No slippage tolerance set in NonUSTStrategy

Handle palina Vulnerability details Impact The exchange performed in NonUSTStrategy.sol via Curve is executed with "0" as the minimum amount received as the result of the operation, which is likely to be exploited by front-running and may lead to the loss of funds. Proof of Concept...

Manipulation of the Y State Results in Interest Rate Manipulation

Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...

Claimer can reenter contract on deposit withdrawal

Handle kenzo Vulnerability details Upon withdrawal of deposit, the claimer will be called with onDepositBurned. This happens after the claimer shares have been updated, but before the underlying has been sent away from the contract. Therefore the claimer can reenter the contract, at an intermedia...

investedAssets ignores fees and can cause insolvency

Handle danb Vulnerability details investedAssets doesn't substract the fees owed to the treasury, this makes the system think that it has more than it really has. Proof of Concept consider the following scenario: perfFeePct is 20%. the system generated 1M dollars yield in aust that it didn't rede...

timeswap testnet

Handle 0x1f8b Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...

Convenience contract fails to function if asset or collateral is an ERC20 token with fees

Handle Ruhum Vulnerability details Impact There are ERC20 tokens that collect fees with each transfer. If the asset or collateral used in a pair is of that type, the Convenience contract fails to function. It always sends the flat amount specified in the function's parameter. If the token collect...

No guard against zero address can possibly break functions with onlyOwner modifier

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the proposeOwnership function should check that the newOwner arg is not a zero address because one error can break every function in the contract that uses the onlyOwner modifier because if the owner is set to the zero address...

Iterating over large count numbers can cause out of gas errors

Handle jayjonah8 Vulnerability details Impact In XDEFIDistributionHelper.sol the getAllTokensForAccount function iterates over the count and performs actions on each iteration. Iterating over large arrays can cause out of gas failures and so the count number should be checked or limited to a max...

_lock Performs An Improper Check When Enforcing The MAX_TOTAL_XDEFI_SUPPLY Constraint

Handle leastwood Vulnerability details Impact The lock function intends to lock users' XDEFI tokens for a predetermined duration. The contract contains a MAXTOTALXDEFISUPPLY constraint which aims to prevent total deposits from exceeding this amount. However, lock does not check this correctly and...

borrow() function has state updates after a callback to msg.sender

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the borrow function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross functi...

Unbounded number of Collateral

Handle gzeon Vulnerability details Impact Each additional collateral will increase gas required for many operations, e.g. Liquidation. If there are too many collateral it may exceed the block gas limit. Proof of Concept Recommended Mitigation Steps Define a max number of collateral asset --- The...

Staking Zap add liquidity can be denied

Handle cmichel Vulnerability details The NFTXStakingZap.addLiquidity721WETH function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE by checking: function addLiquidity721WETH uint256 vaultId, uint256 memory ids, uint256 minWethIn, uint256 wethI...

Unsafe transfer in XTokenUpgradeable

Handle 0x1f8b Vulnerability details Impact Unsafe transfer was done. Proof of Concept In the method XTokenUpgradeable.burnXTokens it's made a transfer without checking the boolean result, ERC20 standard specify that the token can return false if the transfer was not made, so it's mandatory to che...

Oracle returns an improperly scaled USDV/VADER price

Handle TomFrenchBlockchain Vulnerability details Impact Invalid values returned from oracle in vast majority of situations Proof of Concept The LBT oracle does not properly scale values when calculating prices for VADER or USDV. To show this we consider the simplest case where we expect USDV to...

Pool Manager can frontrun fees to 100% and use it to steal the value from users

Handle pedroais Vulnerability details Impact Pool Manager can front-run entry fee to 100% and users could lose all their deposits Proof of Concept Considering : The pool manager is the creator of the pool Anyone can create a pool Manager is not a trusted actor Anyone can create a pool and get...

Unsafe transfers in NFTXFlashSwipe

Handle 0x1f8b Vulnerability details Impact Unsafe transfers. Proof of Concept In the methods NFTXFlashSwipe.flashSwipe and NFTXFlashSwipe.onFlashLoan there are some transfers, transferFroms and approve made without checking the boolean result, ERC20 standard specify that the token can return fals...

Missing of _userUpdate in unwrapFor in WJLP.sol

Handle UncleGrandpa925 Vulnerability details Impact Users' rewards in Wrapped JLP will be miscalculated. Hackers can exploit this to steal users' rewards. All WJLP's unwrapFor transactions will trigger the bug. Location Function unwrapFor in WJLP.sol Explanation of the bug So the nature of this...

Rewards can be stolen

Handle cmichel Vulnerability details The NFTXInventoryStaking contract distributes new rewards to all previous stakers when the owner calls the receiveRewards function. This allows an attacker to frontrun this receiveRewards transaction when they see it in the mem pool with a deposit function. Th...

Attacker can break addLiquidity721() by transferring vaultToken to the contract

Handle WatchPug Vulnerability details function addLiquidity721WETH uint256 vaultId, uint256 memory ids, uint256 minWethIn, uint256 wethIn, address to internal returns uint256, uint256, uint256 address vault = nftxFactory.vaultvaultId; requirevault != address0, "NFTXZap: Vault does not exist"; //...

Reward not transferred correctly

Handle csanuragjain Vulnerability details Impact Monetary loss for user Proof of Concept 1. Navigate to contract at 2. Let us see sendJoeReward function function sendJoeRewardaddress rewardOwner, address to internal // harvests all JOE that the WJLP contract is owed MasterChefJoe.withdrawpoolPid,...

Duplicate Collateral could cause financial instability

Handle csanuragjain Vulnerability details Impact Duplicate collaterals can be added which makes getValidCollateral return duplicate items. This impacts all function which uses getValidCollateral function like getPendingCollRewards, which will now calculate the pending reward twice for the duplica...

Dishonest Stakers Can Siphon Rewards From xToken Holders Through The deposit Function In NFTXInventoryStaking

Handle leastwood Vulnerability details Impact xTokens is intended to be a representation of staked vault tokens. As the protocol's vaults accrue fees from users, these fees are intended to be distributed to users in an inconsistent fashion. NFTXInventoryStaking is one of the ways users can stake...

Basket's max cap can be surpassed due to beneficiary entry fee

Handle kenzo Vulnerability details When joining a basket, the function verifies that the total supply + tokens the user asks to mint is smaller than the basket's max supply. However, this doesn't take into account the fact that additional tokens will be minted if there's an entry fee beneficiary...

Annualized fee APY dependence on the frequency of executing a function

Handle Czar102 Vulnerability details Impact The APY of the annualized fee is dependent on the frequency of the execution of the BasketFacet::chargeOutstandingAnnualizedFee. If it is called more frequently, the compounding is more frequent and the APY is higher. For less used baskets, the APY migh...

xToken Approvals Allow Spenders To Spend More Tokens

Handle leastwood Vulnerability details Impact The approve function has not been overridden and therefore uses xToken shares instead of the equivalent rebalanced amount, i.e. the underlying vault token amount. Proof of Concept The approved spender may spend more tokens than desired. In fact, the...

No access control on assignFees() function in NFTXVaultFactoryUpgradeable contract

Handle ych18 Vulnerability details In If the Vault owner decides to set factoryMintFee and factoryRandomRedeemFee to zero, any user could call the function NFTXVaultFactoryUpgradeable.assignFees and hence all the fees are updated. --- The text was updated successfully, but these errors were...

NFTXMarketplaceZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXMarketplaceZap provides an interface for users to interact with NFTX vaults by buying, selling and swapping ERC1155/ERC721 tokens. The mint721 and mint1155 functions perform strict equality checks on the vaults token balance for the...

No checks in setAddresses() functions

Handle jayjonah8 Vulnerability details Impact Since the setAddresses functions can only be called once during deployment and passes in many addresses which are set in storage, its important to have safety checks ensuring that there are no duplicate addresses which can easily happen while passing...

In CreditLine#_borrowTokensToLiquidate, oracle is used wrong way

Handle 0x0x0x Vulnerability details Current implementation to get the price is as follows: uint256 ratioOfPrices, uint256 decimals = IPriceOraclepriceOracle.getLatestPriceborrowAsset, collateralAsset; But it should not consult borrowToken / collateralToken, rather it should consult the inverse of...

Missing approve(0)

Handle sirhashalot Vulnerability details Impact There are 3 instances where the IERC20.approve function is called only once without setting the allowance to zero. Some tokens, like USDT, require first reducing the address' allowance to zero by calling approvespender, 0. Transactions will revert...

denial of service

Handle certora Vulnerability details if the borrow token is address0 ether, and someone calls withdrawLiquidity, it calls SavingsAccountUtil.transferTokens which will transfer to msg.sender, msg.value of withdrawLiquidity, because it's an internal function. In other words, the liquidity provided...

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a chainlink...

Chainlink's latestRoundData might return stale or incorrect results

Handle WatchPug Vulnerability details function sync public , int256 feedPrice, , uint256 timestamp, = feed.latestRoundData; Fixed18 price = Fixed18Lib.ratiofeedPrice, SafeCast.toInt256decimalOffset; if priceAtVersion.length == 0 || timestamp timestampAtVersioncurrentVersion + minDelay...

Missing Validation Of createPromotion Parameters

Handle leastwood Vulnerability details Impact The createPromotion function is called by a creator account denoted as msg.sender to fund a promotion with tokens allocated on a per epoch basis across a set epochs. However, the function does not perform the necessary checks on function inputs to...

Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, createPromotion assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in claimReward...

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

getRemainingRewards might fail unexpectedly

Handle certora Vulnerability details getRemainingRewards might fail unexpectedly. getRemainingRewards calls getRemainingRewards which calls getCurrentEpochId: function getCurrentEpochIdPromotion memory promotion internal view returns uint256 // elapsedTimestamp / epochDurationTimestamp return...

Can drain any promotion rewards

Handle gzeon Vulnerability details Impact There are no checks to make sure epochId const promotionId = 1; const wallet2Amount = toWei'750'; const wallet3Amount = toWei'250'; await ticket.mintwallet2.address, wallet2Amount; await ticket.connectwallet2.delegatewallet2.address; await...

Can drain any promotion rewards with a evil ticket

Handle gzeon Vulnerability details Impact TwabRewards check legitimacy of ticket by checking if the ticket have a controller method. function requireTicketaddress ticket internal view requireticket != address0, "TwabRewards/ticket-not-zero-address"; bool succeeded, bytes memory data =...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

IsContract Function Usage

Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...

Unlimited allowances let anyone move funds to child vaults

Handle 0x0x0x Vulnerability details A malicious attacker can move someones funds between their vaults, since max allowances are given. As a consequence, a malicious user can block activities such as reclaimTokens. Although, funds are not directly stolen, it is possible to revert transactions of...

Broken logic if rewardToken == depositToken

Handle gzeon Vulnerability details Impact There doesn't seems to be anything to prevent one the deploy a Stream with rewardToken == depositToken. If rewardToken == depositToken, some logic might be broken. Proof of Concept For example, 1. recoverTokens logic would be broken because it does not...

Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens

Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive and claimIncentive which is the way the contract "expects" incentives to go. Access to claiming incentives is limited to the stream...

LockeERC20 is vulnerable to frontrun attack

Handle egjlmn1 Vulnerability details Impact a user can steal another user's tokens if he frontrun before he changes the allowance. The approve function receives an amount to change to. Lets say user A approved user B to take N tokens, and now he wants to change from N to M, if he calls approveM t...

Excessive privilege for Timelock governor

Handle gzeon Vulnerability details Impact Timelock governor can change delay and gracePeriod at will, which render the timelock useless. function setDelayuint256 delay public onlyRoleGOVERNORROLE, "Must have timelock role" function setGracePerioduint256 gracePeriod public onlyRoleGOVERNORROLE,...

Anyone can remove liquidity

Handle jayjonah8 Vulnerability details Impact In UniswapHandler.sol, anyone can call the removeLiquidity function stealing all the lp tokens in the contract even if they never added liquidity in the first place since the function simply credits the msg.sender with the entire lp token balance of t...

Inaccurate fees computation

Handle cmichel Vulnerability details The MixinTransfer.shareKey function wants to compute a fee such that time + fee time == timeRemaining timePlusFee: uint fee = getTransferFeekeyOwner, timeShared; uint timePlusFee = timeShared + fee; However, if the time remaining is less than the computed fee...

Malicious user can get infinite free trial by repeatedly refund and repurchase right before the freeTrial ends

Handle WatchPug Vulnerability details The current design/implementation allows users who are refunded before to get another freeTrial. This can be exploited by malicious users to get an infinite free trial. PoC Given: keyPrice is 1 ETH; freeTrialLength is 31 days. A malicious user can: 1. Call...

Missing scaling factor in recordKeyPurchase?

Handle cmichel Vulnerability details The Unlock.recordKeyPurchase function computes the maxTokens as: maxTokens = IMintableERC20udt.balanceOfaddressthis valueInETH / 2 + 2 valueInETH / grossNetworkProduct / grossNetworkProduct; Note that grossNetworkProduct was already increased by valueInETH in...