Unbounded for loops allows an attacker to freeze users' funds

Handle WatchPug Vulnerability details function claim external whenNotPaused nonReentrant requirebenRevocablemsg.sender1 == false, 'Account must not already be revoked.'; uint256 amount = claimableAmountmsg.sender.subbenClaimedmsg.sender; requireamount 0, "Claimable amount must be positive";...

Stop ramp target price would create huge arbitrage space.

Handle jonah1005 Vulnerability details Stop ramp target price would create huge arbitrage space. Impact stopRampTargetPrice would set the tokenPrecisionMultipliers to originalPrecisionMultipliers0.mulcurrentTargetPrice.divWEIUNIT; Once the tokenPrecisionMultipliers is changed, the price in the AM...

Unbounded loop in TwapOracle.update can result in oracle being locked

Handle TomFrench Vulnerability details Impact Loss of ability of TwapOracle to update should too many pools be added. Proof of Concept TwapOracle allows an unlimited number of pairs to be added and has no way of removing pairs after the fact. At the same time TwapOracle.update iterates through al...

Can't claim last part of airdrop

Handle gpersoon Vulnerability details Impact Suppose you are eligible for the last part of your airdrop or your entire airdrop if you haven't claimed anything yet. Then you call the function claim of AirdropDistribution.sol, which has the following statement: "assertairdropmsg.sender.amount -...

Null check in pricePerShare

Handle hack3r-0m Vulnerability details oracle can 0 as a price of the share, in that case, 0 will be the denominator in some calculations which can cause reverts from SafeMath for e.g here: resulting in Denial Of Service. Add a null check to ensure that on every update, the price is greater than ...

pricePerShare might become stale and cause to lose user funds, as update is not enforced

Handle kenzo Vulnerability details In WrappedIbbtcEth, as the code says, updatePricePerShare must be called once in a while to ensure pricePerShare is up to date. However the contract is not enforcing or validating it in any way. If for example the external server that runs the periodic update...

Profit from difference between core.pricePerShare() and pricePerShare()

Handle gpersoon Vulnerability details Impact Suppose there is a small difference between core.pricePerShare and pricePerShare of WrappedIbbtcEth.sol on Eth main chain. This could be due to the fact that updatePricePerShare hasn't been called for a while, or a sudden change in core.pricePerShare. ...

Owner has unlimited minting capability

Handle Koustre Vulnerability details Impact Malicious owner is able to abuse the minting capability of the token USDM. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended...

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkAdapterEth.getPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should checked for success. See VestedRewardPool.claim which performs ERC20 transfers without checking for the return value. Impact As the trusted moc...

Vault fails to track debt correctly that leads to bad debt

Handle jonah1005 Vulnerability details Impact It's similar to the issue "misuse amount as increasing debt in the vault contract". Similar issue in a different place that leads to different exploit patterns and severity. When users borrow usdm from a vault, the debt increased by the amount 1.005...

Referrer can drain ReferralFeePoolV0

Handle gzeon Vulnerability details Impact function claimRewardAsMochi in ReferralFeePoolV0.sol did not reduce user reward balance, allowing referrer to claim the same reward repeatedly and thus draining the fee pool. Proof of Concept L28-47 did not reduce user reward balance Tools Used None...

debts calculation is not accurate

Handle gpersoon Vulnerability details Impact The value of the global variable debts in the contract MochiVault.sol is calculated in an inconsistent way. In the function borrow the variable debts is increased with a value excluding the fee. However in repay and liquidate it is decreased with the...

fillZrxQuote doesn't return correct values when zrxSellTokenAddress == zrxBuyTokenAddress

Handle harleythedog Vulnerability details Impact Suppose that swapByQuote is called with zrxSellTokenAddress == zrxBuyTokenAddress, and neither of these addresses "signifiesETHOrZero". The contract first transfers amountToSell of these tokens from the sender's account into the contract and update...

takeOutRewardTokens(): epochs calculation should be rounded up

Handle hickuphh3 Vulnerability details Impact If the owner would like to remove rewards, the number of epochs affected could potentially be 1 less because solidity division rounds down, resulting in more rewards taken out than allowed. Proof of Concept Assume currentEpoch is 1000 end epoch is 200...

Validators can only be added but not removed

Handle pants Vulnerability details The contract allows only to add validators but doesn't allow to remove them. The addValidator fucntion adds them and there is no function to remove a Validator. This is ability the owner should have. A similar issue is here: code-423n4/2021-06-gro-findings51 ---...

UserManager: updateLockedData() doesn't check that the amount is actually locked.

Handle itsmeSTYJ Vulnerability details Impact The function updateLockedData does not actually check if the amount required to be locked is actually locked. Proof of Concept Same solution as my other high issue. I've added comments where relevant. function updateLockedData address borrower, uint25...

Wrong implementation of CreditLimitByMedian.sol#getLockedAmount() makes it unable to unlock lockedAmount in CreditLimitByMedian model

Handle WatchPug Vulnerability details function getLockedAmount LockedInfo memory array, address account, uint256 amount, bool isIncrease public pure override returns uint256 if array.length == 0 return 0; uint256 newLockedAmount; if isIncrease ... else for uint256 i = 0; i amount newLockedAmount ...

Users could lose funds if owner took out reward which is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch. Proof of Concept This is my test case to proof this issue. This issue occur because of Line 104 Ex. If allocatedTokensPerEpoch is 1 CQT. and now available epo...

Prevent execution with invalid signatures

Handle gpersoon Vulnerability details Impact Suppose one of the supplied addrsi to the constructor of Identity.sol happens to be 0 by accident. In that case: privileges0 = 1 Now suppose you call execute with an invalid signature, then recoverAddrImpl will return a value of 0 and thus signer=0. If...

MAX_TRUST_LIMIT might be too high

Handle gpersoon Vulnerability details Impact Both SumOfTrust.sol and CreditLimitByMedian.sol contain an expensive sort function. This is used by UserManager.sol via the functions getLockedAmount and getCreditLimit. If the list of stakers would be very long then the sort would take up all the gas...

PrizePool.awardExternalERC721() Erroneously Emits Events

Handle leastwood Vulnerability details Impact The awardExternalERC721 function uses solidity's try and catch statement to ensure a single tokenId cannot deny function execution. If the try statement fails, an ErrorAwardingExternalERC721 event is emitted with the relevant error, however, the faile...

Burning does not update reserves

Handle cmichel Vulnerability details The ConcentratedLiquidityPool.burn function sends out amount0/amount1 tokens but only updates the reserves by decreasing it by the fees of these amounts. unchecked // @audit decreases by fees only, not by amount0/amount1 reserve0 -= uint128amount0fees; reserve...

Previously created markets can be overwritten

Handle 0xRajeev Vulnerability details Impact The createMarket function allows accidental overwriting of previously created markets for the same combination of underlying and maturity timestamp u, m because there is no zero-address check to see if a previously created market exists for that...

exitZcTokenFillingZcTokenInitiate in Swivel.sol, token transfer may fail without function reverting

Handle GalloDaSballo Vulnerability details Impact exitZcTokenFillingZcTokenInitiate in Swivel.sol uses transferFrom this function can failmeaning tokens are not transferred,without causing a revert. This can break the accounting of the protocol The reason why this can happen is that certain ERC20...

uToken's approve() Function is Susceptible to Frontrunning Attacks

Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...

Incorrect usage of typecasting in burn lets an attacker corrupt the pool state

Handle broccoli Vulnerability details Impact In the burn function of ConcentratedLiquidityPool, when calling updatePosition, the amount of liquidity to burn is explicitly converted from uint128 to int128, which could result in a positive integer if amount is larger than 1 127 and less than 1 128...

ConcentratedLiquidityPoolManager: reclaimIncentive() does not decrement rewardsUnclaimed

Handle hickuphh3 Vulnerability details Impact reclaimIncentive withdraws any unclaimed rewards to the incentive owner. While there is a check to prevent re-claiming of rewards requireincentive.rewardsUnclaimed = amount, "ALREADYCLAIMED"; it is ineffective because incentive.rewardsUnclaimed is not...

TridentNFT.permit should always check recoveredAddress != 0

Handle cmichel Vulnerability details The TridentNFT.permit function ignores the recoveredAddress != 0 check if isApprovedForAllownerrecoveredAddress is true. Impact If a user accidentally set the zero address as the operator, tokens can be stolen by anyone as a wrong signature yield...

ConcentratedLiquidityPoolHelper: getTickState() might run out of gas

Handle hickuphh3 Vulnerability details Impact getTickState attempts to fetch the state of all inserted ticks including MINTICK and MAXTICK of a pool. Depending on the tick spacing, this function may run out of gas. Recommended Mitigation Steps Have a starting index parameter to start the iteratio...

ConcentratedLiquidityPoolManager's incentives can be stolen

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager keeps all tokens for all incentives in the same contract. The reclaimIncentive function does not reduce the incentive.rewardsUnclaimed field and thus one can reclaim tokens several times. This allows anyone to steal all...

Wrong reward calculation

Handle 0xsanson Vulnerability details Impact In ConcentratedLiquidityPoolManager, an user can claimReward of a subscribed position. In order to compute the correct amount, secondsUnclaimed needs to be calculated, but it's implemented incorrectly: uint256 secondsUnclaimed = maxTime -...

Erc20.transferFrom() doesn't work on non-standard compliant tokens like USDT

Handle pants Vulnerability details Non-standard compliant tokens like USDT don't return a return value on transferFrom. The function Erc20.transferFrom reverts if the token doesn't return a return value, as it is defined to always return a boolean. Impact When using any non-standard compliant tok...

Incentives for different pools should differ by a large factor

Handle tensors Vulnerability details I'm adding this as an issue because I didn't see it mentioned anywhere in the codebase, and I think its a fair point that relates to how the protocol gives out rewards to users. As I understand , the point of staking is to provide users with additional...

Unsafe casts to uint120

Handle pauliax Vulnerability details Impact contract IndexPool does unsafe casts to uint120, e.g.: uint120 ratio = uint120divtoMint, totalSupply; It trusts the input from the user and converts without assurance that the value will fit in this narrow type. Depending on the pool state and parameter...

No bar fees for IndexPools?

Handle 0xsanson Vulnerability details Impact IndexPool doesn't collect fees for barFeeTo. Since this Pool contains also a method updateBarFee, probably this is an unintended behavior. Also without a fee, liquidity providers would probably ditch ConstantProductPool in favor of IndexPool using the...

IndexPool.sol#_pow() Wrong implementation

Handle WatchPug Vulnerability details function powuint256 a, uint256 n internal pure returns uint256 output output = n % 2 != 0 ? a : BASE; for n /= 2; n != 0; n /= 2 a = a a; if n % 2 != 0 output = output a; 1. a a without div by BASE will accumulate decimals unexpectedly and leads to overflow...

Initialize can be called multiple times!!!!

Handle pants Vulnerability details Initialize can be called multiple times. Initialize function must be called only by the contract owner and only once for safety. line 74 --- The text was updated successfully, but these errors were encountered: All reactions...

User’s Ether may get left behind in the Router

Handle 0xRajeev Vulnerability details Impact If the user deposits less ETH than claimed by the params.tokenIn for native functions, then wETH is transferred from the msg.sender to pool, while the user's ETH is left behind in the Router. Proof of Concept Tools Used Manual Analysis Recommended...

Use of deprecated Chainlink API

Handle 0xRajeev Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to...

First lp provider in Index Pool is vulnerable to MEV

Handle broccoli Vulnerability details Impact In the IndexPool contract, the first lp providers have to deposit the same amount of tokens. This creates arbitrage space. If the deployer tries to deploy a BTC/DAI pool. S/He has to initialize the BTC pool with BTC price = 1. I consider this is a...

bondBurn() Leads to Unrecoverable Tokens

Handle leastwood Vulnerability details Impact An auction bonder has a single day's worth of blocks to call settleAuction and perform the necessary rebalance. In the event this does not happen, any user is able to call bondBurn and have the bond burnt in its entirety. As a result, the basketTokens...

Incorrect data location specifier can be abused to cause DoS and fund loss

Handle 0xRajeev Vulnerability details Impact The withdrawBounty loops through the bounties array looking for active bounties and transferring amounts from active ones. However, the data location specifier used for bounty is memory which makes a copy of the bounties array member instead of a...

Auction.sol#settleAuction() Mishandling bounty state could potentially disrupt settleAuction()

Handle WatchPug Vulnerability details function withdrawBountyuint256 memory bountyIds internal // withdraw bounties for uint256 i = 0; i bountyIds.length; i++ Bounty memory bounty = bountiesbountyIdsi; requirebounty.active; IERC20bounty.token.transfermsg.sender, bounty.amount; bounty.active =...

missing access control in basket.sol

Handle jah Vulnerability details Impact function mint and function minTo are not protected so anyone can mint Proof of Concept Tools Used manual analysis Recommended Mitigation Steps use modifier to check who can call the function --- The text was updated successfully, but these errors were...

Carefully add tokens to the list that the protocol uses

Handle tensors Vulnerability details Impact As of right now I believe the only outside tokens the protocol uses are DAI, USDC, USDT and WETH. If other tokens are added, make sure to check that they have no callbacks on transfer. For example, CREAM protocol added the AMP token which has a callback...

Anyone can call harvestNextStrategy with a very low amount of _estimated tokens

Handle tensors Vulnerability details Impact The amounts estimatedWETH and estimatedYAXIS are lower bounds that the protocol expects to recieve. An attacker can call havervestNextStrategyvault, 1, 1 after manipulating the pools called in harvest and swap. The protocol sees nothing wrong with only...

PostAuctionLauncher can be manipulated by a caller other than the owner

Handle tensors Vulnerability details Impact A comment in the code asks whether it is safe to allow anyone to call PostAuctionLauncher, finalize. In the case that an attacker can get even a few wei of the auction token, it is not safe. Suppose an attacker somehow gets a small amount of the auction...

Controller.withdrawAll sets wrong vault balance

Handle cmichel Vulnerability details The Controller.withdrawAll decreases the vault balance by amount, the want token amount that has been withdrawn from the strategy and transferred to the vault. Note that amount gets overwritten in the convert != address0 branch and is a convert token value...

Missing check for duplicate token in addToken

Handle 0xRajeev Vulnerability details Impact addToken does not check for token being added a duplicate of what was already added. If a duplicate token is added, removeToken only removes the first matching token and the later duplicates still remain. With the vaulttoken deleted, this may lead to...