Weak PRNG (Pseudorandom number generator)

Lines of code Vulnerability details Impact Weak PRNG due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided. Proof of Concept Tools Used Slither Recommended Mitigation Steps Do not use block.timestamp, now or blockhash as a...

CreateFor#JBProjects.sol is vulnerable to reentrancy

Lines of code Vulnerability details Impact Reentrancy attack can trick users by spamming incorrect project Id event emission Proof of Concept The function createFor which uses safeMint is lacking any form a reentrancy protection. OZ Safe Mint implementation is function safeMint address to, uint25...

Unchecked return value of transfer() and transferFrom()

Lines of code Vulnerability details Impact There are multiple external calls to IERC20.transfer and IERC20.transfer in contracts that suppose to transfer out tokens from/to the system. However, there are tokens like USDT that don't return any return value in their implementation of the transfer...

Price Feed is not checked for freshness and may report old / incorrect value

Lines of code Vulnerability details Price Feed is not checked for freshness In times of network conjestion, the priceFeed may take longer than expected to update, and the price may take longer than usual to update, in order to ensure the latest price is fresh within update window, you should veri...

The splits configuration will become frozen once enough splits are added

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the checks done to ensure existing locks are respected will cause attempts to change the split to revert, preventing the existing split assignment from changing. If the project has a lock with a long...

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

Attacker can take premium from taker who fill short-call orders for free.

Lines of code Vulnerability details Impact Takers who fill short-call orders may unable to exercise their long-call position. Attackers can abuse it to take premium from takers for free. In PuttyV2.fillOrder function, when taker fill short-call order, order’s maker only has to transfer erc20Asset...

Attacker may front-run acceptCounterOffer() cause users to take both original order and new one

Lines of code Vulnerability details Impact Function PuttyV2.acceptCounterOffer is used in case users see better deal and want to cancel their own order before filling the new one. But attacker can abuse this function by front-run calling fillOrder before it is cancelled in acceptCounterOffer...

Short Call Maker Asset Can Be Frozen

Lines of code Vulnerability details Impact The fillOrder function only checks that the floorAssetTokenIds.length must be 0 when a taker fill a short call order. In other words, it does not check whether order.floorTokens.length is 0 or not, which means that if the maker includes any address in...

both order side positions don’t exist is not checked

Lines of code Vulnerability details Impact The flow in fillOrder as documented in expects the check order side positions doesn't exist . However the fillOrder function does not have a require check for this. This allows for the same side positions to be created multiple times leading to loss of...

Admin Can Broke All Functionality Through Weth Address

Lines of code Vulnerability details Impact On the protocol, almost all functionality is constructed through WETH address. however, If the admin is set to WETH address mistakenly, user could not claim through . Admin can break the protocol. Proof of Concept Tools Used Code Review Recommended...

Users may lose funds due to ignored return value of transfer()

Lines of code Vulnerability details Impact The return value of WETH transfer in is unchecked. So if the transfer fails, it continues to L1386 which returns 0 to compAccruedholdersj in L1370 there by resetting the compAccrued of the holder to zero. With this, the user would lose funds. Proof of...

A cap is needed on the amount of Note than can be borrowed

Lines of code Vulnerability details Impact The fact that there is no cap on the amount of Note that can be borrowed makes the Oracle Extractable Value unlimited. But as you intend to rely on TWAP, you need to make sure the cost of oracle manipulation is lower than the Oracle Extractable Value...

getSupplyRate is returning baseRatePerYear instead of baseRatePerBlock

Lines of code Vulnerability details Impact getSupplyRate must return rate per block as defined in compound interest rate model but currently return rate per year. Defined here: Proof of Concept This is definition / @notice Calculates the current supply interest rate per block @param cash The tota...

Upgraded Q -> M from 408 [1656345785644]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338695381]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339464232]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Staking.sol#stake() DoS by staking 1 wei for the recipient when warmUpPeriod > 0

Lines of code Vulnerability details if warmUpPeriod == 0 IYieldyYIELDYTOKEN.mintrecipient, amount; else // create a claim and mint tokens so a user can claim them once warm up has passed warmUpInforecipient = Claim amount: info.amount + amount, credits: info.credits +...

Fund migration should trigger a rebase to prevent missing out on potential rewards

Lines of code Vulnerability details Impact Rebasing allows the protocol to "distribute" profit/rewards to Yieldy and Foxy token holders by increasing the supply of tokens and increasing the balance of each token holder relative to the token balance creditBalances. The order of rebasing and...

Yieldy._totalSupply has different upper bounds.

Lines of code Vulnerability details Impact Yieldy.totalSupply has different upper bounds. Yieldy.mint will revert when totalSupply is exactly same as MAXSUPPLY. Proof of Concept From L91-L98, we can see totalSupply can be same as MAXSUPPLY and I think "totalSupply = MAXSUPPLY" is reasonable also...

Cannot mint to exactly max supply using _mint function

Lines of code Vulnerability details Impact Cannot mint to exactly max supply using mint function Proof of Concept requiretotalSupply MAXSUPPLY, "Max supply"; if totalSupply == MAXSUPPLY this assert will be failed and reverted. But is shouldn't be reverted as totalSupply == MAXSUPPLY is valid. Too...

Upgraded Q -> M from 104 [1656258768065]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: L01: Silent overflow of fCashAmount Line References Description If a fCashAmount value that is greater than uint88 is passed into the mint function, downcasting it to uint88 will silently overflow. Recommended...

Redeemer.sol#redeem() the principal token from Notional can not be redeemed

Lines of code Vulnerability details int256 amount = IERC20principal.balanceOflender; // Transfer the principal token from the lender contract to here Safe.transferFromIERC20principal, lender, addressthis, amount; if p == uint8MarketPlace.Principals.Swivel // Redeems zc tokens to the sender's...

Call to lend() function can be frontrunned with fee increase

Lines of code Vulnerability details Impact Malicious admin could frontrun users lend transaction anytime and set feenominator to any value using setFee and bigger fee than user expected. /// @notice sets the admin address /// @param a address of a new admin /// @return bool true if successful...

Possible DoS in Staking.claim() function

Lines of code Vulnerability details Impact In Staking contract, users are allowed to stake for another recipient. And it also updates warmUpInfo.expiry for recipient address so recipient can only claim after this new expiry is passed. Attackers can abuse this to constantly stake 1 wei for another...

No minting done in the Element version of lend function, user funds are frozen within the system

Lines of code Vulnerability details Lender's Element lend transfers the funds from a user, opens the position with Element, but fails to mint a corresponding Illuminate position to a user. Setting severity to be high as there is no account of user investment is effectively created, so there is no...

Removal of liquidity from the reserve can be griefed

Lines of code Vulnerability details Impact Users may be unable to withdraw/remove their liquidity from the LiquidityReserve if a user decides to grief the contract. Proof of Concept This is the only function in this contract that is able to unstake funds, so that they can be withdrawn/removed:...

Issue with TWAV calculation.

Lines of code Vulnerability details Impact To calculate time weighted average value, current valuation is used. This is not appropriate way to decide the TWAV while other locations considers only time. This might not be the stable one. Proof of Concept uint256 currentValuation =...

_updateTwav() and _getTwav() will revert when cumulativePrice overflows

Lines of code Vulnerability details Impact Contract will break when cumulativeValuation overflows. PoC Cumulative prices are designed to work with overflows/underflows because in the end the difference is important. In updateTwav when prevCumulativeValuation + valuation timeElapsed overflows the...

Upgraded Q -> H from 285 [1655952312863]

Judge has assessed an item in Issue 285 as High risk. The relevant finding follows: 1. Excess ether sent to FixedPricePassThruGate is lost low passThruGate redirects to a beneficiary only gate.ethCost, requiring that msg.value = gate.ethCost. As there are no other ways to access native tokens hel...

repayAmountFinal is not considered while calculating actualRepayAmount while calling doTransferIn(payer, repayAmount)

Lines of code Vulnerability details Impact repayAmountFinal is not used inside repayBorrowFresh The computation for actualRepayAmount doesnot account for repayAmountFinal in L111. Proof of Concept function repayBorrowFreshaddress payer, address borrower, uint repayAmount internal override...

Stack too deep error within BaseV1-periphery.sol

Lines of code BaseV1-periphery.sol lines 323-341 Vulnerability details Impact Stack too deep error when using remove liquidity function, fixing issue allows for avoiding using optimizations thus increases the periphery contract's longevity/scalability. Proof of Concept function...

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Lines of code Vulnerability details Impact In Note contract, if initialSupply ! = 0, totalSupply will overflow when the minttoAccountant function executes mintmsg.sender, typeuint.max constructorstring memory name, string memory symbol, uint256 totalSupply public name = name; symbol = symbol;...

getWETHAddress() returns wrong address

Lines of code Vulnerability details Impact The hardcoded return value is the address of COMP token in mainnet not of WETH in getWETHAddress. grantCompInternal function depends on this return value which will cause unintended issues. Proof of Concept function grantCompInternaladdress user, uint...

WETH.sol computes the wrong totalSupply()

Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...

Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing

Lines of code Vulnerability details Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing observation and gets it to be wrong length which could cause logic brakes and worse because your not...

newProposal.executed automatically set to true

Lines of code Vulnerability details Impact Proposals might be falsely deemed as executed when in fact they have not been executed yet. Proof of Concept The queue function sets newProposal.executed = true even though that is not technically true. For the proposal to be executed it needs to be call...

Overprivileged admin can grant unlimited WETH

Lines of code Vulnerability details Impact Admin can grantComp to any address using any amount and drain the contract. Proof of Concept If admin key gets compromised there is no timelock, no amount boundaries and no address limitations to prevent the assets to be drained immediately to the...

Relayer Will Not Receive Any Fee If execute Reverts

Lines of code Vulnerability details Proof-of-Concept Connext relies on the relayer to trigger the BridgeFacet.execute function on the destination domain to initiate the token transfer and calldata execution processes. Relayers pay for the gas cost to trigger the execute function, and in return fo...

Incorrect calculation of startGasPerOrder will cause fund loss to the buyer of the last order due to mischarged gas cost

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; When the orders are matched by the MATCHEXECUTOR, the gas cost of each order is paid by the buyer in WETH, the amount gasCost is calculated based on startGasPerOrder, gasleft and...

Maker order buyer is forced to reimburse the gas cost at any tx.gasprice

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; // if the execution currency is weth, we can send the protocol fee and gas cost in one transfer to save gas // else we need to send the protocol fee separately in the execution...

Protocol can steal WETH founds

Lines of code Vulnerability details Impact The protocol can steal WETH founds with the refunds gas cost mechanism in the functions matchOneToOneOrders, matchOneToManyOrders and matchOrders This functions can call only by the MATCHEXECUTOR but we don't know what is this contract/address according...

The amount of gas calculation for refunding is incorrect

Lines of code Vulnerability details Impact While matching the orders the gas cost is calculated so that it can be refunded back to the contract. The calculation for this gas is incorrect. The function keeps track of the gasleft at the beginning of the loop and adds additional amount of gas for pr...

NO TIMELOCK ON setProtocolFee() CAN LEAD TO SELLERS LOSING THEIR NFTs

Lines of code Vulnerability details NO TIMELOCK ON setProtocolFee CAN LEAD TO SELLERS LOSING THEIR NFTs In InfinityExchange.sol, there is no timelock on setProtocolFee. This is the fee that is applied in orders, and determines how much the Exchange receives in fee VS how much the seller receives...

BridgeFacet's _executePortalTransfer ignores underlying token amount withdrawn from Aave pool

Lines of code Vulnerability details executePortalTransfer can introduce underlying token deficit by accounting for full underlying amount received from Aave unconditionally on what was actually withdrawn from Aave pool. Actual amount withdrawn is returned by IAavePools.aavePool.withdraw, but...

Owner cannot transfer ETH balance of the exchange

Lines of code Vulnerability details User called takeOrders and takeMultipleOneOrders functions accumulate native token fees over time. These fees end up being frozen on the contract balance. There is only one way for an owner to transfer them, a rescueETH function, that isn’t able to access ETH...

Ether can get lock on functions takeMultipleOneOrders and takeOrders

Lines of code Vulnerability details Impact Ether send by the user cang gets locks when taking order/s Proof of Concept If Bob use function takeMultipleOneOrders or takeOrders to buy and sends more ETH that it supposes to remaing ETH will be lost, also if the seller is selling for other token and...

The withdrawal safety check in _withdrawSome() seems unreasonable

Lines of code Vulnerability details Impact The withdrawal safety check in seems unreasonable. Proof of Concept I don’t understand why max = amount99.8% need to be confirmed. max should be larger than amount. And amount function withdrawSomeuint256 amount internal override returns uint256 uint256...

harvest() can be frontrun, to make the AURABAL token stuck

Lines of code Vulnerability details Impact In the LOCKER contract https://etherscan.io/address/0x3Fa73f1E5d8A792C80F426fc8F84FBF7Ce9bBCACcode anyone can call getreward for any account, therefore an attacker can frontrun an authorized actor, by calling getrewardaddressmyStrategy, before the harves...

_harvest rewards can be stolen because it doesn't implement any slippage bounds

Lines of code Vulnerability details Impact Harvested funds stolen Proof of Concept harvest does not implement any kind of minimum out when calling the 3 consecutive swaps L249, L263 and L275 to get from auraBal to Aura. An attacker could easily sandwich the least liquid pool and steal all the...