Pair creation can be denied

Handle cmichel Vulnerability details The LaunchEvent.createPair requires that no previous pool was created for the WAVAX token pair. function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; // @audit grief: anyon...

Launch event creation can be denied 2

Handle cmichel Vulnerability details The RocketJoeFactory.createRJLaunchEvent requires that no previous pool was created for the WAVAX token pair. function createRJLaunchEvent address issuer, uint256 phaseOneStartTime, address token, uint256 tokenAmount, uint256 tokenIncentivesPercent, uint256...

The amount of tokens received by the pool might be less than expected for feeOnTransfer tokens

Handle UncleGrandpa925 Vulnerability details Impact This issue impacts any pools that use fee-on-transfer quoteTokens. The codebase is inspired by Uniswap, with one important change: the router is built right into the pool themselves. In addLiquidity, after having updated all internal parameters...

Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...

Add a timelock to ExchangeFactory.sol:setFeeAddress() (function that sets a key variable)

Handle Dravee Vulnerability details Impact To give more trust to users: functions that set key/critical variables should be put behind a timelock. Proof of Concept Here, a malicious owner could set the feeAddress to his own and the fee from liquidity tokens that get minted would get stolen: . As...

Fee always is zero in the first addLiquidity call

Handle 0x1f8b Vulnerability details Impact Fee always is zero during the first addLiquidity call. Proof of Concept The method MathLib.calculateLiquidityTokenFees is on charge to compute the liquidityToken fee, one of the arguments it's the totalSupply, and during the first call of addLiquidity...

[WP-M1] BURNER_ROLE can burn any amount of L2LivepeerToken from an arbitrary address

Handle WatchPug Vulnerability details function burnaddress from, uint256 amount external override onlyRoleBURNERROLE burnfrom, amount; emit Burnfrom, amount; Using the burn function of L2LivepeerToken, an address with BURNERROLE can burn an arbitrary amount of tokens from any address. We believe...

Admin can rug L2 Escrow tokens leading to reputation risk

Handle harleythedog Vulnerability details Impact The L1Escrow contract has the function approve that is callable by the admin to approve an arbitrary spender with an arbitrary amount so they can steal all of the escrow's holdings if they want. Even if the admin is well intended, the contract can...

Wrong logic in L2ArbitrumMessenger

Handle 0x1f8b Vulnerability details Impact Current logic doesn't work. Proof of Concept The method sendTxToL1 inside the contract L2ArbitrumMessenger has a wrong logic, it convert the value 100 to an address, in order to call sendTxToL1 method, but this converted address will never work, so the...

Accounting for non-standard ERC20 fees

Handle Dravee Vulnerability details Impact Bad accounting in case of non-standard ERC20 tokens Proof of Concept Vault.sol 105: IERC20token.safeTransferFromfrom, addressthis, amount; 106: 107: balance += amount; Vault.sol 136: IERC20token.safeTransferFromfrom, addressthis, amount; 137: balance +=...

[WP-H20] Wrong implementation of withdrawRedundant() allows the Vault owner to drain all the funds

Handle WatchPug Vulnerability details Based on the context, withdrawRedundant intends to disallow the owner to withdraw more Vault tokens than the surplus amount. However, the current implementation is wrong, which allows the Vault owner to drain all the funds. function withdrawRedundantaddress...

Missing slippage/min-return check in NonUSTStrategy

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...

[WP-H2] NonUSTStrategy.sol Improper handling of swap fees allows attacker to steal funds from other users

Handle WatchPug Vulnerability details NonUSTStrategy will swap the deposited non-UST assets into UST before depositing to EthAnchor. However, the swap fee is not attributed to the depositor correctly like many other yield farming vaults involving swaps ZapIn. An attacker can exploit it for the sw...

Possible griefing attack on vault setStrategy

Handle harleythedog Vulnerability details Impact In the function setStrategy within Vault.sol, there is a requirement that strategy.investedAssets == 0 so that no funds are left stuck in the strategy. A malicious user could strategically transfer 1 wei of underlying to the strategy or any other...

Reentrancy vulnerability allows attacker to gain more shares than deserved

Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...

Debt created during mint is arbitragable

Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...

burn() doesn't call ERC721 _burn()

Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...

DOS - preventing users from locking assets

Handle egjlmn1 Vulnerability details An attacker can prevent any user from locking assets due to the unsafe id generation for the nfts. The id is generated by using only the amount deposited, the duration to lock and the totalSiupply of nfts. The first two are easy for the attacker to copy, so al...

no check that proposed owner is not the contract itself

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the proposeOwnership function sets a pending owner but does not check to make sure that the newOwner is not the contract itself. This check is important to not risk setting the owner to an address that cannot be changed...

XSS in uri token

Handle 0x1f8b Vulnerability details Impact It could be produced an XSS. Proof of Concept The method tokenURI could be used with an arbitrary IPair, if this pair is composed with a specific symbol, it could be produced an uri with XSS inside the SVG file, it will produce an stored XSS. Reference:...

_lock Performs An Improper Check When Enforcing The MAX_TOTAL_XDEFI_SUPPLY Constraint

Handle leastwood Vulnerability details Impact The lock function intends to lock users' XDEFI tokens for a predetermined duration. The contract contains a MAXTOTALXDEFISUPPLY constraint which aims to prevent total deposits from exceeding this amount. However, lock does not check this correctly and...

no reentrancy guard on mint() function that has a callback

Handle jayjonah8 Vulnerability details Impact In CollateralizedDebt.sol, the mint function calls safeMint which has a callback to the "to" address argument. Functions with callbacks should have reentrancy guards in place for protection against possible malicious actors both from inside and outsid...

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

Handle cccz Vulnerability details Impact There is a reentrancy vulnerability in the safeMint function function safeMint address to, uint256 tokenId, bytes memory data internal virtual mintto, tokenId; require checkOnERC721Receivedaddress0, to, tokenId, data, "ERC721: transfer to non ERC721Receive...

StabilityPool.receiveCollateral function doesn't have access control

Handle dalgarim Vulnerability details Impact The comment on the "StabilityPool.receiveCollateral" function states that this function should be called by ActivePool. However this function doesn't implement access control which checks whether the caller is actually ActivePool or not. As this functi...

Pool Manager can frontrun fees to 100% and use it to steal the value from users

Handle pedroais Vulnerability details Impact Pool Manager can front-run entry fee to 100% and users could lose all their deposits Proof of Concept Considering : The pool manager is the creator of the pool Anyone can create a pool Manager is not a trusted actor Anyone can create a pool and get...

Fee not decayed if past decayTime

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.calculateDecayedFee function is supposed to decay the lastFeePercent over time. This is correctly done in the decay 0 && decay decayTime case it does not decay at all but should set it to 0 instead.. if decay 0 && decay...

Unbounded number of Collateral

Handle gzeon Vulnerability details Impact Each additional collateral will increase gas required for many operations, e.g. Liquidation. If there are too many collateral it may exceed the block gas limit. Proof of Concept Recommended Mitigation Steps Define a max number of collateral asset --- The...

Unwhitelisted token can cause disaster

Handle csanuragjain Vulnerability details Impact Contract instability and financial loss. This will happen if one of the allowed contract calls sendCollaterals with non whitelisted token may happen with user input on allowed contract Proof of Concept 1. Navigate to contract at 2. Assume...

Basket's max cap can be surpassed due to beneficiary entry fee

Handle kenzo Vulnerability details When joining a basket, the function verifies that the total supply + tokens the user asks to mint is smaller than the basket's max supply. However, this doesn't take into account the fact that additional tokens will be minted if there's an entry fee beneficiary...

NFTXStakingZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXStakingZap provides an interface for users to interact with NFTX vaults by adding ERC1155/ERC721 tokens as liquidity. The addLiquidity721WETH and addLiquidity1155WETH functions perform strict equality checks on the vaults balance for the...

No checks in setAddresses() functions

Handle jayjonah8 Vulnerability details Impact Since the setAddresses functions can only be called once during deployment and passes in many addresses which are set in storage, its important to have safety checks ensuring that there are no duplicate addresses which can easily happen while passing...

Yearn token <> shares conversion decimal issue

Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...

It is possible to liquidate not existing account

Handle 0x0x0x Vulnerability details It is possible to liquidate an address for any product when collateral = maintenance = 0. So in other words, if a user have never used a product and deposited collateral, the user can get liquidated blacklisted from the product by anyone, since a liquidated...

No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation

Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...

Malicious Promotion Creators Can Drain Token Balances

Handle leastwood Vulnerability details Impact The createPromotion allows any user to create and fund promotions for a specific number of epochs. Ticket holders are entitled to a percentage of the rewards based on their TWAB. createPromotion references a ticket address which can be controlled by t...

Possibility to drain TwabRewards smart contract tokens

Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing rogue ticket contract Proof of Concept The vulnerability arises because of inconsistent check of requireTicket in createPromotion requireTicketticket; function requireTicketaddress ticket internal vi...

Missing Check When Transferring Tokens Out For A Given Promotion

Handle leastwood Vulnerability details Impact The claimRewards function is called upon by ticket holders who parse a set of epochIds they wish to claim rewards on. An internal call is made to calculateRewardAmount to calculate the correct reward amount owed to the user. Subsequently, the...

If a promoter cancels a promotion, unclaimed rewards of ticket holders are lost

Handle hubble Vulnerability details Impact Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch. Proof of Concept contract : TwabRewards function : cancelPromotion line 132 delete...

Possibility to drain SavingsAccount contract assets

Handle kemmio Vulnerability details Impact A malicious actor can manipulate switchStrategy function in a way to withdraw tokens that are locked in SavingsAccount contract the risk severity should be reviewed Proof of Concept Firstly an attacker need to deploy a rogue strategy contract implementin...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

Wrong emergencyWithdraw logic

Handle 0x1f8b Vulnerability details Impact The contract doesn't work as expected. Proof of Concept The method, emergencyWithdraw inside the contract yield/NoYield doesn't work as expected, the transfer was done with received value, and it should be done with amount, so the emergencyWithdraw never...

Governor can steal funds from vaults

Handle 0x0x0x Vulnerability details reclaimTokens function is as follows function reclaimTokensaddress to, address memory tokens external nonReentrant requirenft 0, ExceptionsLibrary.INITIALIZATION; IProtocolGovernance governance = vaultGovernance.internalParams.protocolGovernance; bool...

AaveVault is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details In the current implementation of AaveVault, tvl is only updated after each deposit/withdraw, which means unclaimed yields won't be included in tvl until someone deposit/withdraw, making it vulnerable to flashloan sandwich attack that steals pending yields. Po...

Tokens can be stolen when depositToken == rewardToken

Handle cmichel Vulnerability details The Streaming contract allows the deposit and reward tokens to be the same token. I believe this is intended, think Sushi reward on Sushi as is the case with xSushi. The reward and deposit balances are also correctly tracked independently in depositTokenAmount...

Improper implementation of arbitraryCall() allows protocol gov to steal funds from users' wallets

Handle WatchPug Vulnerability details function arbitraryCalladdress who, bytes memory data public lock externallyGoverned // cannot have an active incentive for the callee requireincentiveswho == 0, "inc"; ... When an incentiveToken is claimed after endStream, incentiveswho will be 0 for that...

depositToken has to be not equal rewardToken

Handle 0x0x0x Vulnerability details Creating a stream, where depositToken == rewardToken might be a use case. But since amounts of both of them are accumulated in different variables and there is a recoverTokens function. When depositToken == rewardToken, one can easily organize scams using strea...

Broken logic if rewardToken == depositToken

Handle gzeon Vulnerability details Impact There doesn't seems to be anything to prevent one the deploy a Stream with rewardToken == depositToken. If rewardToken == depositToken, some logic might be broken. Proof of Concept For example, 1. recoverTokens logic would be broken because it does not...

This protocol doesn't support all fee on transfer tokens

Handle 0x0x0x Vulnerability details Some fee on transfer tokens, do not reduce the fee directly from the transferred amount, but subtracts it from remaining balance of sender. Some tokens prefer this approach, to make the amount received by the recipient an exact amount. Therefore, after funds ar...

recoverTokens did not consider depositTokenFlashloanFeeAmount

Handle gzeon Vulnerability details Impact In recoverTokens, when token == depositToken, the excess is defined as follow excess = ERC20token.balanceOfaddressthis - depositTokenAmount - redeemedDepositTokens; Instead we should also consider depositTokenFlashloanFeeAmount gained from flashloan fee...