Upgraded Q -> 2 from #338 [1675444008015]

Judge has assessed an item in Issue 338 as 2 risk. The relevant finding follows: L-04 Staking.restakeGGP function should have whenNotPaused modifier Staking.sol 1 --- The text was updated successfully, but these errors were encountered: All reactions...

_updateReceiverStates CAN WORK INCORRECTLY WHEN CURRENT RECEIVER AND NEW RECEIVER MATCHES WITH UPDATED DRIP TIMES

Lines of code Vulnerability details Impact States can be incorrectly updated. Proof of Concept In updateReceiverStates method of Drips.sol, I noticed a different pattern of Using addDeltaRange when current receiver and new receiver matches with updated drip times. To Remove an existing drip, the...

Reentrancy due to lack of check-effect-interact pattern by valid Driver users

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

Possibly Susceptible to Reentrancy Attack

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed. Proof of Concept To...

A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits

Lines of code Vulnerability details Impact A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits. The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting...

Possible Reentrance & Unexpected Behaviour Vulnerabilities

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, for example, the pay function called in the mintCallback function does not check for reentrancy before performing an external call. No checking of return values...

User's claim can revert when attackers call withdrawFee several times

Lines of code Vulnerability details Impact withdrawFee can be called several times, so attackers can use this to drain Erc20Quest's balance. Proof of Concept When the admin calls withdrawRemainingTokens, protocolFee + unclaimedTokens left in the Erc20Quest contract. If unclaimedTokens =...

Wrong modifier

Lines of code Vulnerability details Impact H-01 The modifier that is declared in RabbitHoleReceipt.sol and RabbitHoleTickets.sol files has no impact and has not protection to methods that is used for. This modifier is used in 3 functions. Having no check would mean that this modifier will always ...

withdraw() function uses faulty burn() function for transfer and it has no access control implemented.

Lines of code Vulnerability details Impact The withdraw function has no access control implemented and can be called by anyone. It also uses the burn function to transfer funds. A Malicious actor can withdraw the balance of Lendgine.sol. Proof of Concept Alice a malicious actor uses a contract to...

Quest owner can withdraw the reward for unclaimed receipt.

Lines of code Vulnerability details Impact Erc1155Quest.withdrawRemainingTokens will withdraw all tokens even if there are users who minted a receipt but didn't claimed their rewards before endTime Proof of Concept Whitelisted account creates a new ERC1155 quest. Whitelisted account becames the...

claim can run out of gas

Lines of code Vulnerability details Impact If the claim function runs out of gas, the caller can never claim any rewards without transferring the nfts to another address first Proof of Concept Currently, the claim function loops over the msg.senders NFT's. If this list ever becomes too large, the...

driverID can make same userID registered under different different driverID's leading to loss of funds and ultimately the trust of people.

Lines of code Vulnerability details Impact driverID can make same userID registered under different different driverID's leading to loss of funds and ultimately the trust of people. Proof of Concept In contract dripsHub their is no mechanism to check a user already registered under driverID or no...

Attacker can steal the NFT bought by sending it to another vault he control

Lines of code Vulnerability details Impact The mitigation of H-08 try to validate the vault returned by market with the VaultRegistry. However, it only validated if the vault exists, but not if it is the correct vault. A similar attack described in code-423n4/2022-12-tessera-findings47 can be...

reentrancy in TimeswapV2Option.collect()

Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...

Using V2-Pool, user can loose money after minting, then burn due to duration calculation

Lines of code Vulnerability details Impact Users loose money over time after mint using V2-Pool due to the protocol duration calculation. The current duration calculation is calculated from now to maturity. So when the user mint, then burn the liquidity, with time the amount of short he get is...

In TimeswapV2LiquidityToken.sol and TimeswapV2Token.sol, different positions might be minted to the same id.

Lines of code Vulnerability details Impact In this protocol, all positions should have unique ids to track and update their status. Currently, different positions might be minted to the same id and the main logic for the positions will be broken. Proof of Concept TimeswapV2LiquidityToken.mint set...

_currentIndex is incorrectly updated; breaking the ERC1155 enumerable implementation

Lines of code Vulnerability details Impact When minting and burning tokens,the ERC1155Enumerable implementation does not correctly update the following states: uint256 private allTokens; mappinguint256 = uint256 private allTokensIndex; mappingaddress = uint256 internal currentIndex; In particular...

Upgraded Q -> M from #374 [1674664049404]

Judge has assessed an item in Issue 374 as M risk. The relevant finding follows: L-03 WETHGateway.repayETH will revert if msg.value paybackAmount In the repayETH function, paybackAmount eth will be deposit to WETH contract to get paybackAmount weth back. WETH.depositvalue: paybackAmount; And then...

_locateCurrentAmount function, there is an unchecked block which skips underflow checks as startTime <= block.timestamp < endTime

Lines of code Vulnerability details Impact In the locateCurrentAmount function, there is an unchecked block which skips underflow checks as startTime = block.timestamp endTime, but if the condition is not upheld, the duration, elapsed, and remaining variables will underflow and can cause unexpect...

Upgraded Q -> M from #268 [1674418407759]

Judge has assessed an item in Issue 268 as M risk. The relevant finding follows: L-02 Front running attacks by the owner Project has one possible attack vectors by the onlyOwner: dao.Fees , burnsFees , referralFees , botFees variable; It determines the fees rate The default deposit fees equal zer...

Upgraded Q -> M from #658 [1674423108320]

Judge has assessed an item in Issue 658 as M risk. The relevant finding follows: L-05 MARGIN ASSET TOKENS WITH MORE THAN 18 DECIMALS ARE NOT SUPPORTED As shown below, arithmetic operations of the StableVault.deposit, StableVault.withdraw, Trading.handleDeposit, and Trading.handleWithdraw function...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities. Proof of Concept Exploit Vulnerability OrderStatus storage orderStatus; Tools Used github...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities. Proof of Concept OrderStatus storage orderStatus; Tools Used github Recommended Mitigation...

Unchecked return price > 0 oracle

Lines of code Vulnerability details Impact In the function price, there is no check that the return price that chainlink sends is 0. uint80 roundId, int256 p, , uint256 updateTime, uint80 answeredInRound = chainlinkFeed .latestRoundData; if updateTime == 0 || answeredInRound timeout revert...

Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals

Lines of code Vulnerability details Impact Adversary can maliciously disable cToken collateral to cause loss to rToken during restructuring Proof of Concept if referencePrice 0: / if redeemTokensIn 0 / We calculate the exchange rate and the amount of underlying to be redeemed: redeemTokens =...

totalStakes is not updated in seizeRSR()

Lines of code Vulnerability details Impact when RSR is seized in the function seizeRSR stakeRSR is update but totalStakes is not updated so after seizeRSR is called when stake is called the line 225 uint256 stakeAmount = newTotalStakes - totalStakes; will underflow and revert because totalStakes ...

Front-run Initializer

Lines of code Vulnerability details Impact In function: function initialize Authority AUTHORITY, ICollateralToken COLLATERALTOKEN, ILienToken LIENTOKEN, ITransferProxy TRANSFERPROXY, address VAULTIMPL, address SOLOIMPL, address WITHDRAWIMPL, address BEACONPROXYIMPL, address CLEARINGHOUSEIMPL...

Comparison Of Different Types Might Lead to Inconsistent Behavior

Lines of code Vulnerability details Impact Comparison Of Different Types Might Lead to Inconsistent Behavior Proof of Concept The comparison here compares two different types , i.e. uint88 withdrawReserve and uint256 withdrawBalance. This type of mismatched might induce unwanted behavior If a bug...

Manipulate the price per share value and unfair share of future users' deposits'

Lines of code Vulnerability details Impact Most of the share based vault implementation will face this issue. The vault is based on the ERC4626 where the shares are calculated based on the deposit value. By depositing large amount as initial deposit, initial depositor can influence the future...

Solmate's ERC20 does not check for token contract's existence

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in the codes. Proof of Concept Provide direct links to all...

exchangeRateDeltaLimit can be exceeded with overrideExchangeRate() and remain unpaused

Lines of code Vulnerability details Impact The CashManger has a safety feature that limits the maximum change in the exchange rate between epochs. in setMintExchangeRate it is checked that this limit is not exceeded but there is no check in overrideExchangeRate. Proof of Concept An epoch could ha...

_processRefund() fails to update currentRedeemAmount when epochToService == currentEpoch

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. processRefund fails to update currentRedeemAmountwhenepochToService == currentEpoch. As a result, currentRedeemAmount will contain the portion that has already been refunded, an incorrect number. Proof ...

Upgradeable

Lines of code Vulnerability details Impact Since the contract OndoPriceOracle.sol is a critical contract it should have room to be upgrade, either use the library @openzeppelin/contracts-upgradeable or leave a storage gap. An example of this would be to add this line: uint25650 private gap; Proof...

Malleable value in S

Lines of code Vulnerability details Impact Signature Proof of Concept ECDSA's malleability can be used to create new signatures under specific conditions. This post explores how serious these attacks can be. Tools Used Recommended Mitigation Steps Recomendation is to be added additional check for...

Upgraded G -> 3 from #90 [1673938387276]

Judge has assessed an item in Issue 90 as 3 risk. The relevant finding follows: fenkge;gk --- The text was updated successfully, but these errors were encountered: All reactions...

Signature Replay no nonce

Lines of code Vulnerability details Impact There is a signature replay vulnerability. That means that the signature can be reused in the same contract from anyone calling. The vulnerability relies in the fact that there is no nonce specified for every caller. This means that you can take a...

Front-running of the relayers transaction

Lines of code Vulnerability details Description While the relayer has a positive outcome from the execution of some of the user operations through gas refund it is profitable for the attacker to front-run such transactions with a full copy of those. In such a case attacker receives a positive...

Theft of funds under relaying the transaction

Lines of code Vulnerability details Description The execTransaction function is designed to accept a relayed transaction with a transaction cost refund. At the beginning of the function, the startGas value is calculated as the amount of gas that the relayer will approximately spend on the...

Replay attack on different batchId

Lines of code Vulnerability details Description The execTransaction function includes an input parameter called batchId that is used to determine the nonce which is included in the data signed by the owner. However, batchId is not part of the signed data. This allows any third party to replay a...

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

Attacker can gain control of counterfactual wallet

Lines of code Vulnerability details A counterfactual wallet can be used by pre-generating its address using the SmartAccountFactory.getAddressForCounterfactualWallet function. This address can then be securely used for example, sending funds to this address knowing in advance that the user will...

Upgraded Q -> M from #187 [1673006043496]

Judge has assessed an item in Issue 187 as M risk. The relevant finding follows: L‑02 EthereumToArbitrumRelayer.processCalls does not check msg.sender is a contract The Arbitrum relay processCalls is intended to be called by EOA, as specified in the docs: Arbitrum requires an EOA to submit a brid...

JIT(JUST-IN TIME) LIQUIDITY OPPORTUNITIES EXISTS FOR USERS

Lines of code Vulnerability details Impact The MEV opportunity created robs the honest users who deposit before the start of a reward cycle. Leading to loss of rewards for said users. Proof of Concept A user deposits AVAX into tokenggAVAX.sol and in return gets an lp token to represent their...

FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS

Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...

TokenggAVAX.sol : First depositor can break minting of shares

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

Borrowers don’t need to run the risk of being liquidated

Lines of code Vulnerability details Impact Borrowers are able to borrow Papr, swap it for another asset in Uniswap without ever having to pay their debt because they can remove their collateral without paying their debt. Ultimately leading to free assets at the cost of others. Proof of Concept As...

There is no way to extract fees when someones wants to reduce a debt by paying with underlying tokens

Lines of code Vulnerability details Impact When a user is buying the debt of an account or its own debt, it either have the choice to use the reduceDebt function in order to pay with PAPR tokens, or by paying in underlying tokens can be USDC, WETH, .... A protocol that would choose to...

Oracle may return a stale price that is not resistant to flash crashes

Lines of code Vulnerability details Impact Oracle may return a stale price in the event of a flash crash which will affect protocol calculation of maxDebt and affect protocol. Proof of Concept Protocol uses the time weighted average pricing of 30 days to check the price of the NFT. uint256 consta...

Stealing liquidity provider's fund by manipulating the reserve

Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...

Possible Reentrancy Vulnerability

Lines of code Vulnerability details Impact In Add function, in case of non Eth Base Token, LP Tokens are minted for LP Provider before transferring the Base Token from Provider to Contract. In remove function, Fractional Tokens are Transferred to LP Provider before Burning the LP Token. In wrap...