A well financed attacker could prevent any other users from minting synthetic tokens

Lines of code Vulnerability details Impact In the AlchemistV2 contract, users can deposit collateral to then borrow/mint the synthetic tokens offered by the protocol. The protocol also defines a minting limit that specifies how many synthetic tokens can be minted in a given time period. This exis...

Validate input variables bounds

83 comment Warden: throttle fee variables bounds are not checked. this can lead to expensive mistake --- The text was updated successfully, but these errors were encountered: All reactions...

Excluded user who added liquidity and then was unexcluded can block the withdrawals

83 comment Warden: throttle Excluded user who added liquidity didn't account for totalLiquidty increase. Later, if he is removed from excluded list and tries to remove liqudity, totalLiquidty will be subtracted which can lead to DoS for other user who want to remove liquidity Not sure if this is...

User may lose ETH when depositing stETH

Lines of code GeneralVault.solL75-L89 LidoVault.solL79-L104 Vulnerability details Impact When the depositCollateral function is used in the LidoVault.sol contract, a user depositing stETH may mistakenly have a non-zero msg.value. The ETH would be passed to the contract and the user would lose tha...

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Lines of code Vulnerability details Impact Users can lose their funds Proof of Concept The code checks transaction success after returning the transfer value and finishing execution. If the call fails the transaction won't revert since requiresent, Errors.VTCOLLATERALWITHDRAWINVALID; won't execut...

require statment to very importent call to a contract,never gets called

Lines of code Vulnerability details Impact bool sent, bytes memory data = addressto.callvalue: receivedETHAmount''; return receivedETHAmount; require statement is never reached. this can be a failed call and not know about it causes function to go on with the desired outcome / return ends the...

[WP-H5] LidoVault.sol Wrong implementation can cause the users to lose their funds when withdrawing ETH

Lines of code Vulnerability details function withdrawFromYieldPool address asset, uint256 amount, address to internal override returns uint256 address LIDO = addressesProvider.getAddress'LIDO'; if asset == address0 // Case of ETH withdraw request from user, so exchange stETH - ETH via curve uint2...

depositCollateral allows user's ETH sent along with the tx to be stuck forever

Lines of code Vulnerability details Impact LidoVault and ConvexCurveLPVault both inherit from GeneralVault that implement the method depositCollateral. This method has the keyword payable so it allows users to send ETH with the tx. depositToYieldPool that is called inside depositCollateral in bot...

Lido adapter incorrectly calculates the price of the underlying token

Lines of code Vulnerability details Impact The Lido adapter incorrectly calculates the price of WETH in terms of WstETH. The function returns the price of WstETH in terms of stETH. The underlying token which we desire is WETH. Since stETH does not have the same value as WETH the output price...

C4-004 : Centralization Risk

112 comment Warden: defsec Impact - LOW The system is heavily relies on the ExecutorManager. Therefore, It contains centralization risk If the execution manager is EOA and captured. Proof of Concept 1. Navigate to the following contract...

Fee on transfer tokens block exercises and withdrawals

Lines of code Vulnerability details Fee on transfer tokens block exercises and withdrawals If a vault is created with a fee-on-transfer ERC20 as its token, the underlying asset may be locked in the contract. Scenario: Setup: 1. Alice calls createVault with a fee-on-transfer token address and 1000...

call to harvest() can be manipulated to steal funds from the contract

Lines of code Vulnerability details Impact When calling harvest, attacker can device a cross-contract reentrancy to steal NFT owned by the contract Cally. Proof of Concept 1. While creating a vault, the owner of NFT transfers the NFT to the contract i.e. ownerOfnftID is Cally. 2. Attacker contrac...

Race condition in exercising the options

Lines of code Vulnerability details Impact Option buyers might never exercise their options with a bad actor vault owner, hence creating trust issues to the platform since the promised functionality causes only loss of funds. Proof of Concept Alice creates a vault for her high valued NFT. Bob buy...

Strike price curve of getDutchAuctionStrike is not what users expect

Lines of code Vulnerability details Note: This submission contains links to a private fork of the contest repo. User code423n4 has been added as a collaborator in order to view. Impact Function getDutchAuctionStrike does not implement the function that Option buyers would expect. They probably...

Fee can possibly be set maliciously

Lines of code Vulnerability details Fee is set by an admin and can be set maliciously to steal the funds that are entitled to go to the user. Impact Fee can be set to a maliciously high value to unfairly extract funds from protocol users. An owner can buy options, set fee to 100% and exercise...

Loss of funds due to beneficiary override to address(0) during transfer

Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...

No cap on fee parameters

143 comment Warden: gzeon Consider adding caps to fee parameters to reduce rug risk --- The text was updated successfully, but these errors were encountered: All reactions...

createVault() does not verify ERC20 token contract exists before transferring

Lines of code Vulnerability details Impact There are no checks to ensure the the vault.token contract exists when creating a vault. Token address are deterministic in the EVM and can be known ahead of time. As a result it is possible for a user to call createVault with token set to a ERC20 contra...

Executors need to be trusted

62 comment Warden: cmichel Executors need to be trusted, otherwise, they can just call sendFundsToUser to transfer out any funds as they please. Consider adding threshold signatures to prevent all funds from being lost when a single executor is compromised. --- The text was updated successfully,...

missing input validation for _liquidityPool

189 comment Warden: kenta missing input validation for liquidityPool. The owner can change always liquidityPool but this liquidityPool will be used to execute low-level calls. To avoid errors with an empty address this must be checked always. requireliquidityPool != address0, “liquidityPool canno...

A malicious user can create a vault that is actually empty

Lines of code Vulnerability details description A malicious user can call the createVault function to create a vault with an ERC20 token that returns false rather than revert on failed transfer. By specifying the tokenType parameter to be ERC721 the transferFrom function will be called rather tha...

No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision

Lines of code Vulnerability details Impact For upgradeable contracts, there must be storage gap to "allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments" quote OpenZeppelin. Otherwise it may be very difficult to...

Nft.upaidRewards reset upon withdrawal

129 comment Warden: 0xDjango Nft.upaidRewards reset upon withdrawal. This feels a bit unfair if a user means to collect rewards while withdrawing NFT. If there are not enough rewards in the contract balance, the unpaidRewards will be deleted upon withdrawal with the line delete nftInfonftId;. I'm...

steal user funds with front-running when he calls depositTokens() of MerkleDropFactory with wrong treeIndex (uninitiated)

Lines of code Vulnerability details Impact If a user calls depositTokens with wrong treeIndex value by mistake, attacker can perform front-running attack and steal user funds before user transaction reach the contract, attacker will create multiple trees in MerkleDropFactory until he reach tree...

Not checking returned bool by transfer can lead to loss of funds

Lines of code Vulnerability details Impact Loss of funds Proof of Concept The ERC20 interface ensures a token transfer will return false on failure. In merkleVesting there is no requirement for this to be true. The contract doesn't ensure all the funds to cover the MerkleTree are present since it...

decimalMultiplier assumes tokens have <= 18 decimals

Originally submitted by warden StyxRave in 153, duplicate of 49. BkdTriHopCvx.sol decimalMultiplier assumes tokens have = 18 decimals. Will always be 0 for tokens with more than 18 which would be still ERC20 compliant. --- The text was updated successfully, but these errors were encountered: All...

Forget to remove account out of _roleMembers[role]

Originally submitted by warden TrungOre in 89, duplicate of 164. For get to remove account out of roleMembersrole --- The text was updated successfully, but these errors were encountered: All reactions...

ERC20 transfers does not work on non-standard compliant tokens like USDT

Lines of code Vulnerability details Impact PermissionlessBasicPoolFactory.sol Consider this function: function deposituint poolId, uint amount external Pool storage pool = poolspoolId; requirepool.id == poolId, 'Uninitialized pool'; requireblock.timestamp pool.startTime, 'Cannot deposit before po...

Users will pay more than required for NFT Minting

Lines of code Vulnerability details Impact NFTs should be sold for their best price without descending into a gas race: Due to SpeedBumpPriceGate.sol function passThruGate code users will pay more than required for NFT Minting. User will pay msg.value and not the NFT "price". It is very likely th...

Users can not initialize and withdraw tokens if coinsPerSecond is 0

Lines of code Vulnerability details Impact If a user tries to claim a few totalCoins with a long vestingTime, this user will call the initialize function failed, and can not withdraw funds. Proof of Concept In MerkleResistor.sol L259: uint coinsPerSecond = totalCoins uint100 - tree.pctUpFront /...

Using deprecated Chainlink function latestAnswer() in PriceOracleImplementation.sol

Lines of code Vulnerability details Impact In the function getUnderlyingPrice, Chainlink's latestAnswer is used and this function is deprecated and should not be used as this function returns 0 when there is no data rather than giving out error. Precedent of this issue can be found in...

Deprecated safeApprove() function

Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...

Use of deprecated Chainlink function latestAnswer

Lines of code Vulnerability details Impact Use of deprecated Chainlink function latestAnswer According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0, causing an incorrect price feed to USDC Price...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details description When using Chainlink Price feeds it is important to ensure the price feed data was updated recently. While getting started with chainlink requires just one line of code, it is best to add additional checks for in production environments. findings...

reentryattack with owner checks and effecst pattern not implemented

Lines of code Vulnerability details Impact reentryattack can happen because checks and effects pattern not implemented Proof of Concept a owner can be millousius and take advantage of effects after a call Recommended Mitigation Steps do the checks and effects pattern --- The text was updated...

Missing validations in setter and setPhaseTimes() functions.

Lines of code Vulnerability details Impact Time variable validations daStartTime, mintlistStartTime, publicStartTime, claimsStartTime, selfRefundsStartTime are only done in setPhaseTimes and not even all validations. These validations should be performed: daStartTime block.timestamp...

Outdated Interface Implementation

Lines of code Vulnerability details Impact The Chainlink aggregator interface used by the project is outdated and does not permit the project to properly sanitize the price values it receives. Recommended Mitigation Steps The interface is to be updated according to the official Chainlink...

Using deprecated Chainlink function latestAnswer

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. Proof of Concept This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8...

Dutch Auction fails when maxDaSupply is not reached

Lines of code Vulnerability details Impact Dutch Auction fails when maxDaSupply is not reached Proof of Concept Dutch Auction should update finalPrice every time price decreases. However, currently fianlPrice is updated only when auction reaches full supply reserved for auction phase. 1. Alice bu...

Missing 0 approval

Lines of code Vulnerability details Impact When changing the allowance value from an existing non-zero value, certain tokens e.g., USDT must first be approved by zero before approving the actual allowance. Otherwise the token will not work. Proof of Concept There are two instances of missing zero...

Borrower can frontrun lender's call to lend to change the price oracle

Lines of code Vulnerability details Impact In NFTPairWithOracle.lend, params.oracle is not checked. This allow a borrower to watch the mempool and front-run the lender's call and change oracle to avoid liquidation. Proof of Concept function lend address lender, uint256 tokenId, TokenLoanParams...

Owner or Managers can rug Aave rewards

Lines of code Vulnerability details Impact A malicious owner or manager can steal all Aave rewards that are meant for PoolTogether users Even if the user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Proof of Concept File:...

Lower LVT is treated as less restrictive, while it's vice versa

Lines of code Vulnerability details Impact Lender can accept overly restrictive LTV the lowest possible at the moment, with high enough probability being able to seize the collateral after a short time. Lender can set ltvBPS to zero with and immediately liquidate with removeCollateral any loan no...

Malicious lender can change price oracle for outstanding loan

Lines of code Vulnerability details The updateLoanParams function in NFTPairWithOracle.sol allows the lender to update parameters for an outstanding loan duration, valuation, annual interest, and collateralization ratio as long as they are the same or better for the borrower. These params are...

Pool has free access to all funds without using the redeem method

Lines of code Vulnerability details Impact Pool has access to all funds even if they weren't deposited by the pool Proof of Concept The AAVE yield source contract allows anyone to deposit and withdraw funds that are deposited or withdrawn from AAVE. In the constructor of the contract, max approva...

[WP-H8] Special ERC721 compatible implementation may allow an attacker to requestLoan without transferring in the NFT collateral

Lines of code Vulnerability details NFT is a fragmented standard, for certain non-standard ERC721 implementations, they may have built-in hooks that can be used to re-enter the contract. Just like ERC777 to ERC20. For example, if the collateral NFT got a pre-transfer hook to the receiver of the...

Users Who approve() ERC20 Tokens for NFTPair of NFTPairWithOracle Contracts May Have Their Allowances Stole By Any User

Lines of code Vulnerability details Impact User's who approve ERC20 or any other token type excluding the collateral token may have their balances stolen by any user. The ACTIONCALL allows users to call any function on any smart contract excluding this, collateral and bentoBox. Thus, if any user...

_amount requires to be updated to contract balance increase (2)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

_depositAmount requires to be updated to contract balance increase

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Shelter donations result in wrong internal balance if fee-on-transfer token is used

Judge @GalloDaSballo has assessed the 2nd Low-severity item in QA Report 66 as Medium risk. The relevant finding follows: … In case of a fee-on-transfer ERC20 token the savedTokens balance will not represent the actual balance of the contract: You can either disable the use of fee-on-transfer...