Improper Upper Bound Definition on the Fee

Handle defsec Vulnerability details Impact In the adjustGlobalParams function on line 1603of "", adjustGlobalParams function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. Proof of Concept The setFee function that begins o...

_transferBurn does not actually burn tokens (decrease supply)

Handle harleythedog Vulnerability details Impact The implementation of transferBurn in ovl/OverlayToken.sol does not actually burn any tokens since totalSupply is not decreased see the implementation for burn for reference of what should be done. The transferBurn function is a helper function tha...

Missing Emergency Pause Check

Handle defsec Vulnerability details Impact During the manual code review, It has been observed that minting progress is not checked when the contract is emergency paused. This can cause misfunctionality and unlocking user funds during the emergency pausing. Proof of Concept 1- Navigate to ""...

setGuardian() Wrong implementation

Handle WatchPug Vulnerability details function setGuardianaddress guardian external onlyGovernance; governance = guardian; function setGuardianaddress guardian external onlyGovernance; governance = guardian; governance = guardian should be guardian = guardian. --- The text was updated successfull...

redeem may return less than minOut

Handle gzeon Vulnerability details Impact redeem may return less than minOut if wrong token is supplied with poolID=3 because there is no check against minOut in L230-L232. Proof of Concept 1. User mistakenly call redeemUSDC, 100, 3, 0, 100 2. The contract take 100 bBTC from the user, redeem it...

setGuardian incorrectly set governance in IbbtcVaultZap.sol

Handle gzeon Vulnerability details Impact setGuardian incorrectly set governance in IbbtcVaultZap.sol Proof of Concept onlyGovernance; governance = guardian; Tools Used Recommended Mitigation Steps --- The text was updated successfully, but these errors were encountered: All reactions...

Wrong design/implementation of addLiquidity() allows attacker to steal funds from the liquidity pool

Handle WatchPug Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the...

Attacker can claim more IL by manipulating pool price then removeLiquidity

Handle gzeon Vulnerability details Impact Vader reimburse user IL immediately when user withdraw from the pool VaderRouterV2.sol:L227, an attacker can therefore manipulate the pool balance causing a high IL, remove liquidity and restore the pool balance such that he will receive a larger IL...

Mixing different types of LP shares can lead to losses for Synth holders

Handle hyh Vulnerability details Impact Users that mint Synths do not get pool shares, so exiting of normal LP can lead to their losses as no funds can be left for retrieval. Proof of Concept 3 types of mint/burn: NFT, Fungible and Synths. Synths are most vilnerable as they do not have share: LP...

Lacking Validation Of Chainlink' Oracle Queries

Handle leastwood Vulnerability details Impact TwapOracle.consult is missing additional validations to ensure that the round is complete and has returned a valid/expected price. The consult improperly casts an int256 price to uint256 without first checking the value. As a result, the variable may...

Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are balancing each other economically, while with introduction of IL reimbursement a malicious user can profit immediately from out of balance pool with a swap and profit again...

Anyone Can Arbitrarily Call FSDVesting.updateVestedTokens()

Handle leastwood Vulnerability details Impact The updateVestedTokens function is intended to be called by the FSD.sol contract when updating a user's vested token amount. A check is performed to ensure that user == beneficiary, however, as user is a user controlled argument, it is possible to spo...

Stop ramp target price would create huge arbitrage space.

Handle jonah1005 Vulnerability details Stop ramp target price would create huge arbitrage space. Impact stopRampTargetPrice would set the tokenPrecisionMultipliers to originalPrecisionMultipliers0.mulcurrentTargetPrice.divWEIUNIT; Once the tokenPrecisionMultipliers is changed, the price in the AM...

Double Spend in AirDropDistribution.sol

Handle elprofesor Vulnerability details HIGH Impact Due to improper validation of input, approved airdrop users are able to double spend airdrop allocated tokens. This is due to insufficient validation in validate and claimExact which allows the user to reset the amount of tokens they have claime...

Unbounded loop in TwapOracle.update can result in oracle being locked

Handle TomFrench Vulnerability details Impact Loss of ability of TwapOracle to update should too many pools be added. Proof of Concept TwapOracle allows an unlimited number of pairs to be added and has no way of removing pairs after the fact. At the same time TwapOracle.update iterates through al...

Claim airdrop repeatedly

Handle gpersoon Vulnerability details Impact Suppose someone claims the last part of his airdrop via claimExact of AirdropDistribution.sol Then airdropmsg.sender.amount will be set to 0. Suppose you then call validate again. The check "airdropmsg.sender.amount == 0" will allow you to continue,...

Can't claim last part of airdrop

Handle gpersoon Vulnerability details Impact Suppose you are eligible for the last part of your airdrop or your entire airdrop if you haven't claimed anything yet. Then you call the function claim of AirdropDistribution.sol, which has the following statement: "assertairdropmsg.sender.amount -...

Admin can abuse grantSlingshot and steal user funds

Handle kenzo Vulnerability details After user has .approved ApprovalHandler, admin can grantSlingshot himself, and then call ApprovalHandler.transferFrom with parameters that will transfer all tokens to himself before the user calls Slingshot's executeTrades. Although this vulnerability requires ...

pricePerShare might become stale and cause to lose user funds, as update is not enforced

Handle kenzo Vulnerability details In WrappedIbbtcEth, as the code says, updatePricePerShare must be called once in a while to ensure pricePerShare is up to date. However the contract is not enforcing or validating it in any way. If for example the external server that runs the periodic update...

Profit from difference between core.pricePerShare() and pricePerShare()

Handle gpersoon Vulnerability details Impact Suppose there is a small difference between core.pricePerShare and pricePerShare of WrappedIbbtcEth.sol on Eth main chain. This could be due to the fact that updatePricePerShare hasn't been called for a while, or a sudden change in core.pricePerShare. ...

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should checked for success. See VestedRewardPool.claim which performs ERC20 transfers without checking for the return value. Impact As the trusted moc...

Owner has unlimited minting capability

Handle Koustre Vulnerability details Impact Malicious owner is able to abuse the minting capability of the token USDM. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended...

Vault fails to track debt correctly that leads to bad debt

Handle jonah1005 Vulnerability details Impact It's similar to the issue "misuse amount as increasing debt in the vault contract". Similar issue in a different place that leads to different exploit patterns and severity. When users borrow usdm from a vault, the debt increased by the amount 1.005...

Referrer can drain ReferralFeePoolV0

Handle gzeon Vulnerability details Impact function claimRewardAsMochi in ReferralFeePoolV0.sol did not reduce user reward balance, allowing referrer to claim the same reward repeatedly and thus draining the fee pool. Proof of Concept L28-47 did not reduce user reward balance Tools Used None...

debts calculation is not accurate

Handle gpersoon Vulnerability details Impact The value of the global variable debts in the contract MochiVault.sol is calculated in an inconsistent way. In the function borrow the variable debts is increased with a value excluding the fee. However in repay and liquidate it is decreased with the...

fillZrxQuote doesn't return correct values when zrxSellTokenAddress == zrxBuyTokenAddress

Handle harleythedog Vulnerability details Impact Suppose that swapByQuote is called with zrxSellTokenAddress == zrxBuyTokenAddress, and neither of these addresses "signifiesETHOrZero". The contract first transfers amountToSell of these tokens from the sender's account into the contract and update...

Validators can only be added but not removed

Handle pants Vulnerability details The contract allows only to add validators but doesn't allow to remove them. The addValidator fucntion adds them and there is no function to remove a Validator. This is ability the owner should have. A similar issue is here: code-423n4/2021-06-gro-findings51 ---...

UserManager: updateLockedData() doesn't check that the amount is actually locked.

Handle itsmeSTYJ Vulnerability details Impact The function updateLockedData does not actually check if the amount required to be locked is actually locked. Proof of Concept Same solution as my other high issue. I've added comments where relevant. function updateLockedData address borrower, uint25...

Users could lose funds if owner took out reward which is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch. Proof of Concept This is my test case to proof this issue. This issue occur because of Line 104 Ex. If allocatedTokensPerEpoch is 1 CQT. and now available epo...

Prevent execution with invalid signatures

Handle gpersoon Vulnerability details Impact Suppose one of the supplied addrsi to the constructor of Identity.sol happens to be 0 by accident. In that case: privileges0 = 1 Now suppose you call execute with an invalid signature, then recoverAddrImpl will return a value of 0 and thus signer=0. If...

PrizePool.awardExternalERC721() Erroneously Emits Events

Handle leastwood Vulnerability details Impact The awardExternalERC721 function uses solidity's try and catch statement to ensure a single tokenId cannot deny function execution. If the try statement fails, an ErrorAwardingExternalERC721 event is emitted with the relevant error, however, the faile...

Number of prizes math is wrong

Handle cmichel Vulnerability details The math described in Splitting the prizes and implemented in DrawCalculator.numberOfPrizesForIndex seems to be wrong. Assuming a bit range of 4 16 possibilities per position and cardinality of 8. Note that degree is determined by the first position where it...

Basket.sol#mint() Malfunction due to extra nonReentrant modifier

Handle WatchPug Vulnerability details function mintuint256 amount public nonReentrant override mintToamount, msg.sender; function mintTouint256 amount, address to public nonReentrant override requireauction.auctionOngoing == false; The mint method is malfunction because of the extra nonReentrant...

TridentNFT.permit should always check recoveredAddress != 0

Handle cmichel Vulnerability details The TridentNFT.permit function ignores the recoveredAddress != 0 check if isApprovedForAllownerrecoveredAddress is true. Impact If a user accidentally set the zero address as the operator, tokens can be stolen by anyone as a wrong signature yield...

Incorrect usage of typecasting in burn lets an attacker corrupt the pool state

Handle broccoli Vulnerability details Impact In the burn function of ConcentratedLiquidityPool, when calling updatePosition, the amount of liquidity to burn is explicitly converted from uint128 to int128, which could result in a positive integer if amount is larger than 1 127 and less than 1 128...

exitZcTokenFillingZcTokenInitiate in Swivel.sol, token transfer may fail without function reverting

Handle GalloDaSballo Vulnerability details Impact exitZcTokenFillingZcTokenInitiate in Swivel.sol uses transferFrom this function can failmeaning tokens are not transferred,without causing a revert. This can break the accounting of the protocol The reason why this can happen is that certain ERC20...

Wrong reward calculation

Handle 0xsanson Vulnerability details Impact In ConcentratedLiquidityPoolManager, an user can claimReward of a subscribed position. In order to compute the correct amount, secondsUnclaimed needs to be calculated, but it's implemented incorrectly: uint256 secondsUnclaimed = maxTime -...

ConcentratedLiquidityPoolManager's incentives can be stolen

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager keeps all tokens for all incentives in the same contract. The reclaimIncentive function does not reduce the incentive.rewardsUnclaimed field and thus one can reclaim tokens several times. This allows anyone to steal all...

Previously created markets can be overwritten

Handle 0xRajeev Vulnerability details Impact The createMarket function allows accidental overwriting of previously created markets for the same combination of underlying and maturity timestamp u, m because there is no zero-address check to see if a previously created market exists for that...

ConcentratedLiquidityPoolHelper: getTickState() might run out of gas

Handle hickuphh3 Vulnerability details Impact getTickState attempts to fetch the state of all inserted ticks including MINTICK and MAXTICK of a pool. Depending on the tick spacing, this function may run out of gas. Recommended Mitigation Steps Have a starting index parameter to start the iteratio...

uToken's approve() Function is Susceptible to Frontrunning Attacks

Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...

Burning does not update reserves

Handle cmichel Vulnerability details The ConcentratedLiquidityPool.burn function sends out amount0/amount1 tokens but only updates the reserves by decreasing it by the fees of these amounts. unchecked // @audit decreases by fees only, not by amount0/amount1 reserve0 -= uint128amount0fees; reserve...

ConcentratedLiquidityPoolManager: reclaimIncentive() does not decrement rewardsUnclaimed

Handle hickuphh3 Vulnerability details Impact reclaimIncentive withdraws any unclaimed rewards to the incentive owner. While there is a check to prevent re-claiming of rewards requireincentive.rewardsUnclaimed = amount, "ALREADYCLAIMED"; it is ineffective because incentive.rewardsUnclaimed is not...

Erc20.transferFrom() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transferFrom. The function Erc20.transferFrom reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant tok...

Incentives for different pools should differ by a large factor

Handle tensors Vulnerability details I'm adding this as an issue because I didn't see it mentioned anywhere in the codebase, and I think its a fair point that relates to how the protocol gives out rewards to users. As I understand , the point of staking is to provide users with additional...

No bar fees for IndexPools?

Handle 0xsanson Vulnerability details Impact IndexPool doesn't collect fees for barFeeTo. Since this Pool contains also a method updateBarFee, probably this is an unintended behavior. Also without a fee, liquidity providers would probably ditch ConstantProductPool in favor of IndexPool using the...

User’s Ether may get left behind in the Router

Handle 0xRajeev Vulnerability details Impact If the user deposits less ETH than claimed by the params.tokenIn for native functions, then wETH is transferred from the msg.sender to pool, while the user's ETH is left behind in the Router. Proof of Concept Tools Used Manual Analysis Recommended...

Unsafe casts to uint120

Handle pauliax Vulnerability details Impact contract IndexPool does unsafe casts to uint120, e.g.: uint120 ratio = uint120divtoMint, totalSupply; It trusts the input from the user and converts without assurance that the value will fit in this narrow type. Depending on the pool state and parameter...

IndexPool.sol#_pow() Wrong implementation

Handle WatchPug Vulnerability details function powuint256 a, uint256 n internal pure returns uint256 output output = n % 2 != 0 ? a : BASE; for n /= 2; n != 0; n /= 2 a = a a; if n % 2 != 0 output = output a; 1. a a without div by BASE will accumulate decimals unexpectedly and leads to overflow...

onlyOwner Role Can Manipulate Price Oracle

Handle leastwood Vulnerability details Impact The V2 LendingController.sol contract incorporates a custom oracle used to fetch the relevant price feeds for token pairs. The onlyOwner role is controlled by a modified timelock contract callable only from a single externally owned account. This role...