ERC721 and ERC1155 Reentrancy Guard is Incomplete and Wrongly Implemented

Lines of code Vulnerability details Impact Whether there is a ERC721 and ERC1155 Interaction clash or not, or if there is an inadequate transfer callback, all this would not matter as reversion would not occur due to absence of proper validation during wrap of ERC721 and ERC1155 in the Ocean.sol...

Fee on transfer tokens are not accounted for in any way

Lines of code Vulnerability details Impact Fee on transfer or other unique tokens are not properly accounted for. This could lead to wrong accounting within The Ocean and eventual losses for the protocol. Proof of Concept The Ocean doesn't keep track of its balances when a user is wrapping a toke...

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

Upgraded Q -> 2 from #776 [1701456793936]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

Excess funds sent via msg.value not refunded

Lines of code 201 Vulnerability details Impact The code below allows the caller to provide Ether, but does not refund the amount in excess of what's required, leaving funds stranded in the contract. The condition should be changed to check for equality, or the code should refund the excess. File:...

Upgraded Q -> 2 from #776 [1701285150754]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Impact Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations th...

Improper validation can cause fee error and loss of funds.

Lines of code Vulnerability details Impact If the amount is equal to zero the fee will be equal to zero, there is no check for amount should not be equal to zero the condition passes, it will fetch bondingCurve address then calcutes the price from LinearBondindCurve.sol,fee = priceForOne amount...

Malicious shares can't be paused or stopped after creation, so users will continue use them

Lines of code Vulnerability details Impact In case if share creator is a malefactor he can try to do multiple malicious operations: Pump and Dump attack with price manipulation, artificially increase fees for NFT minting. Proof of Concept Both attacks described in my other reports and unfortunate...

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

Sandwich attack on buy()

Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...

Creator can earn holder fee

Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...

First deposit of 1 Wei will block further rsETH minting

Lines of code Vulnerability details Impact If the initial deposit in the DepositPool is 1 wei of any supported token rETH, cbETH, or stETH, 1 wei of rsETH will be minted for the first depositor. However, subsequent rsETH minting will be prevented because the rsethAmountToMint will always round do...

getAssetPrice in ChainlinkPriceOracle.sol can return stale price.

Lines of code Vulnerability details Summary On chainlink oracle for every pair of tokens price updating time is different. After that particular time the price will be updated. getAssetPrice function is not checking when the last time the price was updated. So it may return stale price . So the...

Users could game oracle price deviation

Lines of code Vulnerability details Summary Prices returned from Chainlink oracles have different conditions to update the reported values, which can be abused by Impact Prices for the different LST assets supported in the Kelp protocol are obtained from a Chainlink oracle. The data feeds for eac...

Missing slippage check in deposit function

Lines of code Vulnerability details Summary Users depositing in the protocol have no control over the amount of RSETH minted in return for their deposit. Impact The depositAsset function present in the LRTDepositPool contract allows users to deposit any of the supported assets into the protocol i...

Malicious first depositor can steal all funds from all future depositors

Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...

Fractional shares are not respected

Lines of code Vulnerability details Impact getRSETHPrice will return the rate at which RSETH are being minted as to maintain each user stake in balance. Goal is to maintained fractional shares. However, since users are expected to swap on external AMMs, the fractional share will not be kept as AM...

Adding a randomizer to a collection should be mandatory

Lines of code Vulnerability details Impact The minting process will be broken. Proof of Concept In the current setup, a randomizer contract can be associated with each collection, and it plays a crucial role in generating a random value for token uniqueness during the minting process. Here's a...

The absence of sanity checks in the MinterContract#mintAndAuction() function can lead to avoidable error scenarios.

Lines of code Vulnerability details Impact The setCollectionCosts function within the MinterContract is utilized to establish the collection costs and sales model for an upcoming collection sale. As outlined in the documentation, the expectation is that one token can be minted and auctioned durin...

RandomizerNXT allows randomness re-rolling and also front-running.

Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...

Input validation for the fields within opts (like opts.name, opts.symbol, opts.voteDuration, etc.) is necessary to ensure they meet the expected criteria.

Lines of code Vulnerability details M3 - Input validation for the fields within opts like opts.name, opts.symbol, opts.voteDuration, etc. is necessary to ensure they meet the expected criteria. poc: solidity function createParty private returns Party requirebytesopts.name.length 0, "Party name is...

Stale preciousListHash state variable permanently prevents a party from executing non-unanimous arbitrary call proposals and poses a high security risk.

Lines of code Vulnerability details Overview of the execute function in PartyGovernance Before diving into the details of the vulnerability, I need to explain how the execute function works in the PartyGovernance.sol contract. The execute is the function responsible for executing a proposal after...

No validation for the partyFactory contract !

Lines of code Vulnerability details Impact Malicious party contract can be deployed ! Proof of Concept Party contracts are created by the proxyFactory contract . In the initialize function , the proxyFactory contract address is provided by the user which may bring catastrophic consequences . This...

decreaseTotalVotingPower - If totalVotingPower becomes less than mintedVotingPower, the protocol crashes(even can lose assets)

Lines of code Vulnerability details Impact If totalVotingPower getSharedProposalStorage.governanceValues.totalVotingPower -= votingPower; 1. Tak...

In parties with more than one host, a single host can bypass the execution delay of a proposal by transferring his host status to other addresses of his.

Lines of code Vulnerability details The Vulnerability After a proposal has gathered enough votes to pass, it waits through a period defined in the governance values named executionDelay. That executionDelay period is bypassed and the proposal can be executed immediately if ALL hosts of the party...

No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts

Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...

members can get less funds out than they should have in a rageQuit

Lines of code Vulnerability details Vulnerability details: Details: the function getVotingPowerShareOf in PartyGovernanceNft get's the voting power share of a tokenId and it does that by dividing the voting power that nft has by the totalVotingPower: function getVotingPowerShareOfuint256 tokenId...

interest is still accuring when the market is paused, force user to incur debts

Lines of code Vulnerability details Impact interest is still accuring when the market is paused, force user to incur debts Proof of Concept when the function accure is called the interest is accured after the interest rate is calculated uint256 interestRate = IIRMirm.getInterestRateaddressthis,...

Upgraded Q -> 2 from #617 [1699030085781]

Judge has assessed an item in Issue 617 as 2 risk. The relevant finding follows: L-01 continue before loop variable increment In updateScores function, the rest of the loop execution is skipped with continue if a user’s score has already been updated. But the updation of the loop variable occurs...

Upgraded Q -> 2 from #345 [1699029532851]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Low-01 When a User-1 sell/transfer a safe to User-2, during transfer allowance is not clear in case of User-1 safeCan is a mapping which set allowance for other addresses, by which they can perform action on behalf o...

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

tranche id check has off-by-one error

Lines of code Vulnerability details Impact tranche id check has off-by-one error Proof of Concept In TestOmniPool.t.sol, we add the following POC function testSetTrancheCountPOC public for uint256 i = 4; i 256; i++ pool.setTrancheCountaddressoToken, uint8i; oToken.deposit0, 255, 1 ether; we run t...

precision issue EthenaMinting:mint() allows users to steal fund.

Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...

Unchecked return value when calling ERC20's transfer function inside withdraw function of USDeSilo.sol. It is unsafe transfer of ERC20 tokens.

Lines of code Vulnerability details Summary In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And it's return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong...

There is no check for collateral token in mint matches same in withdraw

Lines of code Vulnerability details Impact While we understand that usde is the base token here, we see that on minting used token you would need to transfer some tokens to the contract and get some used minted to you and on redemption get usde burnt to get a token sent back to you. The implicati...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

EthenaMinting.sol#_setMaxRedeemPerBlock() - Function doesn't enforce any constraints

Lines of code Vulnerability details Explanation The EthenaMinting.solsetMaxMintPerBlock function is responsible for setting the maximum limit for minting USDe tokens in a single block. function setMaxMintPerBlockuint256 maxMintPerBlock external onlyRoleDEFAULTADMINROLE...

replay exploitation in StakedUSDeV2's unstake function

Lines of code Vulnerability details Impact The vulnerability in the unstake function of the StakedUSDeV2 contract allows the receiver to claim assets without considering the specific round from which they should receive the assets. The receiver can claim assets from a different round than intende...

A fully blacklisted user can withdraw their funds

Lines of code Vulnerability details Impact A fully blacklisted user should not have access to any function of the protocol, but it is possible for a user to withdraw their funds right before being blacklisted. A fully blocked user is capable of frontrunning the addToBlacklist call by calling the...

Early market adopters can force delinquency to game borrowers

Lines of code Vulnerability details Impact When new markets are created, a lender can call WildcatMarket.updateState. This will trigger a call to WildcatMarketBase.writeState, the check on line 449 state.liquidityRequired totalAssets will return false since totalAssets starts as 0. This will...

Borrower cannot close their market

Lines of code Vulnerability details The WildcatMarket::closeMarket cannot be executed by a borrower because the WildcatMarketController contract does not implement any function calling it. Proof of Concept The closeMarket is supposed to be called by a borrower to close their market, set the...

Borrower cannot change the maximum supply

Lines of code Vulnerability details Impact Maximum supply cannot be increased and by extension the max deposit limit too. Proof of Concept WildcatMarketConfig@setMaxTotalSupply is only callable by the WildcatMarketController but is not used anywhere there. WildcatMarketConfig.sol function...

Sanctionned funds keep earning APR, and protocol earning fees on these funds

Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...

ERC20 tokens can be incorrectly burnt because of insufficient validation

Lines of code Vulnerability details Impact ERC20 tokens are incorrectly burnt. Proof of Concept In the file WildcatSanctionsEscrow.sol there is a constructor function: constructor sentinel = msg.sender; borrower, account, asset = WildcatSanctionsSentinelsentinel.tmpEscrowParams; Let's suppose thi...

Lack of access control on overrideSanction(), any user can override sanctioned address

Lines of code Vulnerability details Impact Without proper access control, any address can call the overrideSanction function and override the sanction status of an account. This can potentially be exploited by malicious actors to bypass sanctions and carry out unauthorized actions, putting the...

Invalid asset address can result to malicious Market Address and loss of fund

Lines of code Vulnerability details Impact The computeMarketAddress function is used to calculate the address where a market contract for a specific asset would be deployed. If an invalid asset address is passed, it could potentially lead to a collision with a valid market contract address, causi...

When Creating a Safe Via ODSafeManager::openSAFE, the User Proxy Is Wrongly Set As the Safe Owner

Lines of code Vulnerability details Impact We can observe from Vault721::mint function that the input usr in ODSafeManager::openSAFE function needs to be a previously built proxy of the user address. function mintaddress proxy, uint256 safeId external requiremsg.sender == addresssafeManager, 'V72...

Introduce minEpoch to prevent withdrawal requests being front-runned

Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...