TOKEN BALANCE OF A PARTICULAR ADDRESS IS NOT CHECKED AGAINST THE REQUESTED TRANSFER AMOUNT INSIDE TRANSFER AND TRANSFERFROM FUNCTIONS IN ERC20.sol CONTRACT

Lines of code Vulnerability details Impact transfer and transferFrom functions do not check for the available erc20 token balance of the from address and the msg.sender respectively against the requested transfer amount. Hence if the balanceOffrom and balanceOfmsg.sender in the transferFrom and...

Drips.sol: drips can be squeezed from before drips.updateTime which allows to drain ALL funds from the protocol

Lines of code Vulnerability details Impact The Drips.squeezeDrips function allows to receive drips from the currently running cycle from a single lender. Drips are configured via the Drips.setDrips function . A Drip can be configured to start at any time. The protocol caps the start time at the...

Malicious borrower can create pool imbalance by tricking the V2 pool to send lesser number of long tokens in exchange for short tokens

Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where total long tokens & short tokens follow the equation total long total short = L. Any increase in long tokens has to be accompanied with a proportionate drop in short tokens and viceversa to ensure that...

Incorrect totalSupply() function design

Lines of code Vulnerability details Impact In ERC1155Enumerable.solL36-L37 line, totalsuppyl of ERC1155 is calculated packages/v2-token/src/base/ERC1155Enumerable.sol: 34 35: /// @inheritdoc IERC1155Enumerable 36: function totalSupply public view override returns uint256 37: return...

FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION

Lines of code Vulnerability details Impact This is a common attack vector involving shares based liquidity pool contracts. An early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share. Note:...

ERC4626Cloned deposit and mint logic differ on first deposit

Lines of code Vulnerability details The ERC4626Cloned contract is an implementation of the ERC4626 used for vaults. The standard contains a deposit function to deposit a specific amount of the underlying asset, and a mint function that will calculate the amount needed of the underlying token to...

Reuse of signature to get KYCd after it has been removed

Lines of code Vulnerability details Impact There is no time limit on the validity off KYC digests and users with a removed KYC are not saved. If a issuer of such a digest is either compromised or if they by mistake issue a digest with a deadline far into the future a user could reuse the same...

EXTERNAL CALL TO UNTRUSTED PARTIES

Lines of code Vulnerability details Impact Functions in this contract or inherited functions can be reentered. Proof of Concept In Vault.sol the withdrawAVAX and redeemAVAX functions make an external call to the msg.sender by way of safeTransferETH. This allows the caller to reenter this and othe...

rejectProposal/rejectActive/cancel did not update pendingBalances

Lines of code Vulnerability details Impact In the OptimisticListingSeaport contract, pendingBalances represents the number of Rae tokens sent to the contract by the user when creating the proposal, which can be withdrawn in the withdrawCollateral function. function withdrawCollateraladdress vault...

Rounding down leads to breakage of the xy curve calculation

Lines of code Vulnerability details Impact When needing to calculate the inputAmount required to receive a certain amount of fractional tokens called outputAmount, we are deriving from the xy = k curve used on the Uniswap V2 protocol. Proof of Concept Some maths: The so-called curve equation is: ...

ERC20 TOKENS WITH DIFFERENT DECIMALS THAN 18 MAY BREAK THE LOGIC AND PROVIDE UNEXPECTED RESULTS

Lines of code Vulnerability details Impact Note: Though it is mentioned that Rebase/fee-on-transfer tokens are not expected, however there exist other ERC20 tokens having different decimals than 18 Contracts LpToken and Pair performs calculations by using hardcoded value of decimals 18 1e18 for...

Error when handling deposit in the addToPosition function

Lines of code Vulnerability details Impact In the function addToPosition from the Trading contract the amount of open fees are handled using the handleOpenFees function but when calling the handleDeposit function the wrong margin is passed, in fact the handleDeposit function gets addMargin - fee...

integer overflow or underflow

Lines of code Vulnerability details Impact If an integer overflow or underflow occurs in the contract, it could lead to incorrect calculations and potentially unintended consequences, such as the transfer of incorrect amounts of tokens or the allocation of incorrect amounts of rewards. This could...

depositAndTrade function is incomplete & does not use returnValue of UniswapV3 router

Lines of code Vulnerability details Impact depositAndTrade function seems to be incomplete - the tokenOutput from swapRouter is currently owned by DepositTradeHelper account and needs to be transferred back to msg.sender who initiated this transaction. Since this contract doesn't seem to be part ...

transfer is used on address payable

Lines of code Vulnerability details Proof of Concept The codebase makes heavy use of the deprecated transfer function of address payable. Its will inevitably make the transaction fail when: 1. The receiver smart contract does not implement a payable function. 2. The receiver smart contract does...

[NAZ-H2] Update Initializer Modifier To Prevent Reentrancy During Initialization

Lines of code Vulnerability details Impact Currently the project uses both : "@openzeppelin/contracts": "4.2.0", "@openzeppelin/contracts-upgradeable": "4.2.0". This dependency has a known high severity vulnerability Deserialization of Untrusted Data Proof of Concept Because of the Deserializatio...

Attacker can manipulate low TVL Uniswap V3 pool to borrow and swap to make Lending Pool in loss.

Lines of code Vulnerability details Impact In Paraspace protocol, any Uniswap V3 position that are consist of ERC20 tokens that Paraspace support can be used as collateral to borrow funds from Paraspace pool. The value of the Uniswap V3 position will be sum of value of ERC20 tokens in it. functio...

Reentrancy attack can be used to externally call the _execute function in the Exchange contract

Lines of code Vulnerability details Reentrancy attack can be used to externally call the execute function in the Exchange contract The execute function present in the Exchange contract is intended to be called only internally using delegatecall by the execute and bulkExecute functions. This is...

Unsafe ERC20 operations due to lack of contract length check

Lines of code Vulnerability details Impact Functions executeERC20DirectTransfer and executeERC20TransferFrom replicates solmate libraries methods. The problem with this is that these functions does not check existence of code at the token address. If executeERC20DirectTransferand...

Casting to uint128 when valiue can exceed uint128.max

Lines of code Vulnerability details Impact In CommonTokenMath.tokensAvailableAtTime the result is cast to uint128 on line 62. Given that baseAmount close or at it's uint128.max, and cliffPercent is close or at it's max of 1e18 dictated on line 72 in SizeSealed.sol, cliffAmount can reach uint128.m...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

SimpleERC20Escrow's initialize() can be frontrun

Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...

Weak randomness

Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...

divide-before-multiply in JBTiered721DelegateStore

Lines of code Vulnerability details Impact Performing multiplication before division can sometimes avoid loss of precision. The calculation of return numberReservedTokensMintable - reserveTokensMinted; results in granting a slightly higher value on each call. Proof of Concept Slither Command...

blockRange should have a minimal value

Lines of code Vulnerability details Impact The blockRange doesn't have any minimal value so owner can call the setBlockRange function to change the blockRange value to a lower value which will automaticaly block the matching of some of the orders that have expirationTime == 0. Proof of Concept Th...

The protocol doesn't support fee-on transfer tokens

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer functions. So if the implementing contract doesn't takes this fee into...

Using transferfrom on ERC721 tokens

Lines of code Vulnerability details Impact In the function createParty of contract Crowdfund.sol, when transferring the acquired NFTs to the new party, the transferFrom function is called instead of safeTransferFrom. If the addressparty is a contract address that doesn't support ERC721 tokens , t...

ERC721Votes: Token owners can double voting power through self delegation

Lines of code Vulnerability details The owner of one or many ERC721Votes tokens can double their voting power once and only once by delegating to their own address as their first delegation. Scenario This exploit relies on the initial default value of the delegation mapping in ERC721Votes, which ...

Users could borrow all the liquidity in the FraxlendPair

Lines of code Vulnerability details Impact Any user can borrow any amount of Asset without transfer any Collateral Token to the Pair Proof of Concept By invoking borrowAsset and passe collateralAmount = 0 you will be able to borrow all the liquidity in the Pair As we can see they just check for i...

Able to remove all collateral after borrow

Lines of code Vulnerability details Assuming to borrow asset tokens from a pair contract a user must first deposit collateral tokens. After they deposit collateral tokens their userCollateralBalance increases and they can then call borrowAsset to receive asset tokens from the contract. The...

Malicious creator can create different NFT drop collections with NFTs that will be revealed to correspond to same ipfs token URI

Lines of code Vulnerability details Impact The following createNFTDropCollection function with different name, symbol, and nonce can be called to create different NFT drop collections. function createNFTDropCollection string calldata name, string calldata symbol, string calldata baseURI, bytes32...

Community's escrow allows for signature replay

Lines of code Vulnerability details checkSignatureValidity verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding...

Vault rebalancing can be exploited if two vaults rebalance into the same vault

Lines of code Vulnerability details Impact User funds stolen Proof of Concept Swap data is completely arbitrary and can be used to swap though malicious ERC20 tokens allowing control transfer. This control transfer would allow the attacker to call rebalance on a second vault and exploit both as...

ETHRegistrarController's register and renew use payable.transfer calls with an arbitrary receiver

Lines of code Vulnerability details ETHRegistrarController's register and renew transfer out remainder native tokens via payableto.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when msg.sender is a smart contract. Such transactions will fail for smart contract...

NameWrapper: parent can change owner of subnode by minting

Lines of code Vulnerability details Impact HIGH - bypassing PARENTCANNOTCONTROL fuse As discussed in the discord, bypassing fuse is considered high, thus reports as high impact Condition for the parent for this exploit: should be able to unwrap: no CANNOTUNWRAP fuse on the parent Or alternatively...

ETHRegistrarController._setRecords can register invalid domains and to some degree, its possible to register any domain name

Lines of code Vulnerability details Impact 1. Register invalid domains at Registrar. 2. It's possible to register any domain name. Proof of Concept ETHRegistrarController.setRecords call function at address resolveruser input with call data bytes calldata datauser input. So it can bypass any meth...

Contracts calls to main ENS services will fail. Plus, ETHRegistrarController#withdraw() with future upgrades will revert

Lines of code Vulnerability details This is a classic Code4rena issue. The transfer call has a hard coded gas budget whenever this affect another part of the EVM will be very harmful for those usage which will make the system and its users at risk. There is two parts of this issue; when the calle...

Chainlink's latestRoundData (price) might return stale or incorrect result

Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...

Yieldy: WarmUp expiry can be prolonged by staking from somebody else

WarmUp expiry can be prolonged by staking from somebody else Staking.sol:406 Staking.sol:439-444 Staking.sol:691 Impact When warmUpPeriod is greater than 1, a third person can stake to the victim to prolong the warmUp expiry. The expiry prolongation also happens with cool down, although a third...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact Reentrancy attacks can allow malicious actors to take over the control flow, and make...

Router Owner Could Steal All The Funds Within SponsorVault

Lines of code Vulnerability details Proof-of-Concept Assume the following: For simplity sake, only two 2 routers exist within Connext. Gas, relayer, callback fees and slippage are ignored. An attacker owns Router A. Router A has 1,000,000 oUSDC on Optimism Domain/Chain Router B has only 100 oUSDC...

Division round down 2 times may cause convertToShares calculation incorrect if underlying token with decimals less than 8.

Lines of code Vulnerability details Impact In case fCash has not matured yet, convertToShares may return incorrect value due to division round down 2 times. It may leads to the case that user need more amount of share than expected to withdraw assets. In wfCashERC4626.convertToShares function, it...

Order partial fulfilling can be blocked by the first fulfiller

Lines of code Vulnerability details DOS attack is possible as OrderValidator.validateOrderAndUpdateStatus sets order's numerator and denominator based on an arbitrary fulfiller provided input. When there is a large bulk sale, an attacker can become one of the first buyers partial fulfillers and s...

[WP-H0] Unsafe type casting for the order's denominator and numerator may allow the attacker to buy more than the offered amount from the seller against the seller's will

Lines of code Vulnerability details orderStatusorderHash.numerator = uint120 filledNumerator + numerator ; orderStatusorderHash.denominator = uint120denominator; When an order is filled partially, the order's denominator and numerator will be updated in...

Rebasing tokens lock excess balance in contract

Lines of code Vulnerability details Rebasing tokens lock excess balance in contract If a vault is created with a rebasing ERC20 as its token, additional balance accrued through rebases while the token is owned by the vault may be locked in the contract. If the rebasing token balance decreases whi...

UNISWAP_FEE is hardcoded which will lead to significant losses compared to optimal routing

Lines of code Vulnerability details Impact In YieldManager, UNISWAPFEE is hardcoded, which reduce significantly the possibilities and will lead to non optimal routes. In particular, all swaps using ETH path will use the wrong pool as it will use the ETH / USDC 1% one due to this line. Proof of...

Usage of deprecated Chainlink oracle function

Lines of code Vulnerability details Impact The Chainlink oracle latestAnswer function is deprecated. Instead, you're supposed to use latestRoundData. Using deprecated functions can result in the PriceOracleImplementation not returning the correct value anymore. It will affect the availability of...

In ERC20Gauges, contribution to total weight is double-counted when incrementGauge is called before addGauge for a given gauge.

Lines of code Vulnerability details Impact The impact depends really on how gauges are used by other contracts. The most obvious consequence I can imagine is that some other contract distributes rewards based on calculateGaugeAllocation. However, because getStoredWeighttotalWeight, currentCycle i...

Wrong calculation for yVault price per share if decimals != 18

Lines of code Vulnerability details The yVault.getPricePerFullShare function calculates the price per share by multiplying with 1e18 token decimals with the assumption that the underlying token always has 18 decimals. yVault has the same amount of decimals as it's underlying token see...

ALMOST DEPRECATED TRANSFER() IS USED TO WITHDRAW ETHER

Lines of code Vulnerability details Impact transfer function can cause withdrawal to fail Proof of Concept function withdraw address assetAddress, address to, uint256 amount public LibDiamond.enforceIsContractOwner; address sendTo = to == address0 ? msg.sender : to; uint256 assetBalance; if...