Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.

Lines of code Vulnerability details Impact It may be possible for a user to artificially increase their tracked liquidity right before claiming by rapidly entering/exiting positions. This could allow them to claim a larger % of rewards than they deserve. Proof of Concept The main risk of...

add sendBack function to origin when lzReceiveNonBlocking is not executed

Lines of code Vulnerability details Impact lzReceiveNonBlocking won't revert to the ILayerZeroEndpoint.send could lead to that execution on side of send is exectued and execution on side of receieve is not executed. Proof of Concept Tools Used manual view Recommended Mitigation Steps if calls are...

Unexpected behavior when settings rewards for existing pools or past/ongoing periods

Lines of code Vulnerability details Summary There are different missing considerations in the liquidity mining process that may lead to unexpected behavior due to failed assumptions. Impact The liquidity mining feature is mainly implemented by tracking liquidity at a global level the aggregation ...

The Liquidity mining callpath sidecar owner can pull native tokens from the Dex

Lines of code Vulnerability details Impact The owner of liquidity mining sidecar can pull the native coins that are stored in the CrocSwapDex to reward the users. Proof of Concept The setConcRewards and setAmbRewards functions doesn't check if the quoted amount of rewards are actually sent by the...

Access control check in the setAmbRewards and setAmbRewards functions is missing

Lines of code Vulnerability details Impact Any user can call the setAmbRewards and setAmbRewards functions and set their values for weeklyReward, which opens up many attack vectors. For example, it is possible to set a large reward and withdraw all funds from the protocol. Proof of Concept functi...

VirtualAccount as a wallet can be called by anyone

Lines of code Vulnerability details A VirtualAccount represents a user wallet that allows the user to manage assets and perform remote interactions. But because payableCall method lacks any form of authentication it can be called by anyone. The call can be also executed directly to the desired...

An attacker can exploit the accruing liquidity functionality to accrue liquidity for more weeks than intended.

Lines of code Vulnerability details Instances The whole exploit works due to similar functionality being broken at these 4 instances: here, here, here and here. Impact An attacker can accrue both Position time weighted liquidity and Global time weighte...

Virtual account lacks access control

Lines of code Vulnerability details Impact The Virtual Account lacks access control on a function that allows arbitrary calls. This enables anyone to take any assets contained within the account. Proof of Concept The Virtual account has the requiresApprovedCaller modifier to prevent use from...

Incorrect srcAddress check renders all layerzero messages unusable

Lines of code Vulnerability details Impact The source address of LayerZero messages is validated on a wrong part of the calldata, which will cause all cross-chain-messages to fail on a live deployment. Proof of Concept The receivers of cross-chain-messages BranchBridgeAgent and RootBridgeAgent bo...

CoreRootRouter.executeDepositSingle FUNCTION REVERTS FOR SINGLE ASSETS DEPOSITS THUS FAILING THE TRANSACTION

Lines of code Vulnerability details Impact The RootBridgeAgent.lzReceiveNonBlocking function calls the respective RootBridgeAgentExecutor functions based on the flag parsed via the payload0. The payload0 == 0x02 stands for the Call with Deposit remote call. The...

calculateAPR and estimateAPR may return invalid results

Lines of code Vulnerability details Impact The capitalForScore function in the Prime contract calculates the capital for calculation of score using a price oracle. The function is called three times inside of the contract, where only in the calculateScore is the oracle updated using the following...

An irrevocable prime token holder can claim a revocable token after burning the initial one

Lines of code Vulnerability details Bug Description Here's the step-by-step description of this issue: 1. A user depositsXVSVault.deposit 10,000 XVS tokens for a certain period e.g., 90 days. 2. ACM issuesPrime.issue an irrevocable prime token to the user. 3. The user...

No zero address check in PrimeLiquidityProvider.sol:sweepTokens

Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesn’t implement such a check and we can see from the implementation of the function:...

Potential Fund Compromise via Malicious Token Insertion

Lines of code Vulnerability details Impact Since any token can be sent to the PrimeLiquidityProvider contract there is a great chance of an attacker sending a scam token with some legit value in it to lure the owner making him sweep those tokens and by doing so compromising the whole contract's...

Gas Limit Issues/DoS with Block Gas Limit

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get...

Prime.sol - User can claim Prime token without having any staked XVS, because his stakedAt isn't reset whenever he is issued an irrevocable token.

Lines of code Vulnerability details Impact Whenever a new Prime token is created, the users stakedAt is reset to 0. This happens when the user claim a revocable token and when he is issue a revocable token, but it does not happen when a user is issue an irrevocable token. This is issue function...

Users can deposit() even when Chainlink's price feed for CVX is stale

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...

Zero amount withdrawals of SafEth or Votium will brick the withdraw process

Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...

cvxPerVotium() calculation will return zero if all CVX tokens are pending withdrawal as obligations

Lines of code Vulnerability details Summary The implementation of cvxPerVotium contains an edge case that causes it to return an invalid zero value price. Impact The cvxPerVotium function present in the VotingStrategy contract is used to measure the number of held CVX tokens per vAfEth. 144:...

M-04 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation RewardableERC20claimAndSyncRewards rewardsPerShare += delta one / totalSupply; Some rewards might be locked inside the contract due to the rounding loss. Mitigation PR 896 Recalculated balanceAfterClaimingRewards to remove the...

AfEth deposits could use price data from an invalid Chainlink response

Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...

Functions in the VotiumStrategy contract are susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx and sellCvx functions call exchangeunderlying of Curve's ETH / CVX pool to buy and sell CVX respectively: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn...

Potential rewards stealing by manipulating CVX/ETH pool

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or obtains...

AfEth withdrawing will not work when ratio will be 0

Lines of code Vulnerability details Impact AfEth withdrawing will not work when ratio will be 0. It will be not possible to withdraw. Proof of Concept Any ratio for the 2 tokens of afEth can be set by owner. AfEth.withdraw function will not work in case if ratio will be 0, which means that safEth...

Users may not redeem the their tranche tokens and suffer loss.

Lines of code Vulnerability details Impact In case of the stablecoin depegging, users may may not redeem the their tranche tokens and suffer loss. Proof of Concept A tranche allows multiple stablecoins to be the currencies that users can deposit to get the tranche tokens. An example would be a...

Signature malleability in permit function

Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...

The price update timestamp doesn't get checked, allowing for the use of stale prices

Lines of code Vulnerability details Impact It allows for the use of stale prices in cases where they will either damage the protocol or the user. Proof of Concept The protocol has a price oracle system where the price gets updated by an account with a privileged role by calling updatePrice...

addPauser should be a two-step process in PauseAdmin.sol

Lines of code Vulnerability details Impact Adding new pauser should me two-step proccess. The identified issue pertains to the absence of a two-step process for adding a new pauser in the smart contract. This vulnerability could potentially allow an unauthorized entity to gain control over pausin...

previewWithdraw doesn't round up the asset amount leading to confusion when external protocols integrate with the vaults of the protocol

Lines of code Vulnerability details Impact Protocols, that integrate with Centrifuge liquidity pools may wrongly assume that withdraw rounds the amount up as per the ERC-4626 specification leading to a wide array or issues for both parties. Proof of Concept The following is stated in the EIP's...

Any user can drain the escrow contract by calling decreaseDepositRequest with more amount than they deposited into the escrow while requesting.

Lines of code Vulnerability details Impact In the protocol, users submit deposit requests to the Centrifuge gateway for depositing assets into the Liquidity Pools. There is also a mechanism to decrease this deposit order by calling LiquidityPool::decreaseDepositRequest which decreases their depos...

LiquidityPool inflation attack

Lines of code Vulnerability details Bug Description The LiquidityPool uses an algorithm that converts prices to shares through a linear relationship. For instance, if there are 10,000 assets and 100 shares, then holding 100 assets should yield 1 share. However, a situation arises when investor...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

Use of tx.origin breaks interoperability with AA wallets.

Lines of code Vulnerability details In OptionPositionMananger, several functions like close and sellOptions, need to call PMWithdraw, which calls PMTransfer. Then it is checked that tx.origin != user. However, smart contract wallet cannot be tx.origin, which means AA wallets will not be able to...

Fee on Transfer tokens cause incorrect accounting

Lines of code Vulnerability details Impact Incorrect accounting for fee on transfer tokens Proof of Concept Delegate accepts all ERC20 token types as specified by the contest page. Some ERC20 tokens include a fee on transfer which means means that the amount of tokens sent to the contract will be...

DelegateTokenRegistryHelpers::calculateDecreasedAmount() - Comment "Assumes the decreased amount won't underflow with "amount"", but it *can* underflow given the right value for parameter decreaseAmount, and is also inside unchecked {} block.

Lines of code Vulnerability details Impact Summary: Since the affected line is inside an unchecked block, the inbuilt solidity protection functionality wont revert this function execution on underflow, therefore the max uint256 value will be returned for calculateDecreasedAmount. Not only that, b...

checkERC1155BeforePull Function in DelegateTokenTransferHelpers

Lines of code Vulnerability details Description The checkERC1155BeforePull function in Contract XYZ has a potential issue where it reverts if pullAmount is equal to 0, which might not always be the desired behavior for ERC1155 tokens. Issue Details Context In DelegateTokenTransferHelpers.sol, the...

removeFromAllTicks should be done before getTVL

Lines of code Vulnerability details After the mitigation, the TR fee is directly sent to GE vault. Suppose 0.1 eth trading fee has accumulated in TR. uint vaultValueX8 = getTVL; uint adjBaseFee = getAdjustedBaseFeetoken == addresstoken0; // Wrap if necessary and deposit here if msg.value 0...

A malicious contract could steal assets via a flash loan

Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...

getActiveTickIndex implementation error

Lines of code Vulnerability details Impact The implementation of getActiveTickIndex is wrong, and the searched ticks do not meet expectations, causing funds to be incorrectly allocated to edge ticks, and there is basically no staking income. Proof of Concept // if base token is token0, ticks abov...

Owner cannot rescueToken if blocklisted.

Lines of code Vulnerability details Impact Token could be stuck if owner is blocklisted by the token. Proof of Concept rescueToken can be used to rescue token sent to the contracts. function rescueTokensaddress token external onlyOwner uint256 balance = IRWALiketoken.balanceOfaddressthis;...

Transaction origin check in ROE Markets make Options positions opened by contract users impossible to reduce or close

Lines of code Vulnerability details This issue was present in the original contest but I did not notice it as I did not have time to review OptionsPositionManager. The Roe Markets LendingPool.sol that OptionsPositionManager uses is a modified version of Aave V2 with an added PMTransfer...

Lack of Post-Allowance Verification Before Token Minting

Lines of code Vulnerability details The code checks if the user txn.sender is allowed via the ALLOWLIST. If not, it sets the user's status to "allowed". However, after this step, there's no subsequent verification to ensure the user has indeed been added to the ALLOWLIST before minting tokens to...

In the event of a fall in the price of USDY, the withdrawal of funds for the user may be blocked

Lines of code Vulnerability details Impact There is a wrap function called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap function . However, in the unwrap function, the user can have more funds in case the price of USDY falls. Based on the case...

Reorgs could revert the setRange function and lead to a long lasting stale price of USDY

Lines of code Vulnerability details Summary Reorgs could revert the setRange function and therefore lead to stale prices for a long time depending on the off chain protection, against it Vulnerability Details Here is the setRange function of the USDY price oracle: function setRange uint256...

Maybe you get the same txnHash for different transactions in DestinationBridge._execute()

Lines of code Vulnerability details Impact DestinationBridge.execute is a function that is executed when contract is called by Axelar Gateway -L114. The function calculates bytes32 txnHash = keccak256payload. txnHash is calculated based on payload. However, srcChain is not taken into account in...

Lack of Oracle Price Validation in rUSDY

Lines of code Vulnerability details Summary Ondo's custom oracle, RWADynamicOracle, is responsible for delivering the price of USDY to the rUSDY token contract. The oracle is called in four different functions for the price of USDY; the results of which are also used in core functions in the toke...

Improper precision of strike price calculation can result in broken protocol

Lines of code Vulnerability details Impact Due to a lack of adequate precision, the calculated strike price for a PUT option for rDPX is not guaranteed to be 25% OTM, which breaks core assumptions around 1 protecting downside price movement of the rDPX which makes up part of the collateral for...

Malicious actor can remove anyone's vote

Lines of code Vulnerability details Impact The GovernorCountingOverridable contract of the protocol is used to record the governance votes for different proposals and it allows the users to delegate their voting power to anyone. The handleVoteOverrides in the GovernorCountingOverridable contract...

Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id

Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...

The utilization of strict equality within the subtractLoss function is susceptible to straightforward manipulation by a potential attacker.

Lines of code Vulnerability details Impact If this equality condition is intentionally disrupted, it will result in the failure of all settlement processes carried out using the settle function. Proof of Concept Tools Used Manual review Recommended Mitigation Steps - collateral.balanceOfaddressth...