Market-specific pause is not checked for sponsor

Handle cmichel Vulnerability details Vulnerability Details The treasury only checks its globalPause field but does not check its market-specific marketPaused field for Treasury.sponsor. A paused market contract can therefore still deposit as a sponsor using Market.sponsor Impact The market-specif...

Pot distribution does not need to add up to 100%

Handle cmichel Vulnerability details Vulnerability Details The Factory.setPotDistribution allows specifying values that add up to less than 100% because of the inequality = 1000 instead of an equality == 1000. Impact If using less than 100%, funds could become stuck in the market for certain mode...

erc20 transfer and transferFrom functions

Handle pauliax Vulnerability details Impact When transfering erc20 tokens, functions transfer and transferFrom are used. These functions return boolean to indicate if the action was successful, however, none of the usages check the returned value: erc20.transferFrommsgSender, addressthis, amount;...

Unchecking the ownership of mph in function distributeFundingRewards could cause several critical functions to revert

Handle shw Vulnerability details Impact In contract MPHMinter, the function distributeFundingRewards does not check whether the contract itself is the owner of mph. If the contract is not the owner of mph, mph.ownerMint could revert, causing functions such as withdraw, rolloverDeposit,...

Sorry, I used the wrong submission form, the recent issues are not relevant for NFTX 🤦‍♂️

Handle cmichel Vulnerability details --- The text was updated successfully, but these errors were encountered: All reactions...

transferERC721 doesn't clean timelockERC721s

Handle gpersoon Vulnerability details Impact The function transferERC721 works similar to the functions timeUnlockERC721 with timelocked NFT's. However timeUnlockERC721 cleans timelockERC721s delete timelockERC721skey;, while transferERC721 doesn't clean timelockERC721s This could mean that...

The direct redeem fee can be circumvented

Handle janbro Vulnerability details Summary The direct redeem fee can be circumvented Risk Rating Medium Vulnerability Details Since the random NFT is determined in the same transaction a payment or swap is being executed, a malicious actor can revert a transaction if they did not get the NFT the...

Missing SafeMath

Handle adelamo Vulnerability details Here more info: --- The text was updated successfully, but these errors were encountered: All reactions...

Randomization of NFTs returned in redeem/swap operations can be brute-forced

Handle 0xRajeev Vulnerability details Impact If we assume that certain NFTs in a vault over time will have different market demand/price then the users will try to redeem those specific NFTs. Even if direct redeems are disabled to prevent such a scenario to default to returning randomized NFTs, a...

Missing nonReentrant in swapTo

Handle adelamo Vulnerability details Here you have more info: --- The text was updated successfully, but these errors were encountered: All reactions...

erc1155 are redeemed one by one

Handle paulius.eth Vulnerability details Impact When depositing erc1155s amounts array is used and tokens are sent in bulk safeBatchTransferFrom, however, when redeeming it iterates over the amount and redeems it one by one. It is not convenient when the amount is large. Let's say I deposited 100...

Missing allValidNFTs and afterRedeemHook with swapTo?

Handle gpersoon Vulnerability details Impact The function swapTo of NFTXVaultUpgradeable.sol is kind of a combination of mintTo and redeemTo the code looks very similar to a combination of mintTo and redeemTo. Before receiveNFTs I would expect a call to allValidNFTs, like in mintTo. This is to ma...

Beebots.randomIndex() Can Be Manipulated To Not Be Random Without Costing Alice Anything

Handle jvaqa Vulnerability details Impact Beebots.randomIndex Can Be Manipulated To Not Be Random Without Costing Alice Anything. Since lower-numbered ids are seemingly more valuable, a malicious attacker can manipulate randomIndex to give themselves a more desirable value at no cost to themselve...

Beebots.TradeValid() Will Erroneously Return True When Maker Is Set To Address(0) and makerIds Are Set To The TokenIds of Unminted Beebot NFTs

Handle jvaqa Vulnerability details Impact Beebots.TradeValid Will Erroneously Return True When Maker Is Set To Address0 and makerIds Are Set To The TokenIds of Unminted Beebot NFTs Beebots.verify Returns True No Matter What Signature Is Given When Signer Is Set To address0. This means that...

Missing zero/threshold check for NFT sale price

Handle 0xRajeev Vulnerability details Impact A zero or some minimum threshold check is missing for price parameter of startSale function which sets the mint price for NFTs. If accidentally set to 0 then all sales happen at this incorrect price leading to missed revenue. This cannot be corrected...

Wrong calcAsymmetricShare calculation

Handle @cmichelio Vulnerability details Vulnerability Details The inline-comment defines the number of asymmetric shares as u U 2 A^2 - 2 U u + U^2/U^3 but the Utils.calcAsymmetricShare function computes uA 2U^2 - 2uU + u^2 / U^3 which is not equivalent as can be seen from the A^2 term in the fir...

flashProof is not flash-proof

Handle @cmichelio Vulnerability details Vulnerability Details The flashProof modifier is supposed to prevent flash-loan attacks by disallowing performing several sensitive functions in the same block. However, it performs this check on tx.origin and not on an individual user address basis. This...

Undefined behavior for DAO and GRANT vote proposals in DAO.sol

Handle 0xRajeev Vulnerability details Impact Given that there are only three proposal types GRANT, UTILS, REWARD that are actionable, it is unclear if 'DAO' type checked in voteProposal is a typographical error and should really be 'GRANT'. Otherwise, GRANT proposals will only require quorum 33%...

Initialization can be front-run in DAO.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

Incorrect operator used in deploySynth() of Pools.sol

Handle 0xRajeev Vulnerability details Impact The deploySynth function in Pools.sol is expected to perform a check on the token parameter to determine that it is neither VADER or USDV before calling Factory’s deploySynth function. However, the require incorrectly uses ‘||’ operator instead of ‘&&’...

Missing fromToken != toToken check in MarginRouter.crossSwapExactTokensForTokens/MarginRouter.crossSwapTokensForExactTokens

Email address [email protected] Handle @cmichelio Eth address 0x6823636c2462cfdcD8d33fE53fBCD0EdbE2752ad Vulnerability details Attacker calls MarginRouter.crossSwapExactTokensForTokens with a fake pair and the same token0 == tokne1. crossSwapExactTokensForTokens1000 WETH, 0, ATTACKERCONTRACT, WETH,...

Upgraded Q -> 2 from #341 [1705001382135]

Judge has assessed an item in Issue 341 as 2 risk. The relevant finding follows: L03: Auction parameters can be changed during an auction --- The text was updated successfully, but these errors were encountered: All reactions...

In FxERC20RootTunnel, there is no option to get bridged tokens back in case the transaction can not be executed on L2

Lines of code Vulnerability details Impact If the transaction on L2 fails to be executed the tokens deposited on L1 will be lost since there is no way to recover them Proof of Concept When calling FxERC20RootTunnel:: withdraw the users deposits a certain amount of tokens to the bridge that he wan...

TRANSACTION EXECUTION IS DoS IN THE CROSS-CHAIN GOVERNANCE CONTRACTS AND IN THE GNOSIS SAFE COMMUNITY MULTISIG TRANSACTION CHECKS SINCE THE WRONG payload IS EXTRACTED FROM THE data BYTES ARRAY

Lines of code Vulnerability details Impact The GuardCM.verifyBridgedData function is used to verify the bridged data for authorized combinations of targets and selectors in the Gnosis Safe community multisig. The data payload is passed into the verifyBridgedData function which is then unpacked...

Upgraded Q -> 2 from #549 [1704652745528]

Judge has assessed an item in Issue 549 as 2 risk. The relevant finding follows: L-02 The first piece created can pass quorumVotes without any votes if totalSupply of ERC20 votes is zero --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #8 [1703832984112]

Judge has assessed an item in Issue 8 as 2 risk. The relevant finding follows: Remove WLP from whitelist should not block user from removing WLP --- The text was updated successfully, but these errors were encountered: All reactions...

Signature Verification for voteForManyWithSig Function

Lines of code Vulnerability details Potential Risk: The voteForManyWithSig function in the CultureIndex contract allows users to vote on multiple pieceIds using a provided signature. While it attempts to verify the signature, there are some potential risks associated with signature verification...

Incorrect Termination Condition

Lines of code Vulnerability details The provided termination condition if pos = size / 2 && pos = size is incorrect. This condition is not suitable for terminating the maxHeapify function. It should instead be based on comparing values in the heap to ensure the max heap property. The condition if...

Input Validation for createPiece Function

Lines of code Vulnerability details Potential Risk: The createPiece function in the CultureIndex contract takes two parameters: metadata and creatorArray. While the function calls the validateCreatorsArray and validateMediaType functions to validate the input data, it does not verify whether the...

_verifyVoteSignature wrong implementation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. voteHash = keccak256abi.encodeVOTETYPEHASH, from, pieceIds, noncesfrom++, deadline; here we are using noncesfrom++ for calculating voteHash but different from address can have the same noncesfrom++...

Api3OracleReader may be unavailable up to 1 hour if the timestamp of the price from the Api3Server is bigger than the current block.timestamp

Lines of code Vulnerability details Impact Oracle unavailable for up to 1 hour, which could lead to positions going underwater and being liquidated when it becomes live again, without users having the chance to repay/collateralize. Proof of Concept The airnode code has a note concerning this...

Decimals of LendingPool don't take into account the offset introduced by VIRTUAL_SHARES

Lines of code Vulnerability details Impact The impact of this finding is more on the marketing/data fetching side, on exchanges it would appear that the shares are worth less VIRTUALSHARES than the underlying token. Given that it would influence the perception of the value of the shares token,...

malicious borrowers can follow reclaimLiquidity() then execute addPremium() to invalidate renewalCutoffTime

Lines of code Vulnerability details Vulnerability details LP can set renewalCutoffTime=block.timestamp by executing reclaimLiquidity, to force close position function liquidatePosition DataStruct.ClosePositionParams calldata params, address borrower external override nonReentrant ... if...

If the NFT is because the auction is not met the reservePrice in _settleAuction() function, during the auction the totalSupply of erc721VotingToken is get in the quorumVotes, leading that the piece cannot be drpped

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

openPosition() use stale feeGrowthInside0LastX128/feeGrowthInside1LastX128

Lines of code Vulnerability details Vulnerability details When openPosition, we need to record the current feeGrowthInside0LastX128/feeGrowthInside1LastX128. And when closing the position, we use Base.getOwedFee to calculate the possible fees generated during the borrowing period, which are used ...

InitCore.liquidate will revert in case if poolOut is paused for collateral

Lines of code Vulnerability details Proof of Concept InitCore.liquidate function tries to check, that provided poolOut variable is valid pool of protocol. It does it using vars.config.isAllowedForCollateral check. As you can see, in case if poolOut will be paused as collateral for the mode, then...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

Small positions are allowed in the system that are not profitable for liquidators

Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...

bad debt is not socialized

Lines of code Vulnerability details Proof of Concept In case if borrower's position is unhealthy, then he can be liquidated. Liquidator can provide amount of shares in poolToRepay that he will cover and expects to get back poolOut shares. It is possible that position created a bad debt. This mean...

The owner is a single point of failure and a centralization risk

Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...

Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP

Lines of code Vulnerability details Impact Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP Proof of Concept User can use WLP as collateral, even use WLP purely as collateral to borrow fund from lending pool the collateral worth of WLP...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

Interface improperly implemented

Lines of code 34, 34, 34, 34, 30, 31, 32, 34, 35, 38https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audi...

Unsafe usage of msg.value in a loop

Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

Incorrect indexing in constructor of Curve Adapters causes both contracts to assume xToken and lpToken to be the same token

Lines of code Vulnerability details Impact Curve Adapter contracts are unusable, as the protocol won't be able to tell the difference between which token USDC/USDT or lpToken is intended on being used for the transaction. Vulnerability details In the constructors of the Curve2PoolAdapter.sol and...

Users can add 6 decimal token funds for free

Lines of code Vulnerability details There is a logic error in convertDecimals function which means wrapping interactions for tokens with less than 18 decimals are processed incorrectly. The below is triggered in convertDecimals where the input parameter decimals is less than 18. If amountToConver...

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...