NFT Creators Can Avoid Paying The Primary Foundation Fee

Lines of code Vulnerability details Impact The primary foundation fee is charged on the initial sale of newly minted NFTs. However, the isCreator && !nftContractToTokenIdToFirstSaleCompletednftContracttokenId check can easily be bypassed to avoid paying the primary foundation fee by selling the...

Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge

Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...

_autoAcceptOffer doesn't check if caller of setBuyPrice owns the NFT

Lines of code Vulnerability details Impact An attacker can create an offer then auto accept that offer for an NFT they don't own. This can happen for any NFT that the contract is approved for, or any NFT left in escrow with no active limitations Proof of concept Alice has an NFT that they either...

[WP-M6] Chainlink's latestRoundData might return stale results

Lines of code Vulnerability details function getUnderlyingPriceaddress underlying virtual external view returnsint256 answer if stablePriceunderlying != 0 return stablePriceunderlying; ,answer,,, = AggregatorV3InterfacechainLinkAggregatorMapunderlying.latestRoundData; answer /= 100; uint80 round,...

[WP-H4] The collateral assets impounded with settleBadDebt() will be frozen in the insuranceFund contract

Lines of code Vulnerability details In MarginAccount.solsettleBadDebt, the collateral assets will be seized and transferred to the insuranceFund contract. However, there is no way for the liquidity providers of the insuranceFund to get back the collateral assets. In the current implementation,...

denial fo service

Lines of code Vulnerability details processWithdrawals can process limited amount in each call. an attacker can push to withdrawals enormous amount of withdrawals with amount = 0. in order to stop the dos attack and process the withdrawal, the governance needs to spend as much gas as the attacker...

Functions getLatestRoundData and getRoundData do not check that the price returned from a chainlink aggregator is != 0 (Oracle.sol)

Lines of code Vulnerability details Impact The getLatestRoundData function in the contract Oracle.sol fetches the latestPrice directly from a Chainlink aggregator using the latestRoundData function. While latestPrice is checked for 0 and staleness, there is no check if the value is != 0. This cou...

User can't create TurboSafe through TurboMaster.createSafe()

Lines of code Vulnerability details Impact A user can't create a safe because of the requiresAuth modifier in createSafe. Neither directly through the TurboMaster contract nor through the router. Proof of Concept Here's the test file I used to confirm it. I had to modify the contracts a little bi...

ERC4626 mints more shares than it should

Lines of code Vulnerability details bug in the mint function of the ERC4626 contract The mint function recieves an amount of shares and an address to and mints the amount of shares to the to address. The sender must transfer an amount of token, so that the ratio will be saved - shares / totalShar...

Mint does not produce the intended amount of shares

Lines of code Vulnerability details Resubmitting this issue with a better explanation, apologize for the double submit. Impact In the mint function, it should produce shares token, but there is an inattention mistake and it produces amount tokens. Proof of Concept Assume the contract manages 1000...

Reentrancy in depositBribeERC20

Lines of code Vulnerability details Description The contract was found vulnerable to Reentrancy attack. It was noticed that the function depositBribeERC20 makes an external call to another untrusted address or a contract before it resolves any effects at line "" If the attacker controls the...

non erc20 token might revert when calling emergencyWithdrawERC20()

Lines of code Vulnerability details Impact when there is an emergency situation, the admin can call emergencyWithdrawERC20 to save the funds, however due to mismatch between non erc20 token like USDT and openzeppelin IERC20 where the open zeppelin IERC20 is expecting a return on the transfer...

admin can rug pull

Lines of code Vulnerability details In the links I provided, the admin can steal all user funds. this can cause reputation risk. --- The text was updated successfully, but these errors were encountered: All reactions...

ThecosomataETH.addLiquidity can be subject to sandwich attack

Lines of code Vulnerability details Impact Liquidity addition can happen at a manipulated pool state and result in receiving fewer LP shares than actual market state dictates Proof of Concept addLiquidity measures slippage based on the pool returned amount via calctokenamount: Pool returned amoun...

authenticate modifier can be bypassed

Lines of code Vulnerability details Impact In TurboRouter.sol the authenticate modifier checks if the msg.sender is equal to the owner function of an arbitrary address provided by the caller. Anyone can simply make a contract of the same type with the owner function returning an address that equa...

[WP-M1] Inappropriate handling of referralFee makes collecting Mirror fails without error when referrerProfileId is burned

Lines of code Vulnerability details In the current implementation, even when the profile's owner burnt the ProfileNFT, as the profile's legacy, the publications can still be collected. However, if the publication is a Mirror and there is a referralFee set by the original publication, the user won...

[WP-H8] ConvexStakingWrapper.sol#_calcRewardIntegral Wrong implementation can disrupt rewards calculation and distribution

Lines of code Vulnerability details uint256 bal = IERC20reward.token.balanceOfaddressthis; uint256 dreward = bal - reward.remaining; // send 20 % of cvx / crv reward to treasury if reward.token == cvx || reward.token == crv IERC20reward.token.transfertreasury, dreward / 5; dreward = dreward 4 / 5...

Possible rug #3

Lines of code Vulnerability details Impact Tokens can be consumed by the contract and sent to the saleRecipient address without any guarantee that sale tokens will ever be deposited in the sale contract. The sold tokens are only required in the finalize function, which clearly does not provide an...

Drain of funds by reentrancy in OpenLevV1.addMarket

Handle 0x1f8b Vulnerability details Impact It's possible to create a market, create trades, create a new market with different values, and preserve the previous trades pointing to the new tokens. Proof of Concept The method addMarket inside the contract OpenLevV1Lib increase the marketId numPairs...

Use of deprecated Chainlink function latestAnswer

Handle WatchPug Vulnerability details According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns 0, causing an incorrect price fed to the EIP1271Wallet. See: code-423n4/2021-07-wildcredit-findings75 ---...

Lack of access control on assertGovernanceApproved can cause funds to be locked

Handle shw Vulnerability details Impact Lack of access control on the assertGovernanceApproved function of FlashGovernanceArbiter allows anyone to lock other users' funds in the contract as long as the users have approved the contract to transfer flashGovernanceConfig.amount of...

Lack of access control in the parameterize function of proposal contracts

Handle shw Vulnerability details Impact Most of the proposal contracts have a parameterize function for setting the proposal parameters, and these functions are protected only by the notCurrent modifier. When the proposal is proposed through a lodgeProposal transaction, an attacker can front-run...

FarmingPools.sol Some users may not be able to get back their funds for tokens with tax on transfer

Handle WatchPug Vulnerability details Per the doc: Token with tax and rewards should accounted correctly and share with all holder accordingly. In the current implementation of FarmingPools.solstake, it assumes that the received amount is the same as the transfer amount, and recording it to...

Slippage protection

Handle pauliax Vulnerability details Impact Consider adding a configurable slippage parameter here to prevent users suffering from sandwitch bots: minAmountsOut0 = 0; minAmountsOut1 = 0; IVault.ExitPoolRequest ... minAmountsOut and used in both sNOTE and TreasuryManager contracts:...

Cvx3CrvOracle does not check that Chainlink data is fresh.

Handle TomFrenchBlockchain Vulnerability details Impact Usage of stale prices when querying chainlink oracles. Proof of Concept Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer wa...

Oracle data feed is insufficiently validated.

Handle throttle Vulnerability details Impact Price can be stale and can lead to wrong quoteAmount return value Proof of Concept Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong quoteAmount return value...

admin is not set in any function

Handle rfa Vulnerability details Impact all function that need to validate msg.sender == admin cannot be run. BscDexAggregator.sol Proof of Concept BscDexAggregator.sol is the child contract of Adminable.sol. some function in it need to validate that msg.sender is admin. There is no function that...

Cooldown and redeem windows can be rendered useless.

Handle ShippooorDAO Vulnerability details Impact Cooldown and redeem windows can be rendered useless. Proof of Concept Given an account that has not staked sNOTE. Account calls sNOTE.startCooldown Account waits for the duration of the cooldown period. Redeem period starts. Account can then deposi...

Reentrancy in withdrawGovernanceAsset

Handle 0x1f8b Vulnerability details Impact The method withdrawGovernanceAsset it's vulnerable to reentrancy attacks. Proof of Concept The method FlashGovernanceArbiter.withdrawGovernanceAsset it's vulnerable to reentrancy attacks because the flag stored in pendingFlashDecision it's deleted AFTER...

Anyone can withdraw others

Handle mics Vulnerability details Anyone can withdraw users shares. Although we think that they are sent to the right address, it is still 1 not the desired behavior 2 can be dangerous if the receiver is a smart contract 3 the receiver may not know someone withdraw him XOLE.withdrawReward...

LaunchEvent's createPair can be cause to always revert

Handle UncleGrandpa925 Vulnerability details Impact This issue impacts all LaunchEvent, forcing the issuer to write additional contracts to be able to createPair in LaunchEvent else it will always revert. Issue & Proof of Concept In LaunchEvent.sol, the function createPair is supposed to be calle...

Users' tokens can be stuck inside LaunchEvent if the token doesn't revert on failed transfers

Handle UncleGrandpa925 Vulnerability details Impact Users' tokens can be stuck inside LaunchEvent if the token doesn't revert on failed transfers. Issue When users call withdrawIncentives, if for any reasons the token transfer fails & the token doesn't revert but only returns a boolean, the user'...

Lack of input checks (withrawal penalties should always be greater than 0)

Handle pedroais Vulnerability details Impact If penalties are set to 0 the protocol would be vulnerable to price manipulations like the one described in the contest documentation. Proof of Concept The protocol uses economic penalties to punish withdraws to protect against economic price...

Attacker can collect all positive rebase from the poll

Handle gzeon Vulnerability details Impact The concept of ElasticSwap is not to change relative price upon positive rebase event. However, this allow an attacker to sandwich a known positive rebase event for profit. Proof of Concept 1. Assuming we have pool with 10000 base and 10000 quote token 2...

Big deposits will revert

Handle pedroais Vulnerability details Impact Big deposits will revert Proof of Concept If a deposit is greater than the total deposited the transaction will revert. In this line of code totalTokenBalanceStakers - amount is computed. If amount is bigger than TVL staking will revert. I consider thi...

The amount of tokens received by the pool might be less than expected for feeOnTransfer tokens

Handle UncleGrandpa925 Vulnerability details Impact This issue impacts any pools that use fee-on-transfer quoteTokens. The codebase is inspired by Uniswap, with one important change: the router is built right into the pool themselves. In addLiquidity, after having updated all internal parameters...

DoS and stealing users' USDC

Handle OriDabush Vulnerability details Sherlock.sol An attacker can DoS the system and steal user's USDC if he manages to stake his USDC first i.e. minting token ID 1. It can be done by calling the initialStake with every amount let's say amount = 1 for example. Let's assume the lock period is...

No check that _baseToken or _quoteToken address is not address(this)

Handle jayjonah8 Vulnerability details Impact In ExchangeFactory.sol the createnewExchange function takes in the addresses baseToken and quoteToken. There are require checks to make sure that these are not zero addresses but no require checks to ensure that either of these addresses are not...

Griefing attack on migrateLPT can prevent token transfer to L2

Handle harleythedog Vulnerability details Impact In L1Migrator.sol the function migrateLPT can be called by anyone. A malicious user can call migrateLPT with a small maxSubmissionCost argument to intentionally make the retryable ticket creation fail. This will lock the LPT in the L1 escrow. Now,...

L2Migrator allows a user to migrate once through claimStake() and once through finalizeMigrateDelegator()

Handle Ruhum Vulnerability details Impact There are two ways to migrate from L1 to L2. Either through the cross-chain or the snapshot migration, as specified here But, a user is able to migrate twice by using both options. Proof of Concept The issue is that the migratedDelegator map is not used...

L1Migrator.migrateETH can be used to take away protocol's access to funds

Handle Ruhum Vulnerability details Impact The L1Migrator.migrateETH function can be called by anyone. It pulls all the ETH from the BridgeMinter contract and starts the process of moving the funds to L2. First of all, this function is only executable once. The RetryableTicket created with the fir...

L1LPTGateway.sol does not make use of safeTransferFrom

Handle jayjonah8 Vulnerability details Impact In the L1LPTGateway.sol transferFrom is used in several parts of the file. Tokens that don’t correctly implement the latest EIP20 spec will be unusable in the protocol as they revert the transaction because of the missing return value. Proof of Concep...

Expired insurance status set incorrectly after unlock of funds

Handle ye0lde Vulnerability details Impact Expired insurance status set incorrectly after unlock of funds The insurance status is not set to false and the unlock function can be called over and over driving the lockedAmount to 0. The distorted lockedAmount will then cause liquidity and utilizatio...

[WP-H24] Wrong design/implementation of permission control allows malicious/compromised Registry or Factory admin to steal funds from users' wallet balances

Handle WatchPug Vulnerability details The current design/implementation allows a market address registered on registry to call VaultaddValue and transfer tokens from an arbitrary address to a specified beneficiary up the approved amount at any time, and the beneficiary can withdraw the funds by...

the first depositor to an index can drain all users

Handle danb Vulnerability details if there is no liquidity in the pool, the first deposit determines the total liquidity, if the amount is too small the minted liquidity for the next liquidity providers will round down to zero. Impact An attacker can steal all money from liquidity providers. Proo...

applyCover() Does Not Enforce Index Market Lock

Handle leastwood Vulnerability details Impact The applyCover function is called by the insurance pool owner and intends to store data related to an insurance incident. Upon function execution, applyCover iterates over all available index markets and calls lock, denying all deposits and withdrawal...

Index compensate is 0 when totalLiquidity() is enough to cover the whole amount

Handle pauliax Vulnerability details Impact In IndexTemplate, function compensate, When amount value, and = totalLiquidity, the value of compensated is not set, so it gets a default value of 0: if value = amount ... compensated = amount; else ... if totalLiquidity amount ... compensated = value +...

Signature replay

Handle 0x1f8b Vulnerability details Impact Signature replay in PoolTemplate. Proof of Concept The redeem method of PoolTemplate verifies the data stored in incident, and the verification logic of this process is performed as following: require MerkleProof.verify merkleProof, targets, keccak256...

No slippage protection on _swapUnderlyingToUst can lead to lost funds

Handle harleythedog Vulnerability details Impact The function swapUnderlyingToUst exists to swap underlying tokens to Ust. The last argument to exchangeunderlying is mindy, which specifies the minimum number of Ust to be returned from the swap. Currently, this value is set to 0, so the function i...

Both _mint and _safeMint are used to mint NFTs

Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...