Shelter funds can be stolen

Lines of code Vulnerability details Impact Shelter has a function withdraw that lets whitelisted users withdraw a specified amount of some token. The function does not check if the user has already withdrew the tokens. Since, a user can withdraw allowed amount any number of times, stealing all th...

unsafe cast can lead to theft

Lines of code Vulnerability details in the first link I provided, a hacker can call withdraw with amount = 2196, the amount of shares that will be burned is uint1922192 == 0. if the system has enough money, the hacker can steal 2192 tokens and pay nothing. for the second link, a user that provide...

Potential for reentrancy on USDMPegRecovery.sol:withdraw()

Lines of code Vulnerability details Impact Re-entrancy Proof of Concept File: USDMPegRecovery.sol 110: function withdrawLiquidity calldata withdrawal external 111: Liquidity memory total = totalLiquidity; 112: Liquidity memory user = userLiquiditymsg.sender; 113: ifwithdrawal.usdm 0 114:...

Sale operator may frontrun purchases in order to modify the price arbitrarily

Lines of code Vulnerability details Impact Buyer's cannot set a minimum amount of CTDL that they will expect so BadgerDAO can force them to receive a smaller amount than expected. Proof of Concept The buy function only allows the buyer to specify an amount of tokenIn to send to the contract and...

Flash loan price manipulation in purchasePyroFlan()

Handle sirhashalot Vulnerability details Impact The comment on line 54 of FlanBackstop.sol states "the opportunity for price manipulation through flash loans exists", and I agree that this is a serious risk. While the acceptableHighestPrice variable attempts to limit the maximum price change of t...

Two pairs can have same tokens

Handle sirhashalot Vulnerability details Impact The createLPoolPair function in ControllerV1.sol tries to prevent a pair from being create if it already exists. It does this with the statement requirelpoolPairstoken0token1.lpool0 == address0 || lpoolPairstoken1token0.lpool0 == address0, 'pool pai...

Stacking with 0 amount will reset rewarded without claiming any flan.

Handle Randyyy Vulnerability details Impact A user can stake their token by calling stake function, by supplying a token, however staking 0 amount token is allowed, staking 0 amount will reset the reward debt, without minting a single flan token, the function will treat as if the user do the...

Calling generateFLNQuote twice in every block prevents any migration

Handle camden Vulnerability details Impact and PoC In the Uniswap helper, generateFLNQuote is public, so any user can generate the latest quote. If you call this twice in any block, then the two latest flan quotes will have a blockProduced value of the current block's number. These quotes are use...

Chainlink oracles might return stale data

Handle hack3r-0m Vulnerability details Location: DAI.latestRoundData returns data from the latest round, but there is no guarantee that the latest round happened frequently, it might be a case where latestRoundData has happened 1 hour or 1 day ago. This can lead to stale data used for calculation...

Malicious Users Can Duplicate Protocol Earned Yield By Transferring wCVX Tokens To Another Account

Handle leastwood Vulnerability details Impact ConvexYieldWrapper.sol is a wrapper contract for staking convex tokens on the user's behalf, allowing them to earn rewards on their deposit. Users will interact with the Ladle.sol contract's batch function which: Approves Ladle to move the tokens...

anyone can change Parameters state

Handle jayjonah8 Vulnerability details Impact In BurnFlashStakeDeposit.sol the parameterize function can be called by anyone setting all the Parameters state in the contract. A user should not be able to do this. This function deals with important governance decisions being execute and should onl...

Pair creation can be denied

Handle cmichel Vulnerability details The LaunchEvent.createPair requires that no previous pool was created for the WAVAX token pair. function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; // @audit grief: anyon...

Launch event creation can be denied 2

Handle cmichel Vulnerability details The RocketJoeFactory.createRJLaunchEvent requires that no previous pool was created for the WAVAX token pair. function createRJLaunchEvent address issuer, uint256 phaseOneStartTime, address token, uint256 tokenAmount, uint256 tokenIncentivesPercent, uint256...

[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

Handle WatchPug Vulnerability details For the first minter of an Exchange pool, the ratio of X/Y and the totalSupply of the LP token can be manipulated. A sophisticated attacker can mint and burn all of the LP tokens but 1 Wei, and then artificially create a situation of rebasing up by transferri...

setSherlockCoreAddress can be frontruned.

Handle wuwe1 Vulnerability details Proof of Concept SherDistributionManager.sol and AaveV2Strategy.sol are affected by this. For sdm, attacker can monitor mempool and frontrun the setSherlockCoreAddress . By setting the sherlockCore as a address controlled by attacker. Attacker can call pullRewar...

Add a timelock to ExchangeFactory.sol:setFeeAddress() (function that sets a key variable)

Handle Dravee Vulnerability details Impact To give more trust to users: functions that set key/critical variables should be put behind a timelock. Proof of Concept Here, a malicious owner could set the feeAddress to his own and the fee from liquidity tokens that get minted would get stolen: . As...

Fee always is zero in the first addLiquidity call

Handle 0x1f8b Vulnerability details Impact Fee always is zero during the first addLiquidity call. Proof of Concept The method MathLib.calculateLiquidityTokenFees is on charge to compute the liquidityToken fee, one of the arguments it's the totalSupply, and during the first call of addLiquidity...

Admin can rug L2 Escrow tokens leading to reputation risk

Handle harleythedog Vulnerability details Impact The L1Escrow contract has the function approve that is callable by the admin to approve an arbitrary spender with an arbitrary amount so they can steal all of the escrow's holdings if they want. Even if the admin is well intended, the contract can...

[WP-M1] BURNER_ROLE can burn any amount of L2LivepeerToken from an arbitrary address

Handle WatchPug Vulnerability details function burnaddress from, uint256 amount external override onlyRoleBURNERROLE burnfrom, amount; emit Burnfrom, amount; Using the burn function of L2LivepeerToken, an address with BURNERROLE can burn an arbitrary amount of tokens from any address. We believe...

Incorrect erc20 interface

Handle 0v3rf10w Vulnerability details Impact Incorrect erc20 implementation can lead to failure when interacting with contarcts Proof of Concept IBridgeMinterToken contracts/token/BridgeMinter.sol5-13 has incorrect ERC20 function interface:IBridgeMinterToken.transferaddress,uint256...

Wrong logic in L2ArbitrumMessenger

Handle 0x1f8b Vulnerability details Impact Current logic doesn't work. Proof of Concept The method sendTxToL1 inside the contract L2ArbitrumMessenger has a wrong logic, it convert the value 100 to an address, in order to call sendTxToL1 method, but this converted address will never work, so the...

[WP-H20] Wrong implementation of withdrawRedundant() allows the Vault owner to drain all the funds

Handle WatchPug Vulnerability details Based on the context, withdrawRedundant intends to disallow the owner to withdraw more Vault tokens than the surplus amount. However, the current implementation is wrong, which allows the Vault owner to drain all the funds. function withdrawRedundantaddress...

[WP-M35] PoolTemplate#applyCover Unbounded for loops allows an attacker to malfunction applyCover(), making it impossible to change the marketStatus of the Pool to Payingout status

Handle WatchPug Vulnerability details function applyCover uint256 pending, uint256 payoutNumerator, uint256 payoutDenominator, uint256 incidentTimestamp, bytes32 merkleRoot, string calldata rawdata, string calldata memo external override onlyOwner requirepaused == false, "ERROR: UNABLETOAPPLY";...

Missing slippage/min-return check in NonUSTStrategy

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...

[WP-H2] NonUSTStrategy.sol Improper handling of swap fees allows attacker to steal funds from other users

Handle WatchPug Vulnerability details NonUSTStrategy will swap the deposited non-UST assets into UST before depositing to EthAnchor. However, the swap fee is not attributed to the depositor correctly like many other yield farming vaults involving swaps ZapIn. An attacker can exploit it for the sw...

Reentrancy vulnerability allows attacker to gain more shares than deserved

Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...

Possible griefing attack on vault setStrategy

Handle harleythedog Vulnerability details Impact In the function setStrategy within Vault.sol, there is a requirement that strategy.investedAssets == 0 so that no funds are left stuck in the strategy. A malicious user could strategically transfer 1 wei of underlying to the strategy or any other...

Debt created during mint is arbitragable

Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...

burn() doesn't call ERC721 _burn()

Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...

PoolTemplate.sol initialize() can be called by attacker during deployment

Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...

XSS in uri token

Handle 0x1f8b Vulnerability details Impact It could be produced an XSS. Proof of Concept The method tokenURI could be used with an arbitrary IPair, if this pair is composed with a specific symbol, it could be produced an uri with XSS inside the SVG file, it will produce an stored XSS. Reference:...

no check that proposed owner is not the contract itself

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the proposeOwnership function sets a pending owner but does not check to make sure that the newOwner is not the contract itself. This check is important to not risk setting the owner to an address that cannot be changed...

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

Handle cccz Vulnerability details Impact There is a reentrancy vulnerability in the safeMint function function safeMint address to, uint256 tokenId, bytes memory data internal virtual mintto, tokenId; require checkOnERC721Receivedaddress0, to, tokenId, data, "ERC721: transfer to non ERC721Receive...

no reentrancy guard on mint() function that has a callback

Handle jayjonah8 Vulnerability details Impact In CollateralizedDebt.sol, the mint function calls safeMint which has a callback to the "to" address argument. Functions with callbacks should have reentrancy guards in place for protection against possible malicious actors both from inside and outsid...

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Fee not decayed if past decayTime

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.calculateDecayedFee function is supposed to decay the lastFeePercent over time. This is correctly done in the decay 0 && decay decayTime case it does not decay at all but should set it to 0 instead.. if decay 0 && decay...

StabilityPool.receiveCollateral function doesn't have access control

Handle dalgarim Vulnerability details Impact The comment on the "StabilityPool.receiveCollateral" function states that this function should be called by ActivePool. However this function doesn't implement access control which checks whether the caller is actually ActivePool or not. As this functi...

Oracle can be manipulted to consider only a single pair for pricing

Handle TomFrenchBlockchain Vulnerability details Impact Loss of resilience of oracle to a faulty pricing for a single pair. Proof of Concept In the oracle we calculate the TVL of each pool by pulling the reserves and multiplying both assets by the result of a supposedly manipulation resistant...

Zap contracts vulnerable to DoS

Handle shenwilly Vulnerability details Impact If the zap contract has a non-zero balance of vault token then users won't be able to mint that particular vault. This is because the minting functions only check if the minted token is equal to the current balance inside the contract, which will alwa...

NFTXStakingZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXStakingZap provides an interface for users to interact with NFTX vaults by adding ERC1155/ERC721 tokens as liquidity. The addLiquidity721WETH and addLiquidity1155WETH functions perform strict equality checks on the vaults balance for the...

buyAndSwap1155WETH() function may cause loss of user assets

Handle cccz Vulnerability details Impact In the NFTXMarketplaceZap.sol contract, the buyAndSwap1155WETH function uses the WETH provided by the user to exchange VaultToken, but when executing the buyVaultToken method, msg.value is used instead of maxWethIn. Since msg.value is 0, the call will fail...

It is possible to liquidate not existing account

Handle 0x0x0x Vulnerability details It is possible to liquidate an address for any product when collateral = maintenance = 0. So in other words, if a user have never used a product and deposited collateral, the user can get liquidated blacklisted from the product by anyone, since a liquidated...

No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation

Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...

Yearn token <> shares conversion decimal issue

Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...

Malicious Promotion Creators Can Drain Token Balances

Handle leastwood Vulnerability details Impact The createPromotion allows any user to create and fund promotions for a specific number of epochs. Ticket holders are entitled to a percentage of the rewards based on their TWAB. createPromotion references a ticket address which can be controlled by t...

Non compatile with all tokens

Handle 0x1f8b Vulnerability details Impact It could not work with all tokens. Proof of Concept The method fromTokenAmount inside the contract Token18 can't work with tokens with 0 decimals, the result of UFixed18Lib.ratio will throw and error because it will divide by zero. It's mandatory to chec...

Missing Check When Transferring Tokens Out For A Given Promotion

Handle leastwood Vulnerability details Impact The claimRewards function is called upon by ticket holders who parse a set of epochIds they wish to claim rewards on. An internal call is made to calculateRewardAmount to calculate the correct reward amount owed to the user. Subsequently, the...

Attacker can empty all the funds by creating fake promotions

Handle WatchPug Vulnerability details The current implementation of calculateRewardAmount allows a arbitrary epochId, which can even be a epochId numberOfEpochs. A malicious user can call claimRewards with epochIds larger than numberOfEpochs and claim other users' rewards. Furthermore, since...

If a promoter cancels a promotion, unclaimed rewards of ticket holders are lost

Handle hubble Vulnerability details Impact Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch. Proof of Concept contract : TwabRewards function : cancelPromotion line 132 delete...