407 as 3 risk. The relevant finding follows: L01 Unsafe downcasting On PrivatePool.solL230-L231 there are two unsafe downcasting from uint256 to uint128; virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -=...

Upgraded Q -> 2 from #898 [1683143849953]

Judge has assessed an item in Issue 898 as 2 risk. The relevant finding follows: Royalty receiver will not get correct royalty as saleprice is not calculated properly uint256 salePrice = outputAmount / sellsi.tokenIds.length; Here the salesprice for an nft is calculated by using the above formula...

Upgraded Q -> 2 from #882 [1683052832814]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: In changeFeeQuote if changeFee == 0 protocolFeeAmount becomes 0 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #463 [1682585731493]

Judge has assessed an item in Issue 463 as 2 risk. The relevant finding follows: L-08 Swapping in Reth.sol may be sub-optimal The Reth pool uses the Weth/Reth 0.05% fee pool to swap between weth and reth. I recommend using the balancer pool to swap instead as it has 80M liquidity compared to...

Test manage-findings update with new cors

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Position ownership could be transferred to zero address

Lines of code Vulnerability details Impact Ownership of a Position could be transferred to zero address. This is usually caused by mistake but the consequence is loss of collateral. Proof of Concept The position owner calls transferOwnership but accidentally set newOwner address to 0x0. Tools Use...

Use of _mint in ReraiseETHCrowdfund#_contribute is incompatible with PartyGovernanceNFT#mint

Lines of code Vulnerability details Impact Misconfigured receiver could accidentally DOS party Proof of Concept ReraiseETHCrowdfund.solL238 if previousVotingPower == 0 mintcontributor; - @audit-issue standard minting here ReraiseETHCrowdfund.solL374 uint256 tokenId = party.mintcontributor,...

CHANGEFEE IS NOT CORRECTLY SCALED IN FLASHLOAN()

Lines of code Vulnerability details Impact changeFee that has been scaled with 4 decimals of of basis points is being adopted by flashloan. This could make the function behave in an unexpected manner than intended. Proof of Concept The fee is calculated as: PrivatePool.solL632 uint256 fee =...

Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()

Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...

InitialETHCrowdfund + ReraiseETHCrowdfund: batchContributeFor function may not refund ETH which leads to loss of funds

Lines of code Vulnerability details Impact This vulnerability exists in both the InitialETHCrowdfund and ReraiseETHCrowdfund contracts in exactly the same way. I will continue this report by explaining the issue in only one contract. The mitigation section however contains the fix for both...

totalVotingPower needs to be snapshotted for each proposal because it can change and thereby affect consensus when accepting / vetoing proposals

Lines of code Vulnerability details Impact This issue does not manifest itself in a limited segment of the code. Instead it spans multiple contracts and derives its impact from the interaction of these contracts. In the PoC section I will do my best in explaining how this results in an issue. I...

CollectionBatchBuyOperator.sol: tokenIds array is not shortened properly which makes execute function revert when not all NFTs are purchased successfully

Lines of code Vulnerability details Impact The CollectionBatchBuyOperator contract allows parties to buy NFTs through proposals. The proposal specifies an nftContract and token IDs via the nftTokenIdsMerkleRoot parameter that can be bought. Allowed executors can then execute the actual purchase b...

VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...

MuteAmplifier.sol: rescueTokens function does not prevent fee tokens from being transferred

Lines of code Vulnerability details Impact The MuteAmplifier.rescueTokens function allows the owner to withdraw tokens that are not meant to be in this contract. The contract does protect tokens that ARE meant to be in the contract by not allowing them to be transferred: Link function...

Incorrect parameter in withdraw function

Lines of code Vulnerability details Impact An incorrect parameter is used in the withdraw function in SfrxEth.sol. The amount variable is used when the frxEthBalance variable should be used to calculate minOut. The amount that gets swapped at the FRXETHCRVPOOLADDRESS is the frxEthBalance, not the...

deposit function of WstEth not working correctly

Lines of code Vulnerability details Impact The deposit function doesnt seem to work at all, or correctly at all. Its missing some code, etc. Please see my natspec notes below for more clarity: Apologies, this is 10mins before contest ends, so I'm just going to copy my NatSpec notes here: function...

WstEth slippage and fee stealing

Lines of code Vulnerability details Impact The WstEth derivative contract calculates the maximum slippage for buying WstEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint256 minOut =...

Spot UniswapV3 pricing for rETH when staking in SafEth can lead to loss of user funds

Lines of code Vulnerability details Impact An attacker can craft a set of transactions so that when they are depositing funds in the SafEth contract, using the stake function, they can understate the value of existing deposits preDepositPrice value, while overstating the value of their deposit...

Reth griefing

Lines of code Vulnerability details Impact The maximum slippage when buying rETH from the Uniswap V3 pool is calculated in Reth derivative contract by taking the current price in the Uniswap V3 pool at runtime, without taking into account the price at which the user sent the transaction to the...

Upgraded Q -> 2 from #88 [1679874611177]

Judge has assessed an item in Issue 88 as 2 risk. The relevant finding follows: L-1 Vault assignment in VaultToken can be frontrunned --- The text was updated successfully, but these errors were encountered: All reactions...

LiquidityPool.executePerpOrders(): dangerous payable function

Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...

KangarooVault.initiateDeposit, KangarooVault.processDepositQueue, KangarooVault.initiateWithdrawal, and KangarooVault.processWithdrawalQueue functions do not use whenNotPaused modifier

Lines of code Vulnerability details Impact As shown by the code below, although PauseModifier is imported, the KangarooVault contract does not use the whenNotPaused modifier in any of its functions. More specifically, the KangarooVault.initiateDeposit, KangarooVault.processDepositQueue,...

Disabling self-transfer may cause integration issues with other protocols

Lines of code Vulnerability details Impact Integration errors with other protocols Proof of Concept The changes made for H-01 causes transfers to revert if from == to. This is problematic because this is non-standard ERC20 behavior that can cause integration risk/issues with other protocols. I...

KangarooVault.sol : anyone can call the processWithdrawalQueue. This would hurt the user when the token price is low

Lines of code Vulnerability details Impact When the price is low, user would get less amount. Proof of Concept processWithdrawalQueue can be called by any one. function processWithdrawalQueueuint256 idCount external nonReentrant for uint256 i = 0; i availableFunds current.returnedAmount =...

NonceHolder.setValueUnderNonce does not increase the minNonce when using sequential account nonce ordering

Lines of code Vulnerability details Impact The current available nonce can't be synchronized to the client and rpc resp in real time. As a result, the client can't use the correct nonce to signature transaction. Proof of Concept If the nonceOrdering type of the account is...

ProfilePictureData is not stored, which will cause serious logic errors

Lines of code Vulnerability details Impact All data minted by the contract will not be stored, paralyzing the entire contract Proof of Concept code snippet： function mintaddress nftContract, uint256 nftID external uint256 tokenId = ++numMinted; if ERC721nftContract.ownerOfnftID != msg.sender reve...

Operator can cause funds to be stolen by manipulating gas fee refund

Lines of code Vulnerability details Impact An operator can manipulate the refund of gas fee mechanism to steal from the bootloader balance. Inside refundCurrentL2Transaction function in the bootloader where the refund is happening for the refund recipient at L1097, the operator provides a value f...

An attacker can manipulate the call stack of the transaction to impersonate another address and set a different value for the origin variable.

Lines of code Vulnerability details Impact By changing the transaction's call stack, an attacker can use the origin variable to pretend to be another address, as a result, the attacker can be able to enter the system without authorization and carry out evil deeds. Proof of Concept The vulnerabili...

Rewards calculation is unfair and leads to stakers losing rewards

Lines of code Vulnerability details User rewards are updated upon staking actions ie stake or withdraw: File: contracts/staking/NeoTokyoStaker.sol 1225: // Grant the caller their total rewards with each staking action. 1226: IByteContractBYTES.getRewardmsg.sender; Which are computed as follows:...

Permit authorized callers can burn any amount of BYTES 2.0 tokens from an arbitrary address

Lines of code Vulnerability details Impact Using the burn function of BYTES 2.0, an authorized caller can burn an arbitrary amount of tokens from any address. I'm aware that it was mentioned in README.md of the project that this type of finding is out of the scope. but I believe it is still...

Executing getCreditYield(citizenId, citizenVaultId) in NeoTokyoStaker._stakeS1Citizen function can cause identityPoints to be lower than it should be when corresponding S1 Citizen to be staked does not have a component vault but an optional vault is provided

Lines of code Vulnerability details Impact Calling the following NeoTokyoStaker.stakeS1Citizen function executes string memory citizenCreditYield = getCreditYieldcitizenId, citizenVaultId and uint256 identityPoints = identityCreditPointscitizenCreditYield. When the S1 Citizen to be staked does no...

Infinite mint via points underflow (in scope)

Lines of code Vulnerability details Impact Due to unchecked math in the withdrawLP function, a user can trigger an underflow in their points and infinitely increase their rewards. The problem exists in several places. Problem 1. The configureTimelockOptions function allows setting...

Total reward is miscalculating

Lines of code Vulnerability details Impact In the getPoolReward the calcul of totalReward is wrong because the rewardRate is not updated. When block.timestamp is less or equal to windows.startTime the reward rate should equal to the current window rate not the previous one. Proof of Concept...