Options can be sold for tokens that have been destructed

Lines of code Vulnerability details Unlike OpenZeppelin's safeTransfer, solmate's version of the function does not check for contract existence before its low level calls are made. The foot-gun associated with this difference is that it's up to the caller to verify that the contract exists before...

Administrators can rug users

Lines of code Vulnerability details The Cudos Network is a special-purpose blockchain designed to provide high-performance, trustless, and permissionless cloud computing for all. To be considered trustless, both the incentives and the code must be aligned to prevent the possibility of...

Transfers Will Revert On Non-Standard ERC20 Token Contracts

Lines of code Vulnerability details Impact There are several contracts which do not utilise OpenZeppelin's SafeERC20 library when performing token transfers. The FactoryDAO suite of smart contracts intends to support transfers by all tokens, including non-standard tokens such as USDT which does n...

Users may send more ETH in the passThruGate()

Lines of code Vulnerability details Impact When a user send ETH via the withdraw of MerkleIdentity, It will call IPriceGatetree.priceGateAddress.passThruGatevalue: msg.valuetree.priceIndex, msg.sender;. passThruGate checks whether msg.value = gate.ethCost holds. If a user accidentally sends more...

Reward Token Transfer Failure Can Lead to Loss of Deposit in PermissionlessBasicPoolFactory

Lines of code Vulnerability details Impact If transfer of any reward token returns False or reverts for whatever reason, users who deposited will not be able to withdraw their deposit. A malicious pool creator could abuse this to lock tokens from victims by using two reward tokens, one...

In MerkleVesting.sol::withdraw check return value of ERC20 transfer or use safeTransfer of OZ

Lines of code Vulnerability details Impact MerkleVesting.solL173 tree.tokenBalance -= currentWithdrawal; IERC20tree.tokenAddress.transferdestination, currentWithdrawal; In case of failed transfer here it do not check return value of transfer. it updates the tree balance without transfering the...

COMP Distributions Can Be Manipulated And Duplicated Across Any Number Of Accounts

Lines of code Vulnerability details Impact The updateCompSupplyIndex and distributeSupplierComp functions are used by Compound to track distributions owed to users for supplying funds to the protocol. Bunker protocol is a fork of compound with NFT integration, however, part of the original...

Admin can manipulate nft prices by _setNftPriceOracle

Lines of code Vulnerability details impact setNftPriceOracle is an admin-only function which can set a new nftOracle. But there is no restriction in this function. An admin can set any oracle unconditionally. It could be used to manipulate nft prices in liquidateCalculateSeizeNfts. Proof of Conce...

amount requires to be updated to contract balance increase (17)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (15)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Deprecated oracle can return 0 as a price

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. Proof of Concept This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8...

Dutch Auction fails when maxDaSupply is not reached

Lines of code Vulnerability details Impact Dutch Auction fails when maxDaSupply is not reached Proof of Concept Dutch Auction should update finalPrice every time price decreases. However, currently fianlPrice is updated only when auction reaches full supply reserved for auction phase. 1. Alice bu...

Unbound loop can brick contract and freeze miner payments

Lines of code Vulnerability details Impact The payees array in the MinerPayer.sol contract can grow to an unbounded size. That means it could grow so large that the MinerPayer.release function can't loop through them all without triggering an out of gas error. Updating the payees array in the...

VaultCore's withdrawETH uses transfer function, which can be unusable for some smart contracts

Lines of code Vulnerability details Impact When a user wishes to withdraw their collateral from a WETH vault, the funds are returned to the user with msg.sender.transfer. Using transfer is not recommended anymore, especially for critical operations like withdrawing collateral from a vault as it...

PARMinerV2's liquidate can become stuck

Lines of code Vulnerability details PARMinerV2's liquidate can be run repeatedly for the same collateralToken with different arguments. For example, different Vaults can have the same token, so there can be unrelated runs with different vaultId / DEX data, but the same collateralToken and proxy. ...

SuperVault's leverageSwap and emptyVaultOperation can become stuck

Lines of code Vulnerability details leverageSwap and emptyVaultOperation can be run repeatedly for the same tokens. If these tokens happen to be an ERC20 that do not allow for approval of positive amount when allowance already positive, both functions can become stuck. In both cases logic doesn't...

Impossible to liquidate small amounts

Lines of code Vulnerability details Impact It might not be possible to liqudate small positions depending on the liquidateCallerReward. Function liquidate in PARMinerV2 first transfers liquidateCallerReward to the liquidator and then expects that the remaining par balance is greater than it was...

Unchecked oracle return value

Lines of code Vulnerability details Impact The return value bool success of oracle.get calls is ignored. This could lead to stale data or incorrect prices due to oracle issues. Proof of Concept NFTPairWithOracle.solL287 Change to bool success, uint256 rate = loanParams.oracle.getaddressthis,...

RewardsController Emission Manager Can Authorize Users to Claim on Behalf of the AaveV3YieldSource Contract and Siphon Yield

Lines of code Vulnerability details Impact The AaveV3YieldSource contract allows the manager or owner of the contract to claim rewards from Aave's rewards controller. However, there is an external dependency on this periphery Aave contract such that the emission manager of the RewardsController...

[WP-H1] A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details This is a well-known attack vector for new contracts that utilize pricePerShare for accounting. / @notice Calculates the number of shares that should be minted or burnt when a user deposit or withdraw. @param tokens Amount of asset tokens @return Number of...

Lender can adjust ltvBPS and instantly sieze collateral

Lines of code Vulnerability details Impact After the loan is accepted and is in the LOANOUTSTANDING phase, updateLoanParams allows the lender to update the TokenLoanParams.ltvBPS parameter. The require check allows for the parameters to change as long as they are favorable for the borrower, but...

Borrower can update loan parameters and force lender into accepting near-unliquidatable loan

Lines of code Vulnerability details Impact While loan is in LOANREQUESTED phase, the updateLoanParameters function can be called by the borrower to adjust TokenLoanParams.ltvBPS to a value that is very unfavorable for a prospective lender. Usually, this results in the loan not being accepted by a...

Fund theft in redeemToken() because of rounding in division

Lines of code Vulnerability details Impact When user use redeemToken to get his tokens and burn his shares in FeildSource because of rounding in division user's share balance decrease is going to be lower than corresponding withdraw amount in value. for example if token's decimal was 1 and...

Manager or owner can send rewards to any address

Lines of code Vulnerability details Impact In the claimRewards function, manager or owner can send rewards to any address. function claimRewardsaddress to external onlyManagerOrOwner returns bool requireto != address0, "AaveV3YS/payee-not-zero-address"; address memory assets = new address; assets...

User fund loss in supplyTokenTo() because of rounding

Lines of code Vulnerability details Impact When user use supplyTokenTo to deposit his tokens and get share in FeildSource because of rounding in division user gets lower amount of share. for example if token's decimal was 1 and totalSupply was 1000 and aToken.balanceOfFieldSource.address was 2100...

Cast to uint192 is unsafe

Judge @GalloDaSballo has assessed the 3rd item in QA Report 197 as Medium risk. The relevant finding follows: … Cast to uint192 is unsafe, user trying to deposit more than 2^192 would recevie less deposits balance. depositspidmsg.sender.amount += uint192amount; --- The text was updated...

Unsafe use of .transfer

Lines of code Vulnerability details Impact User funds can be locked by using a smart contract wallet with inefficient callback, or by future hardforks that change the gas consumption. address.transfer has been suggested to deprecate by most auditors, because of the potential OOG error. However,...

FlywheelCore's setFlywheelRewards can remove access to reward funds from current users

Lines of code Vulnerability details Impact FlywheelCore.setFlywheelRewards can remove current reward funds from the current users' reach as it doesn't check that newFlywheelRewards' FlywheelCore is this contract. If it's not, by mistake or with a malicious intent, the users will lose the access t...

Unlimited reward minting with Function Transfer in StakerVault (updates balances before calling userCheckpoint)

Lines of code Vulnerability details Impact The bug in "StakerVault.transfer" function which is externally callable is that first it is updating the balance of sender and receiver then it calls ILpGaugelpGauge.userCheckpoint for those addresses. Function userCheckpoint use balance of address to...

User can steal all rewards due to checkpoint after transfer

Lines of code Vulnerability details Impact I believe this to be a high severity vulnerability that is potentially included in the currently deployed StakerVault.sol contract also. The team will be contacted immediately following the submission of this report. In StakerVault.sol, the user...

Transfer return value is ignored

Impact Some ERC20 tokens, such as USDT, don't revert when transfer/transferFrom fails. The transfer return value has to be checked as there are some other tokens that returns false instead revert. safeTransfer should be used instead of transfer Proof of Concept safeTransferFrom should be used...

Wrong shareChange() function (vToken.sol)

Lines of code Vulnerability details Impact Users can get the wrong amount of vToken = Make users lose their fund Proof of Concept Base on the code in function shareChange in vToken.sol Assume that if oldShare = totalSupply 0, newShares = amountInAsset totalSupply - oldShares / assetBalance -...

ORACLE Data is not properly validated in ChainlinkPriceOracle.sol

Lines of code Vulnerability details Impact Price can be stale which can lead to wrong assetPerBaseInUQ return value Proof of Concept Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Tools Used Manual review, similar issue was found in yield...

Funding.getAmountOut returns zero when there is no discount set

Lines of code Vulnerability details Impact User provided asset funds will be lost, i.e. 100% to be frozen in the contract, as the system will not give away any Citadel in return. The issue is that when Funding's funding.discount is zero the getAmountOut will return zero for any given assetAmountI...

[WP-H13] LockPosition can be overwritten by new lockFor() which leads to user's funds loss

Lines of code Vulnerability details function lockFor address account, uint256 nftIndex, uint256 lockAmount external onlyOwner nonReentrant jpeg.safeTransferFromaccount, addressthis, lockAmount; positionsnftIndex = LockPosition owner: account, unlockAt: block.timestamp + lockTime, lockAmount:...

Use of deprecated oracle API in _normalizeAggregatorAnswer

Lines of code Vulnerability details Use of deprecated oracle API in normalizeAggregatorAnswer Likelihood low, impact high. The Chainlink latestAnswer function included in IAggregatorV3Interface and called in NFTVaultnormalizeAggregatorAnswer is considered deprecated and no longer included in the...

!_account.isContract() can be bypassed

Lines of code Vulnerability details Impact A contract in construction can bypass isContract to call deposit and withdraw functions in vaults/yVault/yVault.sol, farming/LPFarming.sol, and farming/yVaultLPFarming.sol. Also, Block contracts may cause DoS if someone uses multisig contracts as a calle...

Early Depositor can steal funds from subsequent depositors

Lines of code Vulnerability details Impact An early depositor to yVault.sol, preferably the first to deposit, will have the ability to steal funds from subsequent user deposits. The malicious user is able to do this by directly transferring tokens to either the yVault or Controller contracts...

JPEGLock lockups overwrite previous data

Lines of code Vulnerability details Impact If a user calls NFTVault.finalizePendingNFTValueETH a second time without first calling JPEGLock.unlock to recover their previous lockup, their balance will be overwritten leaving the previous lockup balance unrecoverable. Proof of Concept POC by adding...

Initial yVault deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into yVault is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the yVault token balance. Following depositors will loose their deposited funds due to...

Wrong lockFor can lost tokens

Lines of code Vulnerability details Impact If the owner incorrectly uses the lockFor method and calls it twice with the same nftIndex, it will overwrite the record and the deposited jpeg can never be retrieved. Proof of Concept Owner call lockForAlice,0,100; Owner call lockForBob,0,100; 100 token...

Locked amount incorrectly updated in JPEGLock.sol

Lines of code Vulnerability details Impact The lockAmount gets overwritten each time the lockFor function is called in JPEGLock.sol. If the function is called multiple times, the parameter will be updated wrongly. Proof of Concept The lockAmount parameter gets assigned with the amount locked each...

Undercollateralized loans possible

Lines of code Vulnerability details Impact The setPoolCollateralFactors function does not check that the collateral factor is 100%. It's possible that it's set to 200% and then borrows more than the collateral is worth, stealing from the pool. Recommended Mitigation Steps Disable the possibility ...

Not calling approve(0) before setting a new approval causes the call to revert when used with Tether (USDT)

Lines of code Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes of...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details Impact Wrong amount calculated for facilitatorTake Proof of Concept Arbitrary ERC20 tokens can be passed as loanAssetContractAddress. With a transfer, the received amount should be calculated every time to take into consideration a possible fee-on-transfer or...

Malicious users can frontrun borrowers trying to repay loans, causing DoS and possibly a loan default

Lines of code Vulnerability details Impact Attackers can listen for a borrower to call repayAndCloseLoan on a specific loanId, and frontrun their transaction with a call to lend, creating a new loan with an increased amount, causing the borrower's transaction to fail due to the new loanAmount bei...

Code credits fee-on-transfer tokens for amount stated, not amount transferred

Lines of code Vulnerability details Some ERC20 tokens, such as Tether USDT, allow for charging a fee any time transfer or transferFrom is called. Impact The code miscalculates whether the loan has been fully paid or bought out because it relies on the value of amounts passed in rather than the...

Loan buyouts can stick users with huge surprise bills

Lines of code Vulnerability details Impact If a small loan is bought out with a new loanAmount in the millions, so much interest can be charged that the borrower is unable to pay back the loan, essentially guaranteeing whales will be able to Seize NFTs. Proof of Concept The only requirement as it...

Unauthorized ERC20 changes

Lines of code Vulnerability details Impact It's possible by anyone to change the name and symbol of CToken. Proof of Concept The require was made in reverse condition, it checks that the sender must be different than admin in order to be able to change the name and symbol requiremsg.sender !=...

Lack of Limit on amount Allows Borrowers To Be Extorted For Interest Payments

Lines of code Vulnerability details Impact There is on limit on the upper bounds on the amount a lender may send to a borrower. Borrowers will then be forced to pay interest and facilitators fee on the full amount loaned. The impact for a borrower is that they may be forced to repay significantly...