# configureLP function should check LP stakers present before changing LP address.

Lines of code Vulnerability details configureLP function should check LP stakers existence before changing LP address. Permitted users are allowed to change LP address when lpLocked is false. So this does not follow the comments above. Proof of concept 1701 This function allows a permitted user t...

Staking BYTES to Citizen does not extend timelock, allowing attacker to manipulate totalPoints with flash loan

Lines of code Vulnerability details Impact In NeoTokyoStaker, BYTES token can be staked into a Citizen. First, the Citizen must be staked, it will be locked for a timelock duration in Staking contract. Staker want to stake BYTES can specify this Citizen ID and stake into it. However, when users...

the S1 Citizen and S2 Citizen loops in the second getStakerPositions are not working properly

Lines of code Vulnerability details Impact This can result in the second loop not running correctly and resulting in an error in the logic, in case if the length of the stakerS1Positionstaker or stakerS2Positionstaker arrays is very large, the operation of adding or subtracting the index on...

Ability to receive LP rewards without having any LP staked

Lines of code Vulnerability details Impact The impact of this is high as a user is able to first stake LP tokens, then craftily withdraw them in specific increments without any change to their staking rewards. The user is able to get to a state in which they have 0 LP tokens staked, but have 0 LP...

Huge over calculating user rewards

Lines of code Vulnerability details Impact Huge over calculating user rewards When user claim rewards for the first time rewards over calculated Proof of Concept getPoolReward function uses ''uint256 timeSinceReward = block.timestamp - lastRewardTime'' formula to calculate period of time that...

Rounding division error could occur in the receiveRandomNumber function

Lines of code Vulnerability details Impact This rounding division error could result in the prize pool being drained over time if it occurs repeatedly, as the actual amount of prizes awarded would always be slightly less than the intended amount. Proof of Concept drawRewardSizedrawFinalized,...

No sanity check on drawCoolDownPeriod can lead to frontrun attacks on jackpot prize

Lines of code Vulnerability details Impact During the construction of the LotterySetup, there is no sanity check on drawCoolDownPeriod. If its set to zero, then there will be no cool down period, players can buy the lottery tickets at any time until the draw. Once lottery setup is complete with...

expected outgoing rewards for non-jackpot tiers are not normalized

Lines of code Vulnerability details Impact When calculating new profit, the calculation for non-jackpot rewards are not normalized and will be largely overestimated, due to the additional percentage scaling. This will lead to the excess pot for participants being much lower and hence failing to...

Ticket: Owner of winning ticket can frontrun secondary sales

Lines of code Vulnerability details The Wenwin docs note that tickets "can be traded on the secondary market before or after the draw," since they are standard ERC721 tokens. After a ticket draw, the owner of a winning ticket may call LotteryclaimWinningTickets, which transfers lottery winnings t...

The Lottery Contract's Lack of Safeguards May Lead to Insufficient Funds for Jackpot Payouts

Lines of code Vulnerability details While it may be true that the probability of the scenario happening is low, it does not necessarily mean that the issue should not be considered valid. A low probability does not mean that the vulnerability should be ignored, especially if it can lead to a loss...

Expected payout should not be determined off-chain

Lines of code Vulnerability details Impact Loss of profit and depletion of funds, the latter of which implies that some tickets will be unclaimable. Proof of Concept There is no guarantee to the correctness of LotterySetupParams.expectedPayout, which can be set freely within bounds in...

Transaction failure due to out of gas.

Lines of code Vulnerability details Impact Transaction failure due to out of gas. Proof of Concept The DAO protocol allows users to deposit any tokens.If a bad actor create a fake token and deposit to the protocol,then contact the appropriate person for a refund. A malicious person adds malicious...

Owner unable to withdraw the amount since depositDeadline values already expired

Lines of code Vulnerability details Impact The stakermsg.sender lose his amount permanently once depositDeadline is over Proof of Concept DEPOSIT : function deposituint256 amount external override onlyOwner // slither-disable-next-line timestamp if block.timestamp depositDeadline revert...

Loss of funds when buying tickets with no frontend

Lines of code Vulnerability details When tickets are bought, the protocol allows to specify a frontend that will receive a percentage of the ticket fee as rewards 10% for the current setup. However, if this input is left empty during purchase, frontend rewards will still be counted and associated...

Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards

Lines of code Vulnerability details Impact Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards Proof of Concept When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while...

Calculation in calculateNewProfit function is broken when jackpot is not won

Lines of code Vulnerability details The function calculateNewProfit present in the LotteryMath library is used when finalizing the current draw in the Lottery to track and update the currentNetProfit variable in the contract. function calculateNewProfit int256 oldProfit, uint256 ticketsSold,...

ActivePool.sol – Re-entrancy risk on _rebalance function

Lines of code Vulnerability details The rebalance function is vulnerable to a reentrancy attack. Specifically, an external callee can take over the control flow of the function by calling back into the ActivePool contract via a method that triggers the rebalance function again before it completes...

StabilityPool.sol – Re-entrancy risk on withdrawfromSP()

Lines of code Vulnerability details The withdrawFromSP function in the StabilityPool contract is vulnerable to a reentrancy attack through the sendLUSDToDepositor function. The sendLUSDToDepositor function is vulnerable because it transfers LUSD tokens and LQTY gains before updating state...

STRATEGIST still can assign a higher percentage into the withdrawMaxLoss, which may lead to a very higher risk for users to lose the principle sent as a collateral

Lines of code Vulnerability details Impact Within the ReaperVaultV2updateWithdrawMaxLoss above, the user who has a STRATEGIST role still can assign a higher percentage i.e. 99% = 9999 into the withdrawMaxLoss. This lead to a very higher risk for users to lose the principle sent as a collateral if...

The _allocBPS field from strategy struct can be 0 this will make the strategy irrevocable

Lines of code Vulnerability details Impact No sanity check will make a strategy irrevocable Proof of Concept The addStrategy function can be used to add a strategy, there are multiple sanity checks inside the function however there is missing a very important one, there is no check for allocBPS !...

Attacker contract can avoid being blocked

Lines of code Vulnerability details Impact A Malicious attacker can interact with the system and selfdestruct his own contract then use CREATE2 to recreate it at same address when he needs to interact with the system again. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps...

First staker staking can lead to unfair profiting

Lines of code Vulnerability details Impact A caller is able to drain all of the fees from the pool if the caller stakes prior to totalLQTYStaked, in the LQTYStaking contract, being greater than 0. When the protocol is first deployed, FLUSD is zero. It is increased when troves are opened. If a...

Users would lose some shares during withdrawal in ReaperVaultV2._withdraw().

Lines of code Vulnerability details Impact ReaperVaultV2.withdraw burns 100% of shares even if the vault balance is less than the required underlying amount. As a result, users would lose some shares during withdrawal. Proof of Concept Users can receive underlying tokens by burning their shares...

Price manipulation attack

Lines of code Vulnerability details Impact The PriceFeed.sol was marked OOS but I believe this to be a valid issue. If the chainlink feed fails which is does from time to time, the Tellor price feed takes over no matter what the delta is compared to the chainlink price. This is an issue because t...

Callback tokens can cause re-entrancy

Lines of code Vulnerability details Description There are many places in the code where token transfers are in the middle of a function more specifically, both after and before state changes. It is very important not to pass control to untrusted code in these calls, as they could potentially...

Upgraded Q -> 2 from #298 [1677237168746]

Judge has assessed an item in Issue 298 as 2 risk. The relevant finding follows: 01 MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL DripsHub.setSplits FUNCTION TO FRONTRUN OTHER USER'S DripsHub.split FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS Based on the current...

KUMASwap.buyBond() is vulnerable to being used for reentry attacks

Lines of code Vulnerability details Impact KUMASwap.buyBond could be exploited for some kind of reentry attack now or in the future Proof of Concept KUMASwap.buyBond may trigger a callback to the sender's contract before the following statements being executed: updateMinCoupon;...

KUMASwap.buyBond :- Clone token + KUMABondToken transfer for a single KUMABondToken id.

Lines of code Vulnerability details Impact The KUMASwap.buyBond mints KBCTokens clone token for every KUMABondToken whose bondFaceValue is greater than realizedBondValue. If bondFaceValue is not greater than realizedBondValue a simple KUMABondToken transfer is done to the caller. function...

Multiple KBCTokens can be minted fir single KUMABondToken id.

Lines of code Vulnerability details Impact The KUMASwap.buyBond mints KBCTokens clone token for every KUMABondToken whose bondFaceValue is greater than realizedBondValue. function buyBonduint256 tokenId external override whenNotPaused whenNotDeprecated IKUMAAddressProvider KUMAAddressProvider =...

KUMAFeeCollector.changePayees() executes incorrectly when newPayees contains duplicate items

Lines of code Vulnerability details Impact When calling KUMAFeeCollector.changePayees with duplicate payees in newPayees, the call is not reverted and the result state will be incorrect. Proof of Concept Contract KUMAFeeCollector does not support duplicate payees. The transaction will revert when...

The latest malt price can be less than the actual price target and StabilizerNode.stabilize will revert

Lines of code Vulnerability details Impact StabilizerNode.stabilize will revert when latestSample priceTarget and msgSender is not an admin and not whitelisted, it asserts livePrice minThreshold. And minThreshold is calculated as follows: uint256 priceTarget = maltDataLab.getActualPriceTarget;...

SwingTraderManager.addSwingTrader() shouldn't push the traderId to activeTraders array if active = false.

Lines of code Vulnerability details Impact After adding an inactive trader using addSwingTrader, activeTraders array will contain an inactive trader. Furthermore, if the inactive trader is toggled to active using toggleTraderActive, activeTraders array will contain the trader twice and the main...

RewardThrottle: If an epoch does not have any profit, then there may not be rewards for that epoch at the start of the next epoch.

Lines of code Vulnerability details Impact In RewardThrottle, both checkRewardUnderflow and fillInEpochGaps call fillInEpochGaps to fill the state of the previous epoch without profit, the difference being that checkRewardUnderflow will request the reward from the overflowPool and distribute the...

_distributeProfit will use the stale globalIC.swingTraderCollateralDeficit()/swingTraderCollateralRatio(), which will result in incorrect profit distribution

Lines of code Vulnerability details Impact The distributeProfit called by handleProfit will use globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio when distributing profits, and the latest globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio needs to be used to ensure th...

RewardThrottle.populateFromPreviousThrottle may be exposed to front-run attack

Lines of code Vulnerability details Impact RewardThrottle.populateFromPreviousThrottle allows ADMINROLE to use epochData from previousThrottle to populate state from activeEpoch to epoch in current RewardThrottle. function populateFromPreviousThrottleaddress previousThrottle, uint256 epoch extern...

Unspent RSR can be stolen

Lines of code Vulnerability details Impact The BackingManager.handoutExcessAssets function sends all rsr that the BackingManager holds to the StRSR contract. This is done so that the rsr which is held by the BackingManager due to seizure from the StRSR contract can be sent back entirely to the...

Upgraded Q -> 3 from #510 [1675932827359]

Judge has assessed an item in Issue 510 as 3 risk. The relevant finding follows: In red are the state transitions that can only be performed with special privileges recreateMinipool: The following transitions will be performed Withdrawable-PreLaunch Error-PreLaunch createMinipool: will perform th...

Upgraded Q -> 2 from #214 [1675930440482]

Judge has assessed an item in Issue 214 as 2 risk. The relevant finding follows: cenario 2 - Use node of node operator In this scenario the NodeOp registers for a duration longer then 14 days. The hacker will hijack the minipool after 14 days and earn rewards on behalf of the node operators node...

First deposit can break share calculation

Lines of code Vulnerability details Impact Vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept 147: shares = convertToSharesassets - feeShares; If feeShares = 0 the first depositor of Vault can...

Core functionality is not working due to revert in _verifyCreatorOrOwner()

Lines of code Vulnerability details Impact It is not possible to pause/unpause vaults and adaptors nor add staking reward tokens since the verifyCreatorOrOwner function reverts due to a logical error. Proof of Concept The following logic is used to determine if msg.sender is a creator or owner of...

Vault creator can prevent users from claiming staking rewards

Lines of code Vulnerability details Impact Vault creator can prevent users from claiming rewards from the staking contract. This can boost his liquidity and lure depositors to stake vault tokens. He can present a high APY and low fee percentage which will incentivize stakers When the staking...

MultiStakingReward.sol assumes all RewardTokens are in 18 decimal places

Lines of code Vulnerability details Impact Calculation of accrued rewards will be affected. Proof of Concept The function accrueRewards is called anytime rewards needs to be accrued. The variable supplyTokens is the total supply of the reward token. deltaIndex is calculated by taking the accrued ...

MultiRewardStaking claimRewards() reentrancy for ERC-777 reward tokens

Lines of code Vulnerability details Impact A hacker can drain an ERC-777 reward token funds via reentrancy. This is because in the claimRewards function, the transfer of the reward token which triggers the hacker's ERC-777 hook takes place before setting accruedRewardsuserrewardTokensi to zero...

inital share manipulation attack possible in Vault

Lines of code Vulnerability details Description This is the classic share inflation attack described here: The popcorn Vault is an abstraction on top of other vaults which acts like adapters to wrap other yield bearing protocols. Hence the asset in Vault are the shares in this adapter. An early...

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of supplierDelta

Lines of code Vulnerability details Impact Reward deltaIndex in accrueRewards is multiplied by 10decimals but eventually divided by rewards.ONE which is equal to 10IERC20MetadataaddressrewardToken.decimals in accrueUser. If the number of decimals in MultiRewardEscrow share token differs from the...

First depositor for the Vault can be front-run and have part of their deposit stolen

Lines of code Vulnerability details Description The first deposit with a totalSupply of zero shares will mint shares equal to the deposited amount. File: src/vault/Vault.sol 298: supply == 0 299: ? assets 300: : assets.mulDivsupply, totalAssets, Math.Rounding.Down; Link to Code File:...

Support for fee-on-transfer tokens

Lines of code Vulnerability details Impact The AddressDriver.sol do not support fee-on-transfer tokens. If the asset is a fee-on-transfer token, tokens received from users could be less then the amount specified in the transfer. The protocol could suffer a loss of funds. Proof of Concept function...

DIVISION BY _AMT_PER_SEC_MULTIPLIER AT EACH STEP OF THE ARITHMETIC OPERATION BEFORE MULTIPLICATION RESULTS IN ROUNDING ERROR

Lines of code Vulnerability details Impact In the drippedAmt function of the Drips.sol contract, the assembly is used to calculate the amount dripped over a time range. Inside the assembly amtPerCycle is calculated by multiplying cycleSecs and amtPerSec and dividing by AMTPERSECMULTIPLIER to remo...

User may charge any amount of fees when registering a subprotocol

Lines of code Vulnerability details Impact When registering a subprotocol, the user may enter any amount of fees. There are no checks implemented. Proof of Concept The register function does not have a check for the fee. A limit may be imposed otherwise a user can register a subprotocol with any...

Upgraded Q -> 2 from #338 [1675444008015]

Judge has assessed an item in Issue 338 as 2 risk. The relevant finding follows: L-04 Staking.restakeGGP function should have whenNotPaused modifier Staking.sol 1 --- The text was updated successfully, but these errors were encountered: All reactions...