Overflow in _swap() change the behavior of pool.swap()

Lines of code Vulnerability details Impact In swap, amountSpecified is set to int256data.amount.value. But data.amount.value is an uint256. If data.amount.value is bigger than typeint256.max, amountSpecified becomes a negative value due to overflow. And a negative amountSpecified means a complete...

wxETH.sol Inflation Attack

Lines of code Vulnerability details Impact The first staker may suffer an Inflation Attack and lose the funds Proof of Concept Currently wxETH still has the common ERC4626 'Inflation Attack' malicious users can front-run the first staker, raise exchange rates through donations, then achieve...

Upgraded Q -> 3 from #222 [1683017474019]

Judge has assessed an item in Issue 222 as 3 risk. The relevant finding follows: L-02 Downcasting uint or int may result in overflow Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows. Instances: 2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

Challenging invalid positions can allow an attacker to reward himself with infinite tokens

Lines of code Vulnerability details Impact An attacker can mint himself as many Frankencoins as he wants in a single transaction by challenging an invalid position. Proof of Concept Steps overview: Since there's no check on the validity of a position when challenging it, an attacker can: 1. a...

All the STeth balance of WstEth contract can be drained by a malicious user.

Lines of code Vulnerability details Impact The impact of this finding is severe, as it can result in the complete loss of STeth tokens held by the WstEth contract. This could lead to a significant financial loss for the contract and its users. Proof of Concept For demonstration purpose, Alice is...

User may lose ETH

Lines of code Vulnerability details Impact User may lose ETH Proof of Concept If a non-existent function is called , the protocol may enter MsgValueSimulator.fallback.Inside the fallback function ,the protocol will transfer ETH from one address to another. If user calls a function that doesn't...

_withdrawLP is not re-setting the lpPosition.points when lpPosition.amount

Lines of code Vulnerability details Impact User can withdraw their LP tokens without affecting their lpPosition.points. Since the lpPosition.points could not deducted then and there whenever the LP token is drawn out, user can use the old lpPosition.points and new lpPosition.points value to...

No check for active sequencer

Lines of code Vulnerability details Impact The protocol will operate at the previous stale rates. Proof of Concept Chainlink recommends that all Optimistic L2 oracles consult the Sequencer Uptime Feed to ensure that the sequencer is live before trusting the data returned by the oracle, even if...

StabilizerNode.stabilize may use undistributed rewards in the overflowPool as collateral

Lines of code Vulnerability details Impact In StabilizerNode.stabilize, globalIC.collateralRatio is used to calculate SwingTraderEntryPrice and ActualPriceTarget, with collateralRatio indicating the ratio of the current global collateral to the malt supply. function collateralRatio public view...

Upgraded Q -> 2 from #293 [1676241639792]

Judge has assessed an item in Issue 293 as 2 risk. The relevant finding follows: 01 USER CAN POSSIBLY TRANSFER NO token0 OR token1 TO TimeswapV2Option CONTRACT IF CORRESPONDING token0 OR token1 IS A REBASING TOKEN When calling the following TimeswapV2Option.mint function, msg.sender uses the...

claimRewards is not re-entrancy safe.

Lines of code Vulnerability details Impact In MultiRewardStaking the function claimRewards doesn’t have nonReentrant which makes it possible to re-enter the function. If one of the reward tokens in ERC-777 token, it is possible to re-enter and claim the reward again and again until the contract i...

Missing Access Controls in Liquidity Position Library

Lines of code Vulnerability details Impact function feesEarnedOf LiquidityPosition memory liquidityPosition, uint256 long0FeeGrowth, uint256 long1FeeGrowth, uint256 shortFeeGrowth internal pure returns uint256 long0Fee, uint256 long1Fee, uint256 shortFee ... function updateLiquidityPosition stora...

A staker might drain the stRST contract slowly

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...

Insufficient Input Validation Leading to Excessive Token Burn.

Lines of code Vulnerability details Impact This vulnerability allows a malicious user to redeem an amount of cash tokens that is less than the minimum redemption amount or more than the user's actual balance. This bug can be considered as a high severity bug, as it allows an attacker to burn an...

When liquidation is not locked, anyone can liquidate another persons' collateral

Lines of code Vulnerability details Impact Petty users can liquidate other people's NFT immediately when the liquidation threshold is reached. Proof of Concept The owner controls the function setLiquidationsLocked and calls the function when a collateral needs to be liquidated function...

Not supporting fee-on-transfer token as base token

Lines of code Vulnerability details Impact In Caviar protocol, all calculations in functions add, remove, buy, sell is done using token balance of Pair contract directly. In function add, it calculates and mints LP token to sender first before transferring baseToken in. function adduint256...

Unlimited Global & User Withdrawal right after previous period ends and new period begins

Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...

Relayed calls in EthereumToArbitrumRelayer can be replayed

Lines of code Vulnerability details Impact A relayed call can be processed multiple times allowing somebody to execute the user's call multiple times. The bridge allows arbitrary calls to contracts. Depending on the nature of the call, this could result in a loss of funds for the user. Proof of...

If bridge request fails users tokens are burned with no way to recover

Lines of code Vulnerability details Impact Users tokens are still burned at source chain with no way to recover them Proof of Concept try HolographOperatorInterfaceaddressthis.nonRevertingBridgeCallvalue: msg.value msg.sender, bridgeInRequestPayload /// @dev do nothing catch failedJobshash = true...

Compromised Arbitrum: No Sanity/Security Checks on Amount in finalizeInboundTransfer() on Layer 2

Lines of code Vulnerability details Description / Proof of Concept If L2GraphTokenGateway.finalizeInboundTransfer receives a valid transaction from the bridge, it will immediately mint any amount of GRT tokens on Arbitrum. Impact This exposes an unnecessarily large attack surface as any compromis...

IERC20.transfer doesn't support all ERC20 tokens

Lines of code Vulnerability details Impact IERC20.transfer doesn't support all ERC20 tokens in the function recoverERC20. Proof of Concept In the contract frxETHMinter, the function recoverERC20 is used to recover ERC20 tokens, if someone accidentally sent some of them in the contract. However...

Invalid Use of BODMAS in TokenDistributor.sol and PartyGovernanceNFT.sol

Lines of code Vulnerability details Invalid Use of BODMAS in TokenDistributor.sol and PartyGovernanceNFT.sol In contract TokenDistributor.sol we initializing the value of uint128 fee using a mathematical way but in a wrong manner their brackets are missing which will clear out the instance of usi...

# Only part of keccak256() is used as hash, making it susceptible to collision attacks

Lines of code Vulnerability details At 2 places in the code only part of the output of keccak256 is used as the hash: At TokenDistributor - DistributionState.distributionHash15 - uses only a 15 bytes as a hash This one is intended to save storage At Crowdfund.governanceOptsHash a 16 bytes is used...

HARDCODED PRICES FOR STABLECOINS

Lines of code Vulnerability details Impact Hardcoded prices of stablecosins may open some arbitrage opportunities and produce many bad loans in CLM. Proof of Concept Hardcoding price of cUSDT and cUSDC as 1 may open some arbitrage opportunities when real price for each token is a little bit...

Fake orders can be created for non existant tokens

Lines of code Vulnerability details Impact NFT's can be stolen by an attacker Proof of Concept The putty contract is using the solmate safeTransfer instead of OpenZeppelin's so contract existence isn't being checked for transferred tokens. In the putty case, contract existance is checked for the...

Able to mint any amount of PT

Lines of code Lender.solL192-L235 Lender.solL486-L534 Lender.solL545-L589 Vulnerability details Impact Some of the lend functions do not validate addresses sent as input which could lead to a malicous user being able to mint more PT tokens than they should. Functions affect: Illuminate and Yield...

Inconsistent balance when fee-on transfer tokens.

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of...

DoS with block gas limit--External calls inside a loop might lead to a denial-of-service attack.

Lines of code Vulnerability details Impact --Check: calls-loop --Severity: Medium --Confidence: Medium External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. Proof of Concept -- --ConsenSys Smart Contract Best Practices -- -- Tools Used...

Rescue ETH at InfinityStaker.sol is incorrectly implemented

Lines of code Vulnerability details Impact Admins are unable to recover any ETH locked in the contract PoC The function rescueETHInfinityStaker.sol is incorrectly implemented. It is using msg.value instead of the balance of the contract /// @dev Admin function to rescue any ETH accidentally sent ...

Integer Overflow in Nonce Possible Via EIP 1271 Compliant Contract

Lines of code Vulnerability details Impact The current NonceManager deployed version does not expect a nonce to go as high to actually trigger an integer overflow and is therefore, unchecked. However, it is completely possible to have the nonce go as high with EIP 1271 contracts that hold the NFT...

Lack of Access Restriction for Conduit Creation

Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...

Bribe Rewards Struck In Contract If Deposited During First Epoch

Lines of code Vulnerability details Vulnerability Details Bribe rewards added to the Bribe contract in the first epoch will not be claimable by any voters, and the rewards will struck in the Bribe contract. Proof-of-Concept Assume that the current epoch is epoch 0, and start date of epoch 0 is Da...

VotingEscrow's merge and withdraw aren't available for approved users

Lines of code Vulnerability details Users who are approved, but do not own a particular NFT, are supposed to be eligible to call merge and withdraw from the NFT. Currently burn, used by merge and withdraw to remove the NFT from the system, will revert unless the sender is the owner of NFT as the...

“No Revert on Failure“ tokens can be stolen from the contract by disguising them as NFTs.

Lines of code Vulnerability details Impact If a user creates a vault with an ERC20 token with the following two properties: 1. There’s a way to make transferFrom fail to transfer tokens without reverting e.g. some tokens like ZRX return false on failure instead of reverting. 2. fransferFromfrom,...

Users Can Prevent Excess Tokens From Being Withdrawn By The Pool Creator In withdrawExcessRewards()

Lines of code Vulnerability details Impact Because pools will likely never be fully utilised by stakers while active, the following assumption in withdrawExcessRewards can be broken by preventing any receipt withdrawal: requirepool.totalDepositsWei == 0, 'Cannot withdraw until all deposits are...

Setting new buffer does not reduce current buffer to cap

Lines of code Vulnerability details Impact The RateLimited.setBufferCap function first updates the buffer and then sets the new cap, but does not apply the new cap to the updated buffer. Meaning, the updated buffer value can be larger than the new buffer cap which should never be the case. Action...

Improper Validation Of Chainlink's latestRoundData() Function

Lines of code Vulnerability details Impact The calls to the latestRoundData function do not validate the output of the Chainlink oracle query. As a result, it is possible to use stale results when returning the TWAP price. latestRoundData is able to ensure the round is complete and has returned a...

ERC4626.mint() doesn't mint the correct amount

Lines of code Vulnerability details Impact The ERC4626.mint function doesn't mint the correct amount of tokens. Instead of minting amount number of tokens, it should mint shares number of tokens. Since the user doesn't receive the correct amount of tokens I'd rate this issue "HIGH". Proof of...

vulnerability

Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...

ERC20 return values not checked (2)

Handle cmichel Vulnerability details The ERC20.transfer, ERC20.transferFrom, ERC20.approve functions return a boolean value indicating success. This parameter needs to be checked for success. Also, some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom...

Aave's share tokens are rebasing breaking current strategy code

Handle cmichel Vulnerability details When depositing into Aave through the AaveYield.lockTokens contract strategy, one receives the sharesReceived amount corresponding to the diff of aToken balance, which is just always the deposited amount as aave is a rebasing token and 1.0 aToken = 1.0...

swapExactTokensForTokens in is used with amountOutMin = 0

Handle 0x0x0x Vulnerability details Impact In UniswapHandler.sol two important functions sellMalt and buyMalt use swapExactTokensForTokens with amountOutMin = 0. This is a big problem since miners can exploit this intensively. So miners can strongly manipulate the price, since they can order the...

TWAPOracle might register with wrong token order

Handle cmichel Vulnerability details The TWAPOracle.registerPair function takes in a factory and token0, token1. The function accepts a factory argument which means any Uniswap-like factory can be used. When using the actual Uniswap factory's IUniswapV2Factoryfactory.getPairtoken0, token1 call, i...

Duplicate utoken and usermanager can be added which cannot be deleted

Handle csanuragjain Vulnerability details Impact If Admin decides to delete the market, only the first instance of utoken and usermanager gets deleted. This means duplicate instance remains and Admin has actually not deleted the market Proof of Concept 1. Navigate to 2. Check the addUToken functi...

CompositeMultiOracle returns wrong decimals for prices?

Handle cmichel Vulnerability details The CompositeMultiOracle.peek/get functions seem to return wrong prices. It's unclear what decimals source.decimals refers to in this case. Does it refer to source.source token decimals? It chains the price arguments through peek function calls and a single...

Gas griefing attack on the removeUserActiveBlocks function

Handle shw Vulnerability details Impact The consumed gas to remove a user's active block is proportional to the total number of array elements i.e., block numbers. However, the array size can be arbitrarily increased by an attacker with only paying gas fees, causing a gas griefing attack when the...

Lack of nonreentrant modifier or CEI pattern may lead to reentrancy

Handle 0xRajeev Vulnerability details Impact The Trader contract makes an external call to the market contract TracerPerpetualSwaps as part of executeTrade. The comments in code "// todo this could be succeptible to re-entrancy as // market is never verified” indicate that there could be a residu...

Lack of return value check or use of SafeERC20 wrappers for token transfers

Handle 0xRajeev Vulnerability details Impact ERC20 tokens are specified to return a boolean value on token transfer and transferFrom. However, tokens may not adhere to the spec and return no value for success/failure. Checking the return values of ERC20 token transfers is therefore important to...

auth collision possible

Handle gpersoon Vulnerability details Impact The auth mechanism of AccessControl.sol uses function selectors msg.sig as a unique role definition. Also the moduleCall allows the code to be extended. Suppose an attacker wants to add the innocent looking function "leftbranchblockuint32" in an new...

An attacker can cause an overflow in the flashLoan function

Handle janbro Vulnerability details Summary An attacker can cause an overflow in the flashLoan function where 0 tokens are burned after a large amount of tokens are minted, if there is a flash loan fee, due to not utilizing safe math. Risk Rating Critical Vulnerability Details An attacker can cra...