Error in the calculation of daoShare value in the getPoolReward function

Lines of code Vulnerability details Impact In the getPoolReward function inside the NeoTokyoStaker contract there is an error in the calculation of the daoShare value which represents the part of rewards sent to the treasury, this means that the treasury will receive less rewards that what it is...

# configureLP function should check LP stakers present before changing LP address.

Lines of code Vulnerability details configureLP function should check LP stakers existence before changing LP address. Permitted users are allowed to change LP address when lpLocked is false. So this does not follow the comments above. Proof of concept 1701 This function allows a permitted user t...

Staking BYTES to Citizen does not extend timelock, allowing attacker to manipulate totalPoints with flash loan

Lines of code Vulnerability details Impact In NeoTokyoStaker, BYTES token can be staked into a Citizen. First, the Citizen must be staked, it will be locked for a timelock duration in Staking contract. Staker want to stake BYTES can specify this Citizen ID and stake into it. However, when users...

the S1 Citizen and S2 Citizen loops in the second getStakerPositions are not working properly

Lines of code Vulnerability details Impact This can result in the second loop not running correctly and resulting in an error in the logic, in case if the length of the stakerS1Positionstaker or stakerS2Positionstaker arrays is very large, the operation of adding or subtracting the index on...

Rounding division error could occur in the receiveRandomNumber function

Lines of code Vulnerability details Impact This rounding division error could result in the prize pool being drained over time if it occurs repeatedly, as the actual amount of prizes awarded would always be slightly less than the intended amount. Proof of Concept drawRewardSizedrawFinalized,...

Transaction failure due to out of gas.

Lines of code Vulnerability details Impact Transaction failure due to out of gas. Proof of Concept The DAO protocol allows users to deposit any tokens.If a bad actor create a fake token and deposit to the protocol,then contact the appropriate person for a refund. A malicious person adds malicious...

Winnings might be unable to catch up with prize pot

Lines of code Vulnerability details Impact Profit may become ineffective, meaning that funds are effectively stuck in the contract. Proof of Concept Funds are owned by the Lottery and the only way out is through payouts. However, since the jackpot is bound by jackpotBound the expected payout taki...

Wrong reward calculation if the reward token doesn't have 18 decimals

Lines of code Vulnerability details Impact If the rewardToken has less than 16 decimals, users will not be able to claim the correct value of their prize. Try not to think it will be DAI only. We will probably use DAI for the first product, but think more in general approach @0xluckydev5064 It is...

Loss of reward for stakingRewardRecipient

Lines of code Vulnerability details Impact Anyone can call claimRewards function with rewardType = LotteryRewardType.STAKING, in which function LotteryMath.calculateRewards is used to calculate reward to transfer to beneficiary. By observing number of ticketsSold calculated from the...

Likelihood of becoming zero numbers for the numbers of the winning ticket

Lines of code Vulnerability details Impact The logic of the function reconstructTicket may give more zero numbers inside the packed winning ticket. Proof of Concept As this issue may already be a sponsor-acknowledge case, however, it's worth explaining. Considering the case 7/35 for a lottery gam...

No sanity check on drawCoolDownPeriod can lead to frontrun attacks on jackpot prize

Lines of code Vulnerability details Impact During the construction of the LotterySetup, there is no sanity check on drawCoolDownPeriod. If its set to zero, then there will be no cool down period, players can buy the lottery tickets at any time until the draw. Once lottery setup is complete with...

Ticket: Owner of winning ticket can frontrun secondary sales

Lines of code Vulnerability details The Wenwin docs note that tickets "can be traded on the secondary market before or after the draw," since they are standard ERC721 tokens. After a ticket draw, the owner of a winning ticket may call LotteryclaimWinningTickets, which transfers lottery winnings t...

Attacker contract can avoid being blocked

Lines of code Vulnerability details Impact A Malicious attacker can interact with the system and selfdestruct his own contract then use CREATE2 to recreate it at same address when he needs to interact with the system again. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps...

Price manipulation attack

Lines of code Vulnerability details Impact The PriceFeed.sol was marked OOS but I believe this to be a valid issue. If the chainlink feed fails which is does from time to time, the Tellor price feed takes over no matter what the delta is compared to the chainlink price. This is an issue because t...

First staker staking can lead to unfair profiting

Lines of code Vulnerability details Impact A caller is able to drain all of the fees from the pool if the caller stakes prior to totalLQTYStaked, in the LQTYStaking contract, being greater than 0. When the protocol is first deployed, FLUSD is zero. It is increased when troves are opened. If a...

ActivePool.sol – Re-entrancy risk on _rebalance function

Lines of code Vulnerability details The rebalance function is vulnerable to a reentrancy attack. Specifically, an external callee can take over the control flow of the function by calling back into the ActivePool contract via a method that triggers the rebalance function again before it completes...

No Contract Compiled Yet, missing "contract RegistryUtils{...}" in in file packages/contracts/src/framework/utils/RegistryUtils.sol

Lines of code Vulnerability details Impact packages/contracts/src/framework/utils/RegistryUtils.sol file is missing "contract", here there is one function function isSubdomainValid and it will not compile. isSubdomainValid is called in several places,...

Callback tokens can cause re-entrancy

Lines of code Vulnerability details Description There are many places in the code where token transfers are in the middle of a function more specifically, both after and before state changes. It is very important not to pass control to untrusted code in these calls, as they could potentially...

Upgraded Q -> 2 from #11 [1678055765655]

Judge has assessed an item in Issue 11 as 2 risk. The relevant finding follows: Low-01 SwingTraderManager.totalProfit may be updated incorrectly Impact In SwingTraderManager.sellMalt, when amountSold + dustThreshold = maxAmount, the function will return directly and will not update totalProfit,...

Upgraded Q -> 2 from #633 [1677880427560]

Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...

changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)

Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...

Upgraded Q -> 2 from #298 [1677237168746]

Judge has assessed an item in Issue 298 as 2 risk. The relevant finding follows: 01 MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL DripsHub.setSplits FUNCTION TO FRONTRUN OTHER USER'S DripsHub.split FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS Based on the current...

Artificial Inflation of Interest-Bearing Balances

Lines of code Vulnerability details Impact It is possible to artificially inflate one's balance, compromising the integrity of the KIB token entirely. The vulnerability arises from how the balances are updated and utilize "stale" values that were loaded into memory. As such, a self-transfer would...

SwingTraderManager.swingTraders() shoudn't contain duplicate traderContracts.

Lines of code Vulnerability details Impact If SwingTraderManager.swingTraders contains duplicate traderContracts, several functions like buyMalt and sellMalt wouldn't work as expected as they work according to traders' balances. Proof of Concept During the swing trader addition, there is no...

RewardThrottle.populateFromPreviousThrottle may be exposed to front-run attack

Lines of code Vulnerability details Impact RewardThrottle.populateFromPreviousThrottle allows ADMINROLE to use epochData from previousThrottle to populate state from activeEpoch to epoch in current RewardThrottle. function populateFromPreviousThrottleaddress previousThrottle, uint256 epoch extern...

Unsafe typecasting

Lines of code Vulnerability details Impact In the RToken.issueTo function unsafe typecasting of uint256 to int256 is performed while invoking the Throttle.useAvailable function. function issueToaddress recipient, uint256 amount public notPausedOrFrozen exchangeRateIsValidAfter requireamount 0,...

Unspent RSR can be stolen

Lines of code Vulnerability details Impact The BackingManager.handoutExcessAssets function sends all rsr that the BackingManager holds to the StRSR contract. This is done so that the rsr which is held by the BackingManager due to seizure from the StRSR contract can be sent back entirely to the...

Slashed amount may not be cover the staker reward payout

Lines of code Vulnerability details Impact Slashed amount may not be cover the staker reward payout Proof of Concept In the current fix, If the staked balance cannot cover the slashed amount, seize the staked balance. Staking staking = StakinggetContractAddress"Staking"; if staking.getGGPStakeown...

StRSR: attacker can steal excess rsr that is returned after seizure

Lines of code Vulnerability details Note: This issue deals with excess rsr that was seized from stRSR but is returned again. The M-12 issue also deals with excess rsr. However M-12 deals with the fact that not all rsr is returned to stRSR, whereas this issue deals with the fact that an attacker c...

Upgraded Q -> 2 from #157 [1676219053268]

Judge has assessed an item in Issue 157 as 2 risk. The relevant finding follows: L-08 No Storage Gap for BaseSmartAccount and ModuleManager --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #214 [1675930440482]

Judge has assessed an item in Issue 214 as 2 risk. The relevant finding follows: cenario 2 - Use node of node operator In this scenario the NodeOp registers for a duration longer then 14 days. The hacker will hijack the minipool after 14 days and earn rewards on behalf of the node operators node...

First depositor for the Vault can be front-run and have part of their deposit stolen

Lines of code Vulnerability details Description The first deposit with a totalSupply of zero shares will mint shares equal to the deposited amount. File: src/vault/Vault.sol 298: supply == 0 299: ? assets 300: : assets.mulDivsupply, totalAssets, Math.Rounding.Down; Link to Code File:...

Upgraded Q -> 3 from #664 [1675726122175]

Judge has assessed an item in Issue 664 as 3 risk. The relevant finding follows: L-2 ERC1155 Quest: withdrawRemainingTokens should factor in total number of receipts minted before withdrawal Issue: There may be users with unredeemed receipts who will not be able to claim if all the remaining toke...

Upgraded Q -> 3 from #619 [1675724566035]

Judge has assessed an item in Issue 619 as 3 risk. The relevant finding follows: The function withdrawRemainingTokens can be changed in a safer way to handle the withdraw from the owner and the protocol fee as well. This prevent risks allocated with the protocol fees. By the docs this function is...

Support for fee-on-transfer tokens

Lines of code Vulnerability details Impact The AddressDriver.sol do not support fee-on-transfer tokens. If the asset is a fee-on-transfer token, tokens received from users could be less then the amount specified in the transfer. The protocol could suffer a loss of funds. Proof of Concept function...

Unsafe casting of an int128 to uint128 can cause wrong accounting in _receiveDripsResult

Lines of code Vulnerability details Impact Unsafe casting of int128 to uint128 is dangerous and makes user receive more assets than they should. Proof of Concept state.amtDeltascycle can be a negative value. The delta value at each point is simply the relative change from the previous cycle. If...

AddressRegistry might have non-actual record

Lines of code Vulnerability details Impact AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers. Proof of Concept To register favorite NFT user calls register function from AddressRegistry. Then he sold this NFT to...

Other users cannot help a CIDNFT holder add subprotocols to the NFT

Lines of code Vulnerability details Impact Other users cannot approve and help CIDNFT holders add subprotocols to the NFT, breaking protocol specifications. Proof of Concept In the video walkthrough, around the 8 minute mark, it is mentioned that users can help NFT holders add subprotocols to the...

Reentrancy in callBatched

Lines of code Vulnerability details Proof of Concept The Caller contract implements callBatched function in order to execute a batch of calls within one call. The function has payable declaration to be able to send ETH inside the call. The NATSPEC is also provided in parallel; /// @notice Execute...

_transferFromCaller is not compatible with USDT and similar tokens

Lines of code Vulnerability details transferFromCaller is not compatible with USDT and similar tokens Summary Setting directly typeuint256.max won't work for USDTTether. This is done at both transferFromCaller: NFTDriver.solL289 AddressDriver.solL174 Description Some tokens like USDT do not work...

Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.

Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...

withdrawFee should only be allowed to called once.

Lines of code Vulnerability details Impact In the current implementation, the function withdrawFee can be called multiple times. It should only be allowed to called once. Calling more than once would let owner steal from legit users as there won’t be enough funds left for legit users to claim...

The onlyMinter modifier checks the wrong condition.

Lines of code Vulnerability details Impact In RabbitHoleReceipt.sol and RabbitHoleTicket.sol, receipts and tickets can be minted by anyone. Proof of Concept The first line inside the modifier can be passed without reverting for any callers. modifier onlyMinter msg.sender == minterAddress; ; Tools...

Mitigation of M-04: See comments

Lines of code Vulnerability details The PR does NOT fix the issue described in the finding, and instead addresses issue 45. The change breaks out of the loop, which solves the case where the price is the same as the lowest bid, but doesn't address the case where the price is higher than the lowes...

Lack of flexibility in updating cycle length leading to potential contract redeployment.

Lines of code Vulnerability details Impact function cycleOfuint32 timestamp private view returns uint32 cycle unchecked return timestamp / cycleSecs + 1; and function currCycleStart private view returns uint32 timestamp uint32 currTimestamp = currTimestamp; // slither-disable-next-line weak-prng...

Incorrect calculation

Lines of code Vulnerability details Impact On line 119, the result of the conversion is always going to be zero. Therefore, functions that apply onlyDriver modifier will never be executed. Proof of Concept Please deploy the code below to test the modifier's broken implementation. //...

Timeswap Options has no reentry check and is providing a set of flashloan with no fees

Lines of code Vulnerability details high-flashloan-provider @timeswap Impact In the file /package/v2-option/TimeswapV2Option.sol, There are a range of functions that has no Reentry check. As a consequence, when the contract call back msg.sender, an attacker can then reeentry in his own callee...

ERC1155Enumerable._removeTokenEnumeration() checks the removal condition wrongly.

Lines of code Vulnerability details Impact ERC1155Enumerable.removeTokenEnumeration checks the removal condition wrongly. As a result, the tokens with 0 total supply won't be removed from allTokens array at all. Proof of Concept removeTokenEnumeration checks the removal condition like below when ...

Lack of access control in certain functions within TimeswapV2LiquidityToken & TimeswapV2LiquidityToken contracts

Lines of code Vulnerability details Impact The TimeswapV2Token & TimeswapV2LiquidityToken contracts lack proper access control in sensitive functions such as mint, burn, collectFees, and updateFees. There is no modifier or "require" to check if the caller is allowed to call these functions. This...

_currentIndex is incorrectly updated; breaking the ERC1155 enumerable implementation

Lines of code Vulnerability details Impact When minting and burning tokens,the ERC1155Enumerable implementation does not correctly update the following states: uint256 private allTokens; mappinguint256 = uint256 private allTokensIndex; mappingaddress = uint256 internal currentIndex; In particular...