Anyone can call propose() and create a DOS

Lines of code Vulnerability details A denial of service can be initiated by anyone, since there is no check for any address, and also no Ether/ERC20 at stake. Impact Denial of service for vault migration Proof of Concept Contract : Migration.sol, function propose Recommended Mitigation Steps Make...

Small scalar may make buyoutPrice calculation incorrectly

Lines of code Vulnerability details Impact In Buyout.start function, buyoutPrice is calculated using a scalar = 100. This small scalar and division rouding will reduce the precision of the formula significantly. Proof of Concept 1. Alice call start with msg.value = 1e18 and depositAmount = 4567...

Upgraded Q -> H from 187 [1657760940788]

Judge has assessed an item in Issue 187 as High risk. The relevant finding follows: 1. rescueETH cannot rescue Ether rescueETH sends msg.value to the destination address, which means it requires the caller of rescueETH to provide the Ether to send. Essentially the owner is directly paying the...

ERC20 Incorrect check on returnedAddress in permit() results in unlimited approval of zero address

Lines of code Vulnerability details Impact When creating ERC20.sol from Solmate, a require in permit was converted to a custom error incorrectly. It now reads: if recoveredAddress != address0 && recoveredAddress != owner revert Invalidmsg.sender, owner; So if the recoveredAddress is non-zero and...

Weak PRNG (Pseudorandom number generator)

Lines of code Vulnerability details Impact Weak PRNG due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided. Proof of Concept Tools Used Slither Recommended Mitigation Steps Do not use block.timestamp, now or blockhash as a...

Unchecked return value of transfer() and transferFrom()

Lines of code Vulnerability details Impact There are multiple external calls to IERC20.transfer and IERC20.transfer in contracts that suppose to transfer out tokens from/to the system. However, there are tokens like USDT that don't return any return value in their implementation of the transfer...

Reentrancy vulnerability due to _distributePayoutsOf

Lines of code Vulnerability details The function distributePayoutsOf has reentrancy vulnerability which is being called by the external function distributePayoutsOf There are external calls in this function along with calls sending ETH Impact The contract JBPayoutRedemptionPaymentTerminal inherit...

CreateFor#JBProjects.sol is vulnerable to reentrancy

Lines of code Vulnerability details Impact Reentrancy attack can trick users by spamming incorrect project Id event emission Proof of Concept The function createFor which uses safeMint is lacking any form a reentrancy protection. OZ Safe Mint implementation is function safeMint address to, uint25...

State Variable Shadowing

Lines of code Vulnerability details Impact Check: shadowing-state Severity: High Confidence: High It is possible to use the same variable twice in Solidity, but it can lead to unintended side effects.The TestAllowance.sol contract inherits from TesTBaseWorkflow.sol. In the TestAllowance.sol...

Some fund could be locked in the project forever because only contributors but not project token holders can redeem

Lines of code Vulnerability details Some fund could be locked in the project forever because only contributors but not project token holders can redeem Impact Once the contributor transfered the project tokens to someone elsein some DEX maybe, these tokens could never be redeemed. One of the...

Inconsistent state of _terminalsOf & _primaryTerminalOf state variables at JBDirectory

Lines of code Vulnerability details Vulnerability details When a call to setTerminalsOf is followed by setPrimaryTerminalOf, the state variables, terminalsOf & primaryTerminalOf, are maintained in consistent state by including the primaryTerminal in terminals also. Refer, But when a call to...

CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS

Lines of code Vulnerability details Impact This could lead to stale prices according to the Chainlink documentation: Proof of Concept On JBChainlinkV3PriceFeed.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. function currentPriceuint256 decimals...

Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store.

Lines of code Vulnerability details Impact Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store. If data store is using custom logic that doesn't...

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

Short Call Maker Asset Can Be Frozen

Lines of code Vulnerability details Impact The fillOrder function only checks that the floorAssetTokenIds.length must be 0 when a taker fill a short call order. In other words, it does not check whether order.floorTokens.length is 0 or not, which means that if the maker includes any address in...

both order side positions don’t exist is not checked

Lines of code Vulnerability details Impact The flow in fillOrder as documented in expects the check order side positions doesn't exist . However the fillOrder function does not have a require check for this. This allows for the same side positions to be created multiple times leading to loss of...

Attacker can take premium from taker who fill short-call orders for free.

Lines of code Vulnerability details Impact Takers who fill short-call orders may unable to exercise their long-call position. Attackers can abuse it to take premium from takers for free. In PuttyV2.fillOrder function, when taker fill short-call order, order’s maker only has to transfer erc20Asset...

Users may lose funds due to ignored return value of transfer()

Lines of code Vulnerability details Impact The return value of WETH transfer in is unchecked. So if the transfer fails, it continues to L1386 which returns 0 to compAccruedholdersj in L1370 there by resetting the compAccrued of the holder to zero. With this, the user would lose funds. Proof of...

A cap is needed on the amount of Note than can be borrowed

Lines of code Vulnerability details Impact The fact that there is no cap on the amount of Note that can be borrowed makes the Oracle Extractable Value unlimited. But as you intend to rely on TWAP, you need to make sure the cost of oracle manipulation is lower than the Oracle Extractable Value...

Upgraded G -> M from 49 [1656600225781]

Judge has assessed an item in Issue 49 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 194 [1656339935656]

Judge has assessed an item in Issue 194 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 115 [1656346004435]

Judge has assessed an item in Issue 115 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 207 [1656344605107]

Judge has assessed an item in Issue 207 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Removal of liquidity from the reserve can be griefed

Lines of code Vulnerability details Impact Users may be unable to withdraw/remove their liquidity from the LiquidityReserve if a user decides to grief the contract. Proof of Concept This is the only function in this contract that is able to unstake funds, so that they can be withdrawn/removed:...

Possible DoS in Staking.claim() function

Lines of code Vulnerability details Impact In Staking contract, users are allowed to stake for another recipient. And it also updates warmUpInfo.expiry for recipient address so recipient can only claim after this new expiry is passed. Attackers can abuse this to constantly stake 1 wei for another...

Redeemer.sol#redeem() the principal token from Notional can not be redeemed

Lines of code Vulnerability details int256 amount = IERC20principal.balanceOflender; // Transfer the principal token from the lender contract to here Safe.transferFromIERC20principal, lender, addressthis, amount; if p == uint8MarketPlace.Principals.Swivel // Redeems zc tokens to the sender's...

ERC5095 redeem must check allowance with principalAmount instead of underlyingAmount

Lines of code Vulnerability details Impact ERC5095 redeem must check allowance with principalAmount instead of underlyingAmount. Allowing any user to redeem token of anybody freely. This is very critical, anyone can lost their money everytime without their acknowledgement. Proof of Concept functi...

In Notional case Redeemer's redeem() will not do the position redeeming

Lines of code Vulnerability details Currently no actual redeeeming is done in Notional case as maxRedeem is a balance view function that doesn't close the position. This way one more operation, the redeeming itself, is now committed and in Notional case Redeemer's redeem doesn't perform anything,...

Upgraded Q -> M from 104 [1656258768065]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: L01: Silent overflow of fCashAmount Line References Description If a fCashAmount value that is greater than uint88 is passed into the mint function, downcasting it to uint88 will silently overflow. Recommended...

Fund migration should trigger a rebase to prevent missing out on potential rewards

Lines of code Vulnerability details Impact Rebasing allows the protocol to "distribute" profit/rewards to Yieldy and Foxy token holders by increasing the supply of tokens and increasing the balance of each token holder relative to the token balance creditBalances. The order of rebasing and...

User fund lose in addLiquidity() of LiquidityReserve by increasing (totalLockedValue / totalSupply()) to very large number by attacker

Lines of code Vulnerability details Impact Function addLiquidity suppose to do add Liquidity for the staking Token and receive lrToken in exchange. to calculate amount of IrToken codes uses this calculation: amountToMint = amount lrFoxSupply / totalLockedValue but it's possible for attacker to...

Cannot mint to exactly max supply using _mint function

Lines of code Vulnerability details Impact Cannot mint to exactly max supply using mint function Proof of Concept requiretotalSupply MAXSUPPLY, "Max supply"; if totalSupply == MAXSUPPLY this assert will be failed and reverted. But is shouldn't be reverted as totalSupply == MAXSUPPLY is valid. Too...

Staking.sol#stake() DoS by staking 1 wei for the recipient when warmUpPeriod > 0

Lines of code Vulnerability details if warmUpPeriod == 0 IYieldyYIELDYTOKEN.mintrecipient, amount; else // create a claim and mint tokens so a user can claim them once warm up has passed warmUpInforecipient = Claim amount: info.amount + amount, credits: info.credits +...

Yieldy._totalSupply has different upper bounds.

Lines of code Vulnerability details Impact Yieldy.totalSupply has different upper bounds. Yieldy.mint will revert when totalSupply is exactly same as MAXSUPPLY. Proof of Concept From L91-L98, we can see totalSupply can be same as MAXSUPPLY and I think "totalSupply = MAXSUPPLY" is reasonable also...

_rejectBuyout() does not take buys and sells into account until next block, can lead to false effects due to timing

Lines of code Vulnerability details Impact Buyout that should be rejected will be allowed to happen. Proof of Concept Last user to call buy that could have pushed rejectBuyout to reject the buyout wont be accounted for because rejecBuyout is place before the minting of new tokens. Therefore even ...

TWAP array can be artificially filled up with the most recent quote

Lines of code Vulnerability details A malicious user can run updateTWAV on each block, quickly replacing all four values of the twavObservations array with the most recent valuation. I.e. the time weighted averaging essence of the recorded price can be directly reduced to always be just most rece...

Twav.sol#_getTwav() will revert when timestamp > 4294967296

Lines of code Vulnerability details function getTwav internal view returnsuint256 twav if twavObservationsTWAVBLOCKNUMBERS - 1.timestamp != 0 uint8 index = twavObservationsIndex + TWAVBLOCKNUMBERS - 1 % TWAVBLOCKNUMBERS; TwavObservation memory twavObservationCurrent = twavObservationsindex;...

Issue with TWAV calculation.

Lines of code Vulnerability details Impact To calculate time weighted average value, current valuation is used. This is not appropriate way to decide the TWAV while other locations considers only time. This might not be the stable one. Proof of Concept uint256 currentValuation =...

Upgraded Q -> H from 285 [1655952312863]

Judge has assessed an item in Issue 285 as High risk. The relevant finding follows: 1. Excess ether sent to FixedPricePassThruGate is lost low passThruGate redirects to a beneficiary only gate.ethCost, requiring that msg.value = gate.ethCost. As there are no other ways to access native tokens hel...

WETH.sol computes the wrong totalSupply()

Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...

CNote updates the accounts after sending the funds, allowing for reentrancy

Lines of code Vulnerability details Having no reentrancy control and updating the records after external interactions allows for funds draining by reentrancy. Setting the severity to medium as this is conditional to transfer flow control introduction on future upgrades, but the impact is up to th...

Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing

Lines of code Vulnerability details Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing observation and gets it to be wrong length which could cause logic brakes and worse because your not...

repayAmountFinal is not considered while calculating actualRepayAmount while calling doTransferIn(payer, repayAmount)

Lines of code Vulnerability details Impact repayAmountFinal is not used inside repayBorrowFresh The computation for actualRepayAmount doesnot account for repayAmountFinal in L111. Proof of Concept function repayBorrowFreshaddress payer, address borrower, uint repayAmount internal override...

getWETHAddress() returns wrong address

Lines of code Vulnerability details Impact The hardcoded return value is the address of COMP token in mainnet not of WETH in getWETHAddress. grantCompInternal function depends on this return value which will cause unintended issues. Proof of Concept function grantCompInternaladdress user, uint...

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Lines of code Vulnerability details Impact In Note contract, if initialSupply ! = 0, totalSupply will overflow when the minttoAccountant function executes mintmsg.sender, typeuint.max constructorstring memory name, string memory symbol, uint256 totalSupply public name = name; symbol = symbol;...

Upgraded Q -> M from 44 [1655746452853]

Judge has assessed an item in Issue 44 as Medium risk. The relevant finding follows: 3. Missing/Invalid validation checks Risk Low Impact Function ForgottenRunesWarriorsMinter.setPhaseTimes setups times for different phases of minting. Phases should be launched one after the other. Missing check:...

Owner cannot transfer ETH balance of the exchange

Lines of code Vulnerability details User called takeOrders and takeMultipleOneOrders functions accumulate native token fees over time. These fees end up being frozen on the contract balance. There is only one way for an owner to transfer them, a rescueETH function, that isn’t able to access ETH...

BridgeFacet's _executePortalTransfer ignores underlying token amount withdrawn from Aave pool

Lines of code Vulnerability details executePortalTransfer can introduce underlying token deficit by accounting for full underlying amount received from Aave unconditionally on what was actually withdrawn from Aave pool. Actual amount withdrawn is returned by IAavePools.aavePool.withdraw, but...

Ether can get lock on functions takeMultipleOneOrders and takeOrders

Lines of code Vulnerability details Impact Ether send by the user cang gets locks when taking order/s Proof of Concept If Bob use function takeMultipleOneOrders or takeOrders to buy and sends more ETH that it supposes to remaing ETH will be lost, also if the seller is selling for other token and...

The amount of gas calculation for refunding is incorrect

Lines of code Vulnerability details Impact While matching the orders the gas cost is calculated so that it can be refunded back to the contract. The calculation for this gas is incorrect. The function keeps track of the gasleft at the beginning of the loop and adds additional amount of gas for pr...