No access control on assignFees() function in NFTXVaultFactoryUpgradeable contract

Handle ych18 Vulnerability details In If the Vault owner decides to set factoryMintFee and factoryRandomRedeemFee to zero, any user could call the function NFTXVaultFactoryUpgradeable.assignFees and hence all the fees are updated. --- The text was updated successfully, but these errors were...

NFTXMarketplaceZap Performs A Dangerous Equality Check Which Can Brick Contract

Handle leastwood Vulnerability details Impact NFTXMarketplaceZap provides an interface for users to interact with NFTX vaults by buying, selling and swapping ERC1155/ERC721 tokens. The mint721 and mint1155 functions perform strict equality checks on the vaults token balance for the...

In CreditLine#_borrowTokensToLiquidate, oracle is used wrong way

Handle 0x0x0x Vulnerability details Current implementation to get the price is as follows: uint256 ratioOfPrices, uint256 decimals = IPriceOraclepriceOracle.getLatestPriceborrowAsset, collateralAsset; But it should not consult borrowToken / collateralToken, rather it should consult the inverse of...

denial of service

Handle certora Vulnerability details if the borrow token is address0 ether, and someone calls withdrawLiquidity, it calls SavingsAccountUtil.transferTokens which will transfer to msg.sender, msg.value of withdrawLiquidity, because it's an internal function. In other words, the liquidity provided...

Ether can be locked in the PoolFactory contract without a way to retrieve it

Handle broccolirob Vulnerability details If a borrower calls the createPool function with a non-zero value, but also includes an ERC20 token address for collateralToken, then the Ether value sent will be locked in the PoolFactory contract forever. createPool L260-317 In the createPool function, a...

Incorrect safeApprove usage

Handle Jujic Vulnerability details Impact safeApprove won't work when current allowance 0, there may be cases when strategies will not use all allowance, so switch to new strategy will be blocked. Proof of Concept Tools Used Recommended Mitigation Steps I recommend approving to zero and then...

Missing approve(0)

Handle sirhashalot Vulnerability details Impact There are 3 instances where the IERC20.approve function is called only once without setting the allowance to zero. Some tokens, like USDT, require first reducing the address' allowance to zero by calling approvespender, 0. Transactions will revert...

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a chainlink...

Chainlink's latestRoundData might return stale or incorrect results

Handle WatchPug Vulnerability details function sync public , int256 feedPrice, , uint256 timestamp, = feed.latestRoundData; Fixed18 price = Fixed18Lib.ratiofeedPrice, SafeCast.toInt256decimalOffset; if priceAtVersion.length == 0 || timestamp timestampAtVersioncurrentVersion + minDelay...

Can drain any promotion rewards with a evil ticket

Handle gzeon Vulnerability details Impact TwabRewards check legitimacy of ticket by checking if the ticket have a controller method. function requireTicketaddress ticket internal view requireticket != address0, "TwabRewards/ticket-not-zero-address"; bool succeeded, bytes memory data =...

Missing Validation Of createPromotion Parameters

Handle leastwood Vulnerability details Impact The createPromotion function is called by a creator account denoted as msg.sender to fund a promotion with tokens allocated on a per epoch basis across a set epochs. However, the function does not perform the necessary checks on function inputs to...

Can drain any promotion rewards

Handle gzeon Vulnerability details Impact There are no checks to make sure epochId const promotionId = 1; const wallet2Amount = toWei'750'; const wallet3Amount = toWei'250'; await ticket.mintwallet2.address, wallet2Amount; await ticket.connectwallet2.delegatewallet2.address; await...

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, createPromotion assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in claimReward...

getRemainingRewards might fail unexpectedly

Handle certora Vulnerability details getRemainingRewards might fail unexpectedly. getRemainingRewards calls getRemainingRewards which calls getCurrentEpochId: function getCurrentEpochIdPromotion memory promotion internal view returns uint256 // elapsedTimestamp / epochDurationTimestamp return...

Fee calculation is slightly off

Handle gzeon Vulnerability details Impact The fee calculation uint256 timeDiff = block.timestamp - lastFee; uint256 feePct = timeDiff licenseFee / ONEYEAR; uint256 fee = startSupply feePct / BASE - feePct; tries to calculate a fee such that fee/supply+fee = %fee using a simple interest formula i....

Unlimited allowances let anyone move funds to child vaults

Handle 0x0x0x Vulnerability details A malicious attacker can move someones funds between their vaults, since max allowances are given. As a consequence, a malicious user can block activities such as reclaimTokens. Although, funds are not directly stolen, it is possible to revert transactions of...

IsContract Function Usage

Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...

_swapExactOutputSingle() and _swapExactOutputMultihop() May Fail When Transfer Token to recipient

Handle Meta0xNull Vulnerability details Impact IERC20input.safeTransferFromaddressthis, recipient, options.limitAmount - amountIn; For safeTransferFrom to work it needs to have an enough approval. In this case, obviously this contract does not approve every recipient when Transfer Token, so we ca...

Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens

Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive and claimIncentive which is the way the contract "expects" incentives to go. Access to claiming incentives is limited to the stream...

LockeERC20 is vulnerable to frontrun attack

Handle egjlmn1 Vulnerability details Impact a user can steal another user's tokens if he frontrun before he changes the allowance. The approve function receives an amount to change to. Lets say user A approved user B to take N tokens, and now he wants to change from N to M, if he calls approveM t...

_calculateMaltRequiredForExit makes wrong calculations

Handle 0x0x0x Vulnerability details Proof of concept calculateMaltRequiredForExit calculates the quantity of malts returned. uint256 maltQuantity = userMaltPurchased.mulamount.divuserCommitment; uint256 fullReturn = maltQuantity.mulcurrentPrice / pegPrice; userMaltPurchased / userCommitment...

Unable to remove liquidity in Recovery Mode

Handle gzeon Vulnerability details Impact According to When the Malt price TWAP drops below a specified threshold eg 2% below peg then the protocol will revert any transaction that tries to remove Malt from the AMM pool ie buying Malt or removing liquidity. Users wanting to remove liquidity can...

Timelock can be bypassed

Handle WatchPug Vulnerability details The purpose of a Timelock contract is to put a limit on the privileges of the governor, by forcing a two step process with a preset delay time. However, we found that the current implementation actually won't serve that purpose as it allows the governor to...

Anyone can remove liquidity

Handle jayjonah8 Vulnerability details Impact In UniswapHandler.sol, anyone can call the removeLiquidity function stealing all the lp tokens in the contract even if they never added liquidity in the first place since the function simply credits the msg.sender with the entire lp token balance of t...

Missing scaling factor in recordKeyPurchase?

Handle cmichel Vulnerability details The Unlock.recordKeyPurchase function computes the maxTokens as: maxTokens = IMintableERC20udt.balanceOfaddressthis valueInETH / 2 + 2 valueInETH / grossNetworkProduct / grossNetworkProduct; Note that grossNetworkProduct was already increased by valueInETH in...

Inaccurate fees computation

Handle cmichel Vulnerability details The MixinTransfer.shareKey function wants to compute a fee such that time + fee time == timeRemaining timePlusFee: uint fee = getTransferFeekeyOwner, timeShared; uint timePlusFee = timeShared + fee; However, if the time remaining is less than the computed fee...

Malicious user can get infinite free trial by repeatedly refund and repurchase right before the freeTrial ends

Handle WatchPug Vulnerability details The current design/implementation allows users who are refunded before to get another freeTrial. This can be exploited by malicious users to get an infinite free trial. PoC Given: keyPrice is 1 ETH; freeTrialLength is 31 days. A malicious user can: 1. Call...

MixinRefunds: frontrun updateKeyPricing() for free profit

Handle itsmeSTYJ Vulnerability details Impact A malicious user is able to withdraw all payments that were paid to a lock owner if the owner increases the keyPrice. Proof of concept When updateKeyPricing is called to increase the price of a key, it is possible to frontrun this call and buy many ke...

OverlayV1UniswapV3Market computes wrong market liquidity

Handle cmichel Vulnerability details The OverlayV1UniswapV3Market.fetchPricePoint tries to compute the market depth in OVL terms as marketLiquidity in ETH / ovlPrice in ETH per OVL. To get the market liquidity in ETH and not the other token pair, it uses the ethIs0 boolean. marketLiquidity = ethI...

Key buyers will not be able to get refund if lock manager withdraws profits

Handle kenzo Vulnerability details Unlock contains a feature in which a key buyer can ask for a refund. The refund is sent from the lock - where the purchase funds were sent. The lock manager can withdraw all funds from the lock. Therefore, if the lock manager withdraws enough profits from the...

Unbounded marginMaintenance

Handle gzeon Vulnerability details Impact There is no check for the value of marginMaintenance in OverlayV1OVLCollateral.sol setMarketInfo despite apparently related MINMARGINMAINTENANCE and MAXMARGINMAINTENANCE defined but unused in OverlayV1Mothership.sol. marginMaintenance can be set to 100% t...

_totalSupply not updated on transferMint/Burn

Handle cmichel Vulnerability details The OverlayToken has a transferMint and transferBurn function which is supposed to act like a transfer followed by a mint/burn. However, a mint/burn updates the totalSupply see mint/burn but these functions do not. Recommended Mitigation Steps The transferMint...

OZ ERC1155Supply vulnerability

Handle pauliax Vulnerability details Impact Overlay uses OZ contracts version 4.3.2: dependencies: - OpenZeppelin/[email protected] and has a contract that inherits from ERC1155Supply: contract OverlayV1OVLCollateral is ERC1155Supply This version has a recently discovered vulnerability...

_transferBurn does not actually burn tokens (decrease supply)

Handle harleythedog Vulnerability details Impact The implementation of transferBurn in ovl/OverlayToken.sol does not actually burn any tokens since totalSupply is not decreased see the implementation for burn for reference of what should be done. The transferBurn function is a helper function tha...

YaxisVaultAdapter.sol#withdraw() will most certainly fail

Handle WatchPug Vulnerability details The actual token withdrawn from vault.withdraw will most certainly less than the amount, due to precision loss in tokensToShares and vault.withdraw. As a result, IDetailedERC20token.safeTransferrecipient, amount will revert due to insufficant balance. Based o...

Missing Emergency Pause Check

Handle defsec Vulnerability details Impact During the manual code review, It has been observed that minting progress is not checked when the contract is emergency paused. This can cause misfunctionality and unlocking user funds during the emergency pausing. Proof of Concept 1- Navigate to ""...

setGuardian incorrectly set governance in IbbtcVaultZap.sol

Handle gzeon Vulnerability details Impact setGuardian incorrectly set governance in IbbtcVaultZap.sol Proof of Concept onlyGovernance; governance = guardian; Tools Used Recommended Mitigation Steps --- The text was updated successfully, but these errors were encountered: All reactions...

setGuardian() Wrong implementation

Handle WatchPug Vulnerability details function setGuardianaddress guardian external onlyGovernance; governance = guardian; function setGuardianaddress guardian external onlyGovernance; governance = guardian; governance = guardian should be guardian = guardian. --- The text was updated successfull...

redeem may return less than minOut

Handle gzeon Vulnerability details Impact redeem may return less than minOut if wrong token is supplied with poolID=3 because there is no check against minOut in L230-L232. Proof of Concept 1. User mistakenly call redeemUSDC, 100, 3, 0, 100 2. The contract take 100 bBTC from the user, redeem it...

mintSynth() and burnSynth() can be front run

Handle WatchPug Vulnerability details Given that mintSynth and burnSynth will issue and redeem assets based on the price of the pool reserves, and they will create price impact based on the volume being minted and burnt. However, the current implementation provides no parameter for slippage...

Mixing different types of LP shares can lead to losses for Synth holders

Handle hyh Vulnerability details Impact Users that mint Synths do not get pool shares, so exiting of normal LP can lead to their losses as no funds can be left for retrieval. Proof of Concept 3 types of mint/burn: NFT, Fungible and Synths. Synths are most vilnerable as they do not have share: LP...

Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are balancing each other economically, while with introduction of IL reimbursement a malicious user can profit immediately from out of balance pool with a swap and profit again...

Wrong design/implementation of addLiquidity() allows attacker to steal funds from the liquidity pool

Handle WatchPug Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the...

Lacking Validation Of Chainlink' Oracle Queries

Handle leastwood Vulnerability details Impact TwapOracle.consult is missing additional validations to ensure that the round is complete and has returned a valid/expected price. The consult improperly casts an int256 price to uint256 without first checking the value. As a result, the variable may...

Attacker can claim more IL by manipulating pool price then removeLiquidity

Handle gzeon Vulnerability details Impact Vader reimburse user IL immediately when user withdraw from the pool VaderRouterV2.sol:L227, an attacker can therefore manipulate the pool balance causing a high IL, remove liquidity and restore the pool balance such that he will receive a larger IL...

Multicall.sol batch calls don't update msg.value

Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol using Multicall.sol can be dangerous when it has a msg.value inside a loop since the msg.value doesn't update every iteration. This can lead to a user sending ETH one time and it being counted for every iteration. There is a...

Anyone Can Arbitrarily Call FSDVesting.updateVestedTokens()

Handle leastwood Vulnerability details Impact The updateVestedTokens function is intended to be called by the FSD.sol contract when updating a user's vested token amount. A check is performed to ensure that user == beneficiary, however, as user is a user controlled argument, it is possible to spo...

Funds in FSDVesting.sol can be frozen by the attacker

Handle WatchPug Vulnerability details In the current implementation, anyone can call function updateVestedTokens to add an arbitrary amount to the beneficiary's vesting amount without sending any of it. This allows the attacker to make the amount typeuint256.max and call to claimVestedTokens will...

Swaps are not split when trade crosses target price

Handle cmichel Vulnerability details The protocol uses two amplifier values A1 and A2 for the swap, depending on the target price, see SwapUtils.determineA. The swap curve is therefore a join of two different curves at the target price. When doing a trade that crosses the target price, it should...