NO TIMELOCK ON setProtocolFee() CAN LEAD TO SELLERS LOSING THEIR NFTs

Lines of code Vulnerability details NO TIMELOCK ON setProtocolFee CAN LEAD TO SELLERS LOSING THEIR NFTs In InfinityExchange.sol, there is no timelock on setProtocolFee. This is the fee that is applied in orders, and determines how much the Exchange receives in fee VS how much the seller receives...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code:...

_harvest rewards can be stolen because it doesn't implement any slippage bounds

Lines of code Vulnerability details Impact Harvested funds stolen Proof of Concept harvest does not implement any kind of minimum out when calling the 3 consecutive swaps L249, L263 and L275 to get from auraBal to Aura. An attacker could easily sandwich the least liquid pool and steal all the...

Upgraded Q -> M from 119 [1655579861612]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: L01: Use .call instead of .send Line References Description It is recommended to use call instead of send because the former fowards all remaining gas with the call, while the latter has a gas limit of 2300. Thi...

Vault can never fully be emptied

Lines of code Vulnerability details Impact Vault cannot be fully emptied Proof of Concept Whenever rewards are earned they are automatically locked into the the Aura Locker. Since that reward will then earn more rewards while locked, there will be more rewards to be collected when that lock is...

Missing slippage protection for autocompounding auraBAL rewards into AURA

Lines of code Vulnerability details Impact Autocompounding auraBAL rewards into AURA requires multiple swaps auraBAL - BAL/ETH BPT - WETH - AURA within MyStrategy.harvest. The swaps are at risk of being front-run / sandwiched, resulting in a loss of funds. Since MEV is very prominent I think the...

The withdrawal safety check in _withdrawSome() seems unreasonable

Lines of code Vulnerability details Impact The withdrawal safety check in seems unreasonable. Proof of Concept I don’t understand why max = amount99.8% need to be confirmed. max should be larger than amount. And amount function withdrawSomeuint256 amount internal override returns uint256 uint256...

Wrong Deadline

Lines of code Vulnerability details the deadline is the timestamp after which the transaction will revert. the goal of this field is that the caller can set a deadline for the transaction so the transaction will not succeed in any arbitrary time in the future, and after this deadline, they can...

Division by 0 can lead to accidentally revert

Lines of code Vulnerability details Division by 0 can lead to accidentally revert, An example of a similar issue - code-423n4/2021-10-defiprotocol-findings84 Code instances: https://github.com/code-423n4/2022-06-nested/tree/main/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.solL286...

Loss of yield can occur due to not specifying minAmountsOut when exiting BAL/ETH pool

Lines of code Vulnerability details Impact When exiting the BAL/ETH pool, due to not specifying anything for minAmountsOut an attacker can frontrun the transaction and cause a large change in price in the pool. This in turn leads to a large impermanent loss which is realised when the strategy bur...

receive function is unrestricted

Lines of code Vulnerability details Impact The receive function has not placed any restriction which means if any user accidentally sends any ETH to this contract then it is permanently freezed until timelock decides to release it by creating and approving a new transaction on timelock which...

There is no check that in setBribesProcessor() the value of newBribesProcessor is not 0x0, fund will be lost or locked if by mistake value set to 0x0

Lines of code Vulnerability details Impact Fund can be lost if the value of bribesProcessor set to 0x0 address and there is no check in the setBribesProcessor to prevent it. sendTokenToBribesProcessor sends bribes to bribesProcessor and there is no check there too. so if by mistake the value of...

attacker can burn anyones tokens and steal everyones money

Lines of code Vulnerability details Impact attacker can burn tokens and balance of contract is an amount of less or greater in sendtokenreciver function and if receiver is me then tokentransfer can be more than i lended or borrwing,withdrawing and gain me extra tokens. burn function is called...

cause users to revet right after deployment so they cant lend or borrow

Lines of code Vulnerability details Impact because of deployment hasMatured is false mintInternal reverts then cause users' to loose money on gas and users' cant lend which could lead to worse things and cause more attack vectors. Recommended Mitigation Steps check for delay after deployment or g...

safeMath function being used without importing the safeMath library preventing contract compilation

Lines of code Vulnerability details Impact Contract NotionalTradeModule.sol will not compile due to an error caused by missing import of safeMath and the directive using for. Since safeMath is not imported and no using for directive, the contract would not even compile as it would throw an error ...

Round down in previewWithdraw() may result in withdrawing asset using zero share.

Lines of code Vulnerability details Impact In wfCashERC4626.previewWithdraw function, when fCash has matured, shares is calculated using convertToShares. But convertToShares function rounded down in division. This may lead to the case that user can use zero share to withdraw asset. It has been...

Upgraded Q -> M from 119 [1654475092615]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...

Upgraded Q -> H from 63 [1654488227536]

Judge has assessed an item in Issue 63 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Lack of safeApprove(0) may prevent deposits and swapping of token

Lines of code Vulnerability details Impact OpenZeppelin’s safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value. Users may be prevented from swapping tokens to Backd LPTokens a second time Proof of Concept There are multiple places...

Users will lose all of their money during pool migration

Lines of code Vulnerability details Impact Users will lose all of their money when they migrate by calling PoolMigrationZap.migrate Proof of Concept File: protocol/contracts/zaps/PoolMigrationZap.sol 1 52 function migrateaddress oldPoolAddress public override 53 ILiquidityPool oldPool =...

DoS of an order without fully fulfilling it

Lines of code Vulnerability details Impact A malicious attacker can DoS an order by making its n and d invalid, without fully fulfilling the order. Proof of Concept In this example the attacker fulfills only 2/3 of the order, and makes the rest of it unfulfillable. 1. The attacker calls the...

BurnToTarget can be exploited to receive more LP tokens

Lines of code Vulnerability details Issue: depositInPool uses addressthis.balance Consequences: exploiter will get more lp tokens File: FeeBurner.sol 81: // Depositing target underlying into target pool 82: uint256 targetLpTokenBalance = depositInPooltargetUnderlying, targetPool; 83: 84: //...

Approving from non-zero to non-zero allowance will revert with OZ's safeApprove()

Lines of code Vulnerability details Impact Transaction reverting. Proof of Concept OZ's implementation of safeApprove would throw an error if an approve is attempted from a non-zero value "SafeERC20: approve from non-zero to non-zero allowance": require value == 0 || token.allowanceaddressthis,...

Able to get LP tokens without spending any funds in FeeBurner.sol

Lines of code FeeBurner.solL43-L88 Vulnerability details Impact In the burnToTarget function, if the tokens array has only a zero address token and msg.value is 0 then FeeBurner.sol would still call the swapAll function and use all WETH held in the contract. If the contract has any WETH, the call...

_verifyProof allows empty proofs (allows malleable transactions)

Lines of code Vulnerability details Impact verifyProof allows empty proofs and in that case it expects the leaf to equal the root, because no hashing and iteration is taking place. The purpose of the tree is to hold multiple accepted tokenIds, where the consideration contains one and proving its...

Fulfill transactions that are not protected with a deadline may lead to unfavorable trade.

Lines of code Vulnerability details Impact A fulfill transaction of order with descending/ascending amount should be protected by the deadline. The price of an order with a descnding amount is sensitive to the time. Letting users make such a trade without providing the deadline would lead to...

wrong reward distribution and user fund lose if migrate() is called with current rewardToken by mistake or intentionally

Lines of code Vulnerability details Impact It's possible to call migrate function of BkdLocker with newRewardToken value equal to current rewardToken and there is no check to prevent this. and if this happens then userCheckpoint will calculated reward double times for rewardToken, one time becaus...

_aggregateValidFulfillmentOfferItems() can be tricked to accept invalid inputs

Lines of code Vulnerability details Impact The aggregateValidFulfillmentOfferItems function aims to revert on orders with zero value or where a total consideration amount overflows. Internally this is accomplished by having a temporary variable errorBuffer, accumulating issues found, and only...

balanceAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function balanceAtEpochOfuint256 epoch, address user public view returns uint256 amount...

pendingLockAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function pendingLockAtEpochOfuint256 epoch, address user external view returns uint256 amount...

Add a tme lock to VoterProxy.sol setter function

Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact More trust for user functions that are set key/critical variables should be behind a timelock. Proof of Concept%20external%20%7B,%7D,-function%20deposit Tools Used Manuel review Recommended Mitigation Steps Add a...

Upgraded Q -> M from 294 [1654058024144]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Beneficiary is credited additional ETH above premium The CallybuyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium: buyOptionL224 requiremsg.value =...

deposit function of VeAssetDepositor.sol will be failed if stakeAddress is set.

Lines of code Vulnerability details Impact Wrong contract variable is used, so transaction cannot be executed. Proof of Concept This line is trying to call ERC20 function from minter contract. The minter is not ERC20 token, and does not have safeApprove function. So this will revert transaction...

VoterProxy.claimVeAsset() and VeAssetDepositor._lockVeAsset() both spend veAsset.balanceOf(staker) for different purposes

Lines of code Vulnerability details Impact Each of the functions VeAssetDepositor.lockVeAsset and VoterProxy.claimVeAsset will use the entire balance of the VoterProxy for different purposes. In VeAssetDepositor.lockVeAsset the balance is locked into the VoterEscrow contract and cannot be...

_cancel function should check order status

Lines of code Vulnerability details Impact In the cancel function of the OrderValidator contract, orderStatusorderHash.isValidated is not checked. This is to allow users to cancel unverified private orders. This is not a good solution. For unverified private orders, the user can verify and cancel...

ERC777 getReward Reentrancy

Lines of code Vulnerability details Impact Attacker can drain BaseRewardPool.sol if rewardToken is an ERC777 token. Proof of Concept Attacker calls getReward. rewardToken.safeTransfer triggers ERC777 callback and attacker take control of execution flow. Attacker reenters getReward. Attacker repea...

notifyRewardAmount() griefing attack by adding MAX_REWARD_TOKENS

Lines of code Vulnerability details function notifyRewardAmountaddress token, uint amount external lock requireamount 0; if !isRewardtoken requirerewards.length Recommendation Consid...

Bribe.sol is not meant to handle fee-on-transfer tokens

Lines of code Vulnerability details Impact Should a fee-on-transfer token be added as a reward token and deposited, the tokens will be locked in the Bribe contract. Voters will be unable to withdraw their rewards. Proof of Concept Tokens are deposited into the Bribe contract using...

Users can get unlimited votes

Lines of code Vulnerability details Impact Users can get unlimited votes which leads to them: 1. gaining control over governance 2. getting undeserved rewards 3. having their pools favored due to gauge values Proof of Concept mint calls moveTokenDelegates to set up delegation... File:...

GettersAndDerivers: Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash in the deriveOrderHash function of the GettersAndDerivers contract, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to t...

BathPair.sol#rebalancePair() can be front run to steal the pending rebalancing amount

Lines of code Vulnerability details function underlyingBalance public view returns uint256 uint256 pool = IERC20underlyingToken.balanceOfaddressthis; return pool.addoutstandingAmount; function removeFilledTradeAmountuint256 amt external onlyPair outstandingAmount = outstandingAmount.subamt; emit...

AuraClaimZap's claimRewards can permanently freeze user Aura funds

Lines of code Vulnerability details If claimRewards is called with depositCvxMaxAmount 0 and Options.LockCvx == false, the up to depositCvxMaxAmount AURA tokens are pulled from the user, but never get staked. There looks to be no way to retrieve Aura tokens ended up on AuraClaimZap balance this...

Users may lose rewards to other users if rewards are given as fee-on-transfer tokens

Lines of code Vulnerability details Impact If rewards are given in fee-on-transfer tokens, users may get no rewards, breaking functionality Med: Assets not at direct risk, but the function of the protocol or its availability could be impacted, or :::leak value with a hypothetical attack path with...

The _validateOrdersAndPrepareToFulfill & _performFinalChecksAndExecuteOrders functions not using the reentrancy function as intended

Lines of code Vulnerability details Impact A reentrant calls won't be defeated in validateOrdersAndPrepareToFulfill & performFinalChecksAndExecuteOrders functions and potential denial of service on validateOrdersAndPrepareToFulfill Proof of Concept The The validateOrdersAndPrepareToFulfill &...

A well financed attacker could prevent any other users from minting synthetic tokens

Lines of code Vulnerability details Impact In the AlchemistV2 contract, users can deposit collateral to then borrow/mint the synthetic tokens offered by the protocol. The protocol also defines a minting limit that specifies how many synthetic tokens can be minted in a given time period. This exis...

Validate input variables bounds

83 comment Warden: throttle fee variables bounds are not checked. this can lead to expensive mistake --- The text was updated successfully, but these errors were encountered: All reactions...

Excluded user who added liquidity and then was unexcluded can block the withdrawals

83 comment Warden: throttle Excluded user who added liquidity didn't account for totalLiquidty increase. Later, if he is removed from excluded list and tries to remove liqudity, totalLiquidty will be subtracted which can lead to DoS for other user who want to remove liquidity Not sure if this is...

require statment to very importent call to a contract,never gets called

Lines of code Vulnerability details Impact bool sent, bytes memory data = addressto.callvalue: receivedETHAmount''; return receivedETHAmount; require statement is never reached. this can be a failed call and not know about it causes function to go on with the desired outcome / return ends the...

Lido adapter incorrectly calculates the price of the underlying token

Lines of code Vulnerability details Impact The Lido adapter incorrectly calculates the price of WETH in terms of WstETH. The function returns the price of WstETH in terms of stETH. The underlying token which we desire is WETH. Since stETH does not have the same value as WETH the output price...

[WP-H12] Wrong implementation of ConvexCurveLPVault#withdrawOnLiquidation() may cause the positions collateralized with ConvexCurveLP unbale to be liquidated as withdrawOnLiquidation() will always fail

Lines of code Vulnerability details function withdrawuint256 amount, address to internal returns uint256 // Withdraw from Convex address baseRewardPool = getBaseRewardPool; IConvexBaseRewardPoolbaseRewardPool.withdrawAndUnwrapamount, true; // Deliver Curve LP Token...