Anyone can call replenishReserves(...) (token version) to repay borrowed reserves with reserves

Lines of code Vulnerability details Impact The replenishReservestoken, ... can be called by anyone. Proof of Concept The NATSPEC comment in the IBranchPort states the replenishReservestoken, ... can only be called by the port strategy itself as shown below / @notice allow approved address to repa...

Tokens locking due to empty parameters to execute on the root chain router

Lines of code Vulnerability details Vulnerability details Impact User's tokens will be locked at the router contract if the params encoded parameters of functions callOutAndBridge and callOutAndBridgeMultiple are empty. The executionStatesrcChainIddepositNonce storage variable will have value...

If dt is not updated accurately then timeWeightedWeeklyPositionInRangeConcLiquidity_ might be updated incorrectly.

Lines of code Vulnerability details Impact In the function accrueConcentratedPositionTimeWeightedLiquidity, inside the while block, dt is initialised as: uint32 dt = uint32 nextWeek If tickTracking.exitTimestamp != 0 then the following else block is executed on line 117: else // Tick is no longer...

Rounding error leading to no reward being sent

Lines of code Vulnerability details Impact Rounding errors could occur if the provided amount is too small, Proof of Concept rewardsToSend += inRangeLiquidityOfPosition concRewardPerWeekpoolIdxweek / overallInRangeLiquidity; uint256 rewardsForWeek = timeWeightedWeeklyPositionAmbLiquidity poolIdx...

Time-weighted liquidity accounting assumes consecutive activity; double counting possible, needs validation.

Lines of code Vulnerability details Impact Time-weighted liquidity accounting in accrueConcentratedPositionTimeWeightedLiquidity and similar functions assumes ticks were active consecutively between entry/exit timestamps. However, a tick could exit and re-enter in the same week, leading to double...

if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain

Lines of code Vulnerability details Impact Attackers can gain control of User's Virtual Accounts and steal all the assets these accounts hold in the Root environment Proof of Concept When sending signed messages from a Branch to Root, the RootBridgeAgent contract calls the...

users can make multiple deposits through the same deposit nonce in branch bridge agent

Lines of code Vulnerability details Impact When a user retries the deposit there is a check that the deposit owner should be msg.sender but there is no check that the deposit failed so user can even retry successful deposits with the same nonce which can affect accounting badly Proof of Concept...

Inefficient handling when the Prime contract is unfunded during interest claims

Lines of code Vulnerability details Impact Loss of funds. Transferring of wring user amount interests. This issue also might leave the PrimeLiquidityProvider with a depleted balance, making it unable to fulfill other potential interest payouts. Additionally, if the PrimeLiquidityProvider doesn't...

Potential Gas Limit Issue with Bulk Score Updates

Lines of code Vulnerability details The updateScores function, which updates scores for multiple users, uses a nested loop structure. This can lead to a situation where if the users array is large and each user has many markets to update, the function could run out of gas. Impact If the function...

Prime.sol: stakedAt value is not deleted when manually issuing an irrevocable token

Lines of code Vulnerability details Impact Protocol specifications state that a user cannot have less than the minimum xvs staked if they are not irrevocable prime token users. In other words, only holders of irrevocables prime tokens can have less than the minimum xvs staked. The problem arises...

functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow

Lines of code Vulnerability details Impact functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values Proof of Concept functions in FixedMath.sol like uintDiv , uintMul , toFixed directly converting its arguments from uint256 to int25...

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...

updateScore() is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact vToken.balanceOfuser can be manipulated by dong some flash loan of vToken. Proof of Concept A flash loan attack is a type of exploit that takes advantage of the fact that flash loans are uncollateralized and do not require a credit check. In a flash loan...

sellCVX(0) reverts

Lines of code Vulnerability details Impact A withdrawal cannot be finalised if requested at a time when AfEth had only safEth, and that owed share of safEth is permanently lost. Proof of Concept It is possible that AfEth holds at most dust amounts of vAfEth if ratio = 100 %. The amounts of vAfEth...

Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value

Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...

price() in AfEth.sol doesn't take afEth held for pending withdrawals into account

Lines of code Vulnerability details Bug Description In AfEth.sol, the price function returns the current price of afEth: AfEth.solL133-L141 function price public view returns uint256 if totalSupply == 0 return 1e18; AbstractStrategy vEthStrategy = AbstractStrategyvEthAddress; uint256...

Lack of access control and value validation in the reward flow exposes functions to public access

Lines of code Vulnerability details Summary Some functions that are part of the Votium reward flow are left unprotected and can be accessed by anyone to spend resources held by the contract. Impact Rewards coming from the Votium protocol are claimed and compounded back in AfEth. This flow consist...

Intrinsic arbitrage from price discrepancy

Lines of code Vulnerability details Impact The up to 2 % price discrepancy from Chainlink creates an intrinsic arbitrage. Especially, it makes withdrawals worth more than deposits in the sense that one can immediately withdraw more than just deposited. Proof of Concept When depositing ETH into...

AfEth collaterals cannot be balanced after ratio is changed

Lines of code Vulnerability details Summary The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio. Impact The AfEth contract contains a configurable parameter ratio that indicates the intended balance between the two...

Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray.

Lines of code Vulnerability details Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray. The code lacks proper error handling mechanisms, which can make it...

Some Outgoing functions are not supported on the gateway

Lines of code Vulnerability details Impact The gateway serves both outgoing and incoming calls, All incoming calls should have corresponding outgoing calls and vice versa However, some incoming calls like addPool , allowPoolCurrency , addTranche have no corresponding calls via the gateway contrac...

Access Control Dependency on msg.sender: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the contract.

Lines of code Vulnerability details Access Control Dependency on msg.sender Impact: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the...

approve function can be frontrun and funds will be stolen as a result

Lines of code Vulnerability details Impact The user that gives allowances will lose funds. Proof of Concept In the file ERC20.sol there is a function approve. This function is problematic as it is susceptible to frontrunning attacks. PoC: Consider the following scenario: Alice calls the function...

Blocking assets/shares in escrow

Lines of code Vulnerability details Impact An investor can lose a part of assets or shares due to their blocking in escrow. Proof of Concept Suppose the user decided to invest an amount of assets which is more than typeuint128.max. This can be done by calling the requestDeposit function several...

transferIn() is susceptible to a front-running attack

Lines of code Vulnerability details Impact Another auth caller can exploit the vulnerability by executing front-running transactions using the source address that has just given allowance approval to the contract. This allows the attacker to acquire and increase the destination amount of the...

There is no concept of a requestDeposit, requestRedeem receipt made on the source chain, resulting in no recovery proces escrowed funds in the event of bridge or Centrifuge fall.

Lines of code Vulnerability details Impact There is no kind of request receipt on the EVM chain at all. The InvenstmentManagerrequestDeposit simply puts users tokens in the escrow and then the request gets routed to the Gateway and later to the outgoingRouter. The flow goes as follows 1.Buyer cal...

Incorrent approval for escrow tokens, not allowing to burn on redeem

Lines of code Vulnerability details Impact Liquidity pool approval for burning escrow tokens is not correctly assigned when pool is deployed on PoolManager deployLiquidityPool lines: EscrowLikeescrow.approveliquidityPool, addressinvestmentManager, typeuint256.max; // Approve investment manager on...

The executeScheduledRely function in the code allows any external caller to execute it without proper access control checks. This means that anyone can make themselves a ward on a contract without authorization, which poses a security risk.

Lines of code Vulnerability details Issue: The executeScheduledRely function in the code allows any external caller to execute it without proper access control checks. This means that anyone can make themselves a ward on a contract without authorization, which poses a security risk. Proof of...

The owner of the PrincipalToken can redeem the asset from escrow before the selected time period expires

Lines of code Vulnerability details Impact After calling the create function, the owner of the DelegateToken gains delegate rights for the duration of the escrow. The documentation for the competition states: "The holder of the PrincipalToken will have the right to redeem the boredom ape from...

In ratifyOrder there is no need for array

Lines of code Vulnerability details Impact In ratifyOrder there is no need for array for SpentItem and ReceivedItem calldata consideration Single object can be used, there is use of the array Proof of Concept The single variable can be used instead of offer0.identifier and consideration0 Array is...

Expiry time is of no use

Lines of code Vulnerability details Impact DelegateToken holder can withdraw before expiry. Even if the principalToken holder extends the time it is of no use. And anyone can withdraw any delegateTokenId and send all the tokens to their address. Proof of Concept The withdraw function in the...

Upgraded Q -> 3 from #255 [1694460742612]

Judge has assessed an item in Issue 255 as 3 risk. The relevant finding follows: LOW-2 Missing check for checkBalancesint256 x, int256 y in reserveTokenSpecified could result in DoS of some critical operations --- The text was updated successfully, but these errors were encountered: All reactions...

GeVault LP calculations do not use scaling and are vulnerable to deposit attacks

Lines of code Vulnerability details Impact Currently, getTVL counts all token balances in GeVault, and attackers can manipulate getTVL to implement deposit attacks. Secondly, since the calculation of LP does not use scaling, because there is a precision error in the division, the cost for the...

In transferFrom() address "from" can be put of contract address and bypass Errors.FromNotCreateOfferer(from)

Lines of code Vulnerability details Impact In transferFrom address "from" can be put of contract address and bypass Errors.FromNotCreateOffererfrom Proof of Concept the code should be function transferFromaddress from, address targetTokenReceiver, uint256 createOrderHashAsTokenId external...

M-08 Unmitigated

Lines of code Vulnerability details Comments The success of low-level calls is not checked in V3Proxy. If msg.sender is a contract and the fallback function has additional logic, the protocol will succeed transfer by default, which will result in the loss of user funds. Mitigation There is no...

_execute can be reorder a batch of commands while executing

Lines of code Vulnerability details Impact Lets see what is written in by Axelar: AxelarGatewayMultisig.execute takes a signed batch of commands. Each command has a corresponding commandID. This is guaranteed to be unique from the Axelar network. execute intentionally allows retrying a commandID ...

The user will receive more/less funds when calling unwrap() if the price of USDY falls/rises than expected

Lines of code Vulnerability details Impact There is a wrap function called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap function . However, in the unwrap function, the user can have more funds in case the price of USDY falls. Based on the case...

Discrepancy in Token Allowance After Rebase Events

Lines of code Vulnerability details The function returns the number of tokens that spender is allowed to spend on behalf of owner. However, in the context of tokens with rebase mechanisms, the owner's balance can dynamically change without explicit transactions. The described behavior might lead ...

Potential Out of Bound Error When Accessing Range Array

Lines of code Vulnerability details The code seems to be attempting to access an element of the 'ranges' array using an index calculated from the array's length minus one. However, during the deployment or initialization of the contract, if the length of 'ranges' is 1, this calculation results in...

The quorum calculation in the _quorumReached() function is inconsistent and could allow abstain votes to prevent a proposal from reaching quorum even if most participating voters are in favor

Lines of code Vulnerability details Impact This allows abstain voters to effectively veto a proposal, even if most participating voters approve it. Proof of Concept The quorum numerator and denominator are inconsistent. The quorum uses totalVotes for the denominator which includes abstains. But t...

bonding on behalf of a new delegator sets the start round to the current round + 1, but the assumed future round may never actually start if rounds get stuck

Lines of code Vulnerability details Impact • If rounds get stuck and currentRound + 1 never happens, the new delegator will never be able to claim earnings. Their startRound will be set to a future round that doesn't exist. • This prevents them from claiming earnings accrued from their staked...

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

Lines of code Vulnerability details Impact If a transcoder gets slashed fully he can still vote with 0 amount of weight making any other delegated user that wants to change his vote to subtract their weight amount from other delegators/transcoders. Proof of Concept In BondingManager.sol any...

totalWethDelegated does not decrease in withdraw can cause DOS

Lines of code Vulnerability details Impact The accounting for total weth delegated increases when adding, but not withdrawing. This allows anyone to inflate this value by repeatedly adding and withdrawing. This again will cause DOS of the bonding mechanism. Proof of Concept RdpxV2Core.addToDelega...

[M-01] Transcoder can front-run slasher to avoid getting slashed and continue voting

Lines of code Vulnerability details Impact In BondingManager.slashTranscoder, verifier can slash transcoderdelegator bonded amounts. However, this can be easily front runned via BondingManager.unbondWithHint by reducing bonded amount to avoid slashing via underflow and keep bonded position...

Users can withdraw token multiple times by calling `withdrawStake' thereby depleting the treasury

Lines of code Vulnerability details The withdrawStake function is used to withdraw tokens for an unbounding lock that has existed through an unbounding period. All it needs is the unbondingLockId to carry out the operation. The associated ID gets deleted & the amount that has been bounded is...

Swap Slippage Check Missing Location: reLP function

Lines of code Vulnerability details Impact If the swap doesn't meet the slippage tolerance, the function will still continue executing. This could lead to the contract holding less tokenA than expected, which could affect the subsequent addLiquidity call and the final balances of the AMO and...

Zero Redemption Amount in RdpxDecayingBonds Contract

Lines of code Vulnerability details Impact The redeem function, as described, checks whether the assets to be redeemed assets are not zero. This check is in place to ensure that a user isn't redeeming a non-zero amount of rdpxAmount tokens in exchange for zero assets. Such a check is essential to...

Incorrect slippage calculation in _curveswap function

Lines of code Vulnerability details Impact swaps will fail or execute with higher slippage than intended. Proof of Concept In curveSwap function of RdpxV2Core contract , getEthPrice should be used in place of getDpxEthPrice, and getDpxEthPrice should be used in place of getEthPrice. / @notice...

Attacker can steal funding yield from the PerpetualAtlanticVaultLP contract atomically

Lines of code Vulnerability details Impact An attacker is able to atomically steal large amounts of the funding yield from the PerpetualAtlanticVaultLP contract. This is due to the fact that the deposit function of the PerpetualAtlanticVaultLP contract will first issue the attacker shares based o...