Loan buyouts can stick users with huge surprise bills

Lines of code Vulnerability details Impact If a small loan is bought out with a new loanAmount in the millions, so much interest can be charged that the borrower is unable to pay back the loan, essentially guaranteeing whales will be able to Seize NFTs. Proof of Concept The only requirement as it...

Unauthorized ERC20 changes

Lines of code Vulnerability details Impact It's possible by anyone to change the name and symbol of CToken. Proof of Concept The require was made in reverse condition, it checks that the sender must be different than admin in order to be able to change the name and symbol requiremsg.sender !=...

Lack of Limit on amount Allows Borrowers To Be Extorted For Interest Payments

Lines of code Vulnerability details Impact There is on limit on the upper bounds on the amount a lender may send to a borrower. Borrowers will then be forced to pay interest and facilitators fee on the full amount loaned. The impact for a borrower is that they may be forced to repay significantly...

NonCustodialPSM.mint ignores mint buffer reduced amount, mostly disabling mint rate control

Lines of code Vulnerability details Impact VOLT minting rate control doesn't happen when RateLimited's doPartialAction is true as NonCustodialPSM doesn't use the returned amount value, minting the full amount even when it was reduced by current mint buffer size limitation. There are two issues wi...

Staking cooldown can be avoided for a part of the funds

Lines of code Vulnerability details Impact Part of the stake can be withdrawn immediately at any time. Proof of Concept Ratio between COOLDOWNPERIOD and UNSTAKEPERIOD = 2 only and should be much higher ex 5 or 10 l.28 COOLDOWNPERIOD = 864000; // 10 days ... UNSTAKEPERIOD = 432000; // 5 days Vario...

Not handling return value of transferFrom command can create inconsistency

Lines of code Vulnerability details The below transferFrom command is called at two places in the core contracts, followed by an emit event payableToken.transferFrommsg.sender,recipient,amount emit ......; The return value is not checked during the payableToken.transferFrom Impact In the event of...

CoreCollection.setRoyaltyVault doesn't check royaltyVault.royaltyAsset against payableToken, resulting in potential permanent lock of payableTokens in royaltyVault

Lines of code Vulnerability details Impact Each CoreProxy is allowed to be associated with a RoyaltyVault, the latter which would be responsible for collecting minting fees and distributing to beneficiaries. Potential mismatch between token used in CoreProxy and RoyaltyVault might result in minti...

Add a timelock to setPlatformFee()

Lines of code Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate. Here, no...

Non unique token ID might lead to collusion

Lines of code Vulnerability details Impact Token IDs are defined as concatenation of points, total supply + 1. The total supply can decrease when split process in progress. This means that the contract might try to mint a token with an ID which already exists. Proof of Concept 1. Navigate to the...

createProject can be frontrun

Lines of code Vulnerability details Impact This is dangerous in scam senario because the malicious user can frontrun and become the owner of the collection. As owner, one can withdraw paymentToken. note that collections.isForSale can be change by frontrunner Proof of Concept 1. Anyone can call...

LenderPool.terminate mix calculation between shares and tokens, resulting in incorrect amount of shares to be withdrawn from savings account

Lines of code Vulnerability details Impact While calculating the amount of shares to withdraw in LenderPool.terminate, principalWithdrawable which is amount of tokens is added to totalInterestInShares, and then passed to SAVINGSACCOUNT.withdrawShares. If tokens : shares are not 1 : 1, which is th...

[WP-H9] LenderPool.sol#start() startFeeFraction can be used by a malicious/compromised owner to rug lenders

Lines of code Vulnerability details A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address. The fee is not based on the gas cost, but on the totalLent of the pool. We believe this startFee reward is unnecessary and it creates a potential rug vector...

Result of transfer not checked

Lines of code Vulnerability details Impact A call to transfer is done without checking the results. For certain ERC20 tokens, if insufficient tokens are present, no revert occurs but a result of "false" is returned. So it's important and also a best practice to check this. Note that, in almost al...

Using payable.transfer functions in WithdrawFacet.sol and Libasset.sol is not usable for smart contract calls due to possible shortage of gas.

Lines of code Vulnerability details Impact Withdrawals and transferERC20 tokens are executed via transferERC20 and withdraw functions. Since these functions calls with a fixed amount of gas, it's not yet guaranteed to reach to the destination if the receiver is a smart contract. Proof of Concept...

Borrower funds can get stuck

Lines of code Vulnerability details Impact If request status is expired then full borrower collateral amount will get stuck as withdrawableCollateral will always be 0 even though borrower has repaid 90% of the amount Proof of Concept 1. User A deposit collateral against his request using...

[WP-H7] Infinite approval to an arbitrary address can be used to steal all the funds from the contract

Lines of code Vulnerability details function startBridgeAnyswapData memory anyswapData internal // Check chain id requireblock.chainid != anyswapData.toChainId, "Cannot bridge to the same network."; address underlyingToken = IAnyswapTokenanyswapData.token.underlying; if underlyingToken ==...

Interest accrued could be zero for small decimal tokens

Lines of code Vulnerability details Details & Impact Interest is calculated as principal.mulborrowRate.multimeElapsed.divYEARINSECONDS.divSCALINGFACTOR; It is possible for the calculated interest to be zero for principal tokens with small decimals, such as EURS 2 decimals. Accumulated interest ca...

Usage of deprecated Chainlink functions

Lines of code Vulnerability details Impact The Chainlink functions latestAnswer and getAnswer are deprecated. Instead, use the latestRoundData and getRoundData functions. Proof of Concept Go to and search for latestAnswer or getAnswer. You'll find the deprecation notice. Tools Used none Recommend...

Can steal collateral deposit

Lines of code Vulnerability details Impact The Collateral.deposit function mints initial shares equal to the deposited amount. The deposit / withdraw functions also use the strategyController.totalValue, which includes the strategy contract balance, to compute the shares. It's possible to increas...

Market Expiration is Not Enforced Onchain

Lines of code Vulnerability details Impact The expiryTime variable is stored in the PrePOMarket.sol contract but not enforced anywhere in the contract. As a result, if a public offering never comes to fruition, then finalLongPrice will never be set and hence users will be expected to redeem...

[WP-M10] Wrong formula of getSharesForAmount() can potentially cause fund loss when being used to calculate the shares to be used in withdraw()

Lines of code Vulnerability details In Collateral, the getter functions getAmountForShares and getSharesForAmount is using totalAssets instead of strategyController.totalValue, making the results can be different than the actual shares amount needed to withdraw a certain amount of baseToken and t...

getSharesForAmount returns wrong value when totalAssets == 0

Lines of code Vulnerability details Impact The getSharesForAmount function returns 0 if totalAssets == 0. However, if totalSupply == 0, the actual shares that are minted in a deposit are amount even if totalAssets == 0. Contracts / frontends that use this function to estimate their deposit when...

Market expiry behaviour differs in implementation and documentation

Lines of code Vulnerability details Description The docs say that “If a market has not settled by its expiry date, it will automatically settle at the lower bound of its Valuation Range.” However, in the implementation, the expiry date is entirely ignored. The default settlement after expiry is a...

No use of upgradeable SafeERC20 contract in Controller.sol

Lines of code Vulnerability details Impact Controller.sol makes use of Open Zeppelins ReentrancyGuardUpgradeable.sol in the file but does not use an upgradeable version of SafeERC20.sol Proof of Concept Tools Used Manual code review Recommended Mitigation Steps Make use of Open Zeppelins...

[WP-H17] Users will lose a majority or even all of the rewards when the amount of total shares is too large, due to precision loss

Lines of code Vulnerability details function getUpdatedAccTokenPerShareaddress baseToken public view returns uint256 uint256 accumulator = 0; uint256 lastUpdatedTime = poolInfobaseToken.lastRewardTime; uint256 counter = block.timestamp; uint256 i = rewardRateLogbaseToken.length - 1; while true if...

Governance Voting Dis-proportionally Favours Users Who Stake And Vote After A Poll Has Been Created And Had Its Snapshot Taken

Lines of code Vulnerability details Impact Polls are created by targeting the receivecw20 function which is queried whenever the contract receives tokens. By setting the hook message to Cw20HookMsg::CreatePoll, the sender is able to create a poll, assuming the amount sent satisfies the minimum...

Staking tokens can be stolen

Lines of code Vulnerability details Impact The staking contract keeps track of shares of each user. When withdrawing from the staking contract the amount parameter is converted to shares and this value is decreased shares = amount / totalbalance totalshare. This shares calculation rounds down whi...

Wrong implementation of OperatorResolver::areOperatorsImported

This issue has been created to upgrade a QA report submission to a medium severity finding. From kenzo: Wrong implementation of OperatorResolver::areOperatorsImported The function as implemented will return true if the operators have same implementation but different selector, or different...

Private sale replay attack

Lines of code Vulnerability details Impact The private sale signature used in buyFromPrivateSaleFor does not prevent replay attacks. If the NFT ends up in the original seller's wallet again within the deadline it can be purchased from them again. POC S sells to B using a private sale. S creates a...

Rare scenario where seller can steal NFT after an auction by creating an offer for it through reentrancy

Lines of code Vulnerability details Impact It's a very specific scenario. The seller auctions off an NFT. If the buyer relists it directly while keeping the token in the escrow, the seller has the opportunity to steal it. They do it by creating an offer for it and accepting it. Proof of Concept...

_getCreatorPaymentInfo() is Not Equipped to Handle Reverts on an Unbounded _recipients Array

Lines of code Vulnerability details Impact The getCreatorPaymentInfo function is utilised by distributeFunds whenever an NFT sale is made. The function uses try and catch statements to handle bad API endpoints. As such, a revert in this function would lead to NFTs that are locked in the contract...

Can drain ETHERBASE

Lines of code Vulnerability details Impact The postIncomingMessages function tops up the contract with the gas token in topUpBalance. Note that the amount of gas tokens to be topped up from the ETHERBASE contract depends on msg.sender.balance, the caller's gas token balance. Attackers with a zero...

Front-Runnable Initializer on pre-determined address

Lines of code Vulnerability details Impact Traditionally, the risk-level from a front-runnable initializer issue is low. However, in this case, it's different. It is mentioned that Delegator.sol is instantiated via CREATE2, which is deterministic. The only protection that can be seen here is...

IERC4626RouterBase - withdraw - slippage does not work

Lines of code Vulnerability details Impact The router does not have the intended behavior: according to the EIP , withdraw burn shares to withdraw exactly assets, so the slippage protection should protect the user from burning too many shares. Furthermore, comments in the interface are incorrect ...

Ownership of Swap.vy cannot be transferred

Lines of code Vulnerability details Impact Ownership transfer function of Swap.vy is commented out. Fund can be stuck if an AMM and governance change/upgrade is required. Proof of Concept --- The text was updated successfully, but these errors were encountered: All reactions...

QA Report

1. VUSD.sol - withdrawals list can become too large so normal users will cost more gas to withdraw. Impact Function withdraw do not have check for amount 0, an user can call it infinite time and make withdrawal list too large And because the function processWithdrawals processes withdrawals in...

The initialize() function can be called first by an attacker

Lines of code Vulnerability details Impact In Delegation.sol the initialize function sets the owner of the contract and can only be called once. The problem is that an attacker can monitor the blockchain byte code and call the initialize function first automatically before the protocol has a chan...

User can't create TurboSafe through TurboMaster.createSafe()

Lines of code Vulnerability details Impact A user can't create a safe because of the requiresAuth modifier in createSafe. Neither directly through the TurboMaster contract nor through the router. Proof of Concept Here's the test file I used to confirm it. I had to modify the contracts a little bi...

Mint does not produce the intended amount of shares

Lines of code Vulnerability details Resubmitting this issue with a better explanation, apologize for the double submit. Impact In the mint function, it should produce shares token, but there is an inattention mistake and it produces amount tokens. Proof of Concept Assume the contract manages 1000...

Reentrancy in depositBribeERC20

Lines of code Vulnerability details Description The contract was found vulnerable to Reentrancy attack. It was noticed that the function depositBribeERC20 makes an external call to another untrusted address or a contract before it resolves any effects at line "" If the attacker controls the...

ThecosomataETH.addLiquidity can be subject to sandwich attack

Lines of code Vulnerability details Impact Liquidity addition can happen at a manipulated pool state and result in receiving fewer LP shares than actual market state dictates Proof of Concept addLiquidity measures slippage based on the pool returned amount via calctokenamount: Pool returned amoun...

authenticate modifier can be bypassed

Lines of code Vulnerability details Impact In TurboRouter.sol the authenticate modifier checks if the msg.sender is equal to the owner function of an arbitrary address provided by the caller. Anyone can simply make a contract of the same type with the owner function returning an address that equa...

Name squatting

Lines of code Vulnerability details Impact Creating profiles through LensHub/PublishingLogic.createProfile does not cost anything and will therefore result in "name squatting". A whitelisted profile creator will create many handles that are in demand, even if they don't need them, just to flip th...

Potential for reentrancy on USDMPegRecovery.sol:withdraw()

Lines of code Vulnerability details Impact Re-entrancy Proof of Concept File: USDMPegRecovery.sol 110: function withdrawLiquidity calldata withdrawal external 111: Liquidity memory total = totalLiquidity; 112: Liquidity memory user = userLiquiditymsg.sender; 113: ifwithdrawal.usdm 0 114:...

[WP-H8] ConvexStakingWrapper.sol#_calcRewardIntegral Wrong implementation can disrupt rewards calculation and distribution

Lines of code Vulnerability details uint256 bal = IERC20reward.token.balanceOfaddressthis; uint256 dreward = bal - reward.remaining; // send 20 % of cvx / crv reward to treasury if reward.token == cvx || reward.token == crv IERC20reward.token.transfertreasury, dreward / 5; dreward = dreward 4 / 5...

unsafe cast can lead to theft

Lines of code Vulnerability details in the first link I provided, a hacker can call withdraw with amount = 2196, the amount of shares that will be burned is uint1922192 == 0. if the system has enough money, the hacker can steal 2192 tokens and pay nothing. for the second link, a user that provide...

Sale operator may frontrun purchases in order to modify the price arbitrarily

Lines of code Vulnerability details Impact Buyer's cannot set a minimum amount of CTDL that they will expect so BadgerDAO can force them to receive a smaller amount than expected. Proof of Concept The buy function only allows the buyer to specify an amount of tokenIn to send to the contract and...

[WP-H2] Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders Owner to send transactions finalize to finalize the sale before the buyers can claim the tokenOut from the contract. function finalize external onlyOwner require!finalized, "TokenSale: already finalized";...

Two pairs can have same tokens

Handle sirhashalot Vulnerability details Impact The createLPoolPair function in ControllerV1.sol tries to prevent a pair from being create if it already exists. It does this with the statement requirelpoolPairstoken0token1.lpool0 == address0 || lpoolPairstoken1token0.lpool0 == address0, 'pool pai...

Flash loan price manipulation in purchasePyroFlan()

Handle sirhashalot Vulnerability details Impact The comment on line 54 of FlanBackstop.sol states "the opportunity for price manipulation through flash loans exists", and I agree that this is a serious risk. While the acceptableHighestPrice variable attempts to limit the maximum price change of t...