Incorrect usage of EIP-150

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Unchecked msg.value will lead to losing funs inside the contract

Lines of code Vulnerability details Impact While paying for the transaction, function payForTransaction bytes32, // txHash bytes32, // suggestedSignedHash Transaction calldata transaction external payable ignoreNonBootloader ignoreInDelegateCall //@audit-issue no checks that actulayy there is...

No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol

Lines of code Vulnerability details Impact The "to" address can be zero address while converting from uint256 to uint160. Proof of Concept // SPDX-License-Identifier: GPL-3.0 pragma solidity ^0.8.0; contract Test uint256 public to = 2160; function check external view assertaddressuint160to ==...

Users pay excessive gas cost for sending bytecode hashes to L1

Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...

Attacker could potentially burn the token balance of totalSupply and L2EthContract

Lines of code Vulnerability details Impact Attacker potentially can burn all L2EthContract and totalSupply tokens Proof of Concept function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount;...

getBlockHashEVM() function vulnerability leads to DoS attack

Lines of code Vulnerability details Impact By using the getBlockHashEVM function with erroneous input, an attacker can take advantage of this vulnerability to deprive the contract of gas and launch a denial of service DoS attack against the network, contracts and valid transactions will therefore...

Some Amount of tokens will be left behind in BYTES 1.0

Lines of code Vulnerability details Impact If user wants to upgrade all its token he won't be able to do that. Proof of Concept Let's see what is happening function upgradeBytes uint256 amount external if IERC20BYTES1.balanceOfmsg.sender amount revert DoNotHaveEnoughOldBytesamount; During the...

Use the _assetTransferFrom function instead of _assetTransfer. This is because the tokens are held in the escrow contract, rather than being in the destination BYTES address, and thus require a transfer from the escrow contract to the recipient's address

Lines of code Vulnerability details Impact The msg.sender lose his stakedBytes From BYTES address not possible to send stakedBytes to msg.sender. The stakedBytes only help in escrow contract not in BYTES address. Proof of Concept function assetTransfer address asset, address to, uint256 amount...

User Rewards will be lost in case of Withdraw

Lines of code Vulnerability details Impact User loses his unclaimed rewards If user withdraw all of his staked tokens he won't be able to claim rewards Proof of Concept the point is used to calculate user rewards and when a user withdraw all of its staked tokens the point will be set to zero and...

Newly staked LP tokens' end time can overwrite previously staked LP tokens' end time

Lines of code Vulnerability details Impact When the following NeoTokyoStaker.stakeLP function is called for the first time to stake some LP tokens, stakerLPPositionmsg.sender.timelockEndTime = block.timestamp + timelockDuration is executed. Then, calling this function for a second time to stake...

upgradeBytes() functon doesn't allows user to upgrade their entire bytes1 token to bytes2 token

Lines of code Vulnerability details Impact The users can't upgrade all of its bytes1 token to bytes due to logic error in upgradeBytes functon. The user can only upgrade the token if he choose the less amount then what they already have. They cannot upgrade all tokens. Proof of Concept The...

Staker can withdraw a staked LP token amount that is small enough to ensure that lpPosition.points does not change when calling NeoTokyoStaker._withdrawLP function and cause extra reward shares, which the staker is not entitled to, to be minted to the staker when calling lpPosition.getPoolReward function later

Lines of code Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw function, which further calls the following NeoTokyoStaker.withdrawLP function, to withdraw each of such...

Unclaimed rewards will be stuck unrecoverable

Lines of code Vulnerability details Impact The vulnerability relies in: unchecked uint256 share = points PRECISION / pool.totalPoints totalReward; uint256 daoShare = share pool.daoTax / 100 DIVISOR; share /= PRECISION; daoShare /= PRECISION; return share - daoShare, daoShare; The problem is that ...

Upgraded Q -> 2 from #345 [1678798679676]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Issue 2 - Undermining the fairness of the protocol in swapSource and possibilities for stealing a jackpot --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #493 [1678589994012]

Judge has assessed an item in Issue 493 as 2 risk. The relevant finding follows: L-02 --- The text was updated successfully, but these errors were encountered: All reactions...

createDao is suspicious of the reorg attack

Lines of code Vulnerability details Description The createDao function creates a dao contract via create opcode. The trace is createDao = createDAO=createERC1967Proxy. The address of the newly created contract depends on the DAOFactory nonce. At the same time, block reorg may happen on any...

AddresslistVoting.removeAddresses txn can be monitored to create proposal and cast vote.

Lines of code Vulnerability details Impact The AddresslistVoting contract contains removeAddresses function to remove the addresses from address list. function removeAddresses address calldata members external authUPDATEADDRESSESPERMISSIONID removeAddressesmembers; emit MembersRemovedmembers:...

User may force fail the action from the DAO:execute

Lines of code Vulnerability details Description The execute function from the DAO.sol contract allow to execution of any call to any address if the caller has appropriate permission. Some calls are expected to be always successfully executed, and some may revert and execute will continue the...

Malicious member can steal funds from the DAO contract.

Lines of code Vulnerability details Impact The malicious member can steal assets from DAO protocol. Proof of Concept The protocol allows the member to have the voting power to create a proposal createProposal. Where the action struct in the parameter refers to be consumed by the DAO's execute...

Risk of flashloan attacks in the Staking contract

Lines of code Vulnerability details Impact An attacker can steal a large amount of rewardsToken from the Staking contract by using flashloans, thus all the users will receive less rewards for their staked amounts. Proof of Concept In the Staking contract any user can stake a given amount of...

Accounting for totalTicketsForReferrersPerDraw is not correct in referralRegisterTickets

Lines of code Vulnerability details Impact When referralRegisterTickets is called, accounting for totalTicketsForReferrersPerDraw is not correct. totalTicketsForReferrersPerDraw for currentDraw should be updated when unclaimed tickets for referrer meets the minimun eligible criterial in currentDr...

The minimum values of selectionMax and selectionSize are not verified when creating a lottery, which may create an unreasonable lottery

Lines of code Vulnerability details Summary src/LotterySetup.sol constructorLotterySetupParams memory lotterySetupParams if addresslotterySetupParams.token == address0 revert RewardTokenZero; if lotterySetupParams.ticketPrice == uint2560 revert TicketPriceZero; if lotterySetupParams.selectionSize...

Gas griefing is possible on unsafe external calls on execute

Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...

Incorrect usage of safeTransferFrom() function . This permanently traps ticketPrice in sender address (msg.sender )

Lines of code Vulnerability details Impact Because the callermsg.sender never gives approval for ERC20 transfers, calls to safeTransferFrom on the contract will revert with insufficient approval. This will trap from caller and unable to transfer ticketPrice to Lottery contract address. The root...

TicketUtils#reconstructTicket is biased towards lower numbers and allows gaming of odds

Lines of code Vulnerability details Impact Probability of lower numbers is higher and odds can be gamed Proof of Concept for uint256 i = 0; i selectionSize; ++i numbersi = uint8randomNumber % currentSelectionCount; randomNumber /= currentSelectionCount; currentSelectionCount--; To determine the...

Source can change the result of the Lottery

Lines of code Vulnerability details Impact The loss of lottery winnings and incorrect distribution of funds Proof of Concept Reentrancy in Lottery.receiveRandomNumberuint256 src/Lottery.sol203-232: External calls: - winAmountdrawFinalizedselectionSize = drawRewardSizedrawFinalized,selectionSize /...

If frontend == address(0), 10% of the ticket price is not used as intended

Lines of code Vulnerability details Impact The function buyTickets, has no check that frontend is not equal to zero address. This is possible if there was some misconfiguration from the frontend side or a player uses this function directly and does not set any address. In this case, the user...

Funds can be stuck in DAO contract

Lines of code Vulnerability details Impact The DAO contract allows for depositing tokens and native coins, but it does not properly account received funds neither allows it to withdraw them afterwards. Due to that, anyone depositing into DAO contract won't be able to withdraw their funds. Proof o...

Depositors might not be able to withdraw from StabilityPool if any collateral's price drops significantly

Lines of code Vulnerability details In the TroveManager contract, the closeTrove function contains a check to ensure there is more than one trove, as shown below. TroveManager.solL1278-L1282: function closeTroveaddress borrower, address collateral, Status closedStatus internal assertclosedStatus ...

CommunityIssuance.sol – Stability pool can manipulate time stamps with the fund function to issue more oath than appropriate.

Lines of code Vulnerability details If lastDistributionTime is set to a date in the future, it would allow the issueOath function to continue to mint tokens even after it should have stopped. This is because the if statement in issueOath checks whether the current time is greater than...

The design defect of the ActivePool rehypothecation mechanism, ReaperVaultV2 administrators have too much authority and have the conditions and motives to do evil, so make users lack trust in the ETHOS system (crisis of trust)

Lines of code Vulnerability details Impact In the design logic of the current system, ActivePool holds all the collaterals of active troves and deposits part of them in ReaperVaultV2 for re-mortgaging. If the deposit and withdraw functions of ReaperVaultV2 revert, Core functions such as borrowing...

Redemption fee increase can be thwarted

Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...

Decay interval can be extended

Lines of code Vulnerability details Impact The half-life defined by MINUTEDECAYFACTOR can be extended from 12h up to 24h. Proof of Concept minutesPassed is truncated to the minute. This means that the actual time passed may be up to a minute more than calculated. updateLastFeeOpTime is used to on...

Lack of logic to mint OATH within the CommunityIssuance#issueOath(), which results in that entire OATH insurance mechanism will not work properly

Lines of code Vulnerability details Impact OATH will be never minted issued when the the CommunityIssuanceissueOath would be called. As a result, OATH will be never provided to the market. This results in that the treasury will be never able to buy the OATH from the market. This lead to a bad...

Upgraded Q -> 2 from #19 [1677669261110]

Judge has assessed an item in Issue 19 as 2 risk. The relevant finding follows: KFC-03L: Inexistent Duplicate Entry Prevention Affected Lines: L175-L180 The KUMAFeeCollector::changePayees function does not adequately sanitize the new payees, permitting duplicate entries to exist which will cause...

Upgraded Q -> 2 from #625 [1677633526031]

Judge has assessed an item in Issue 625 as 2 risk. The relevant finding follows: 4. lastHarvest variable inside AdapterBase will never be updated after a successful harvest,this will create big problems related to all the harvest function inside AdapterBase by making this function unusable,in fac...

Upgraded Q -> 2 from #56 [1677632875022]

Judge has assessed an item in Issue 56 as 2 risk. The relevant finding follows: 2. Attribute values of fees could exceed 1e18 when initializing even if the proposedFees is checked in proposeFees function. function initialize IERC20 asset, IERC4626 adapter, VaultFees calldata fees, address...

Upgraded Q -> 2 from #596 [1677228840417]

Judge has assessed an item in Issue 596 as 2 risk. The relevant finding follows: withdraw and redeem function withdraw IERC4626 vault, address to, uint256 amount, uint256 maxSharesOut public payable virtual override returns uint256 sharesOut ERC20addressvault.safeApproveaddressvault, amount; if...

Upgraded Q -> 3 from #148 [1677186744098]

Judge has assessed an item in Issue 148 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact Detailed description of the impact of this finding. buyoutLien in LienToken.sol failes to update the new PublicVault's slope, yIntercept, and s.epochData....liensOpenForEpoc...

Doubling of KIBToken balances

Lines of code Vulnerability details Impact The KIBToken.transfer function overrides the ERC20Upgradeable.transfer function and adds custom logic. The modified function looks like this: function transferaddress from, address to, uint256 amount internal override // ... uint256 startingFromBalance =...

KUMABondToken.approve() should revert if the owner of the tokenId is blacklisted

Lines of code Vulnerability details Impact It is still possible for a blacklisted user's bond token to be approved. Proof of Concept KUMABondToken.approve only checks if msg.sender and to are not blacklisted. It doesn't check if the owner of the tokenId is not blacklisted. For example, the...

Average APRs might be calculated wrongly after calling populateFromPreviousThrottle().

Lines of code Vulnerability details Impact Average APRs might be calculated wrongly after calling populateFromPreviousThrottle and targetAPR might be changed unexpectedly. Proof of Concept The epoch state struct contains cumulativeCashflowApr element and cashflowAverageApr is used to adjust...

Unnecessary precision loss in redeemKIBT()

Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...

Repository._removeContract() removes the contract wrongly.

Lines of code Vulnerability details Impact After removing the contract, the contracts array would contain the wrong contract names. Proof of Concept Repository.removeContract removes the contract name from contracts array. File: 2023-02-malt\contracts\Repository.sol 223: function...

RewardThrottle.setTimekeeper: If changing the timekeeper causes the epoch to change, it will mess up the system

Lines of code Vulnerability details Impact RewardThrottle.setTimekeeper allows POOLUPDATERROLE to update the timekeeper when RewardThrottle is active, function setTimekeeperaddress timekeeper external onlyRoleMaltPOOLUPDATERROLE, "Must have pool updater privs" requiretimekeeper != address0, "Not...

SwingTraderManager.addSwingTrader will push traderId with active = false to activeTraders

Lines of code Vulnerability details Impact In SwingTraderManager.addSwingTrader, if active = false, the traderId is also pushed to activeTraders. function addSwingTrader uint256 traderId, address swingTrader, bool active, string calldata name external onlyRoleMaltADMINROLE, "Must have admin privs...

Mitigation of M-05: Issue not fully mitigated

Lines of code Vulnerability details Original issue: M-05: early user can call issue and then melt to increase basketsNeeded to supply ratio to its maximum value and then melt won't work and contract contract features like issue won't work Not mitigated - attacker can still manipulate the...

Incompatibilty of BackingManager with some tokens.

Lines of code Vulnerability details Impact The BackingManager contains a grantRTokenAllowance function which is used to grant token allowances to the RToken contract. function grantRTokenAllowanceIERC20 erc20 external notFrozen requireassetRegistry.isRegisterederc20, "erc20 unregistered"; // ==...

Mitigation of H-02: Issue not fully mitigated

Lines of code Vulnerability details Mitigation of H-02: Issue not fully mitigated Original issue: H-02: Basket range formula is inefficient, leading the protocol to unnecessary haircut Not mitigated - top range can still be too high, leading to unnecessary haircut The applied mitigation follows t...

RewardsStartTime should be reset when decreaseAVAXAssigned is called

Lines of code Vulnerability details Impact Proof of Concept The fix for M-19 is to get rid of the miniCount code-423n4/2022-12-gogopool-findings235 in calculateAndDistributeRewards function, however, the logic below is added: // check if their rewards time should be reset if...