Rescue ETH at InfinityExchange.sol is incorrectly implemented

Lines of code Vulnerability details Impact Admins are unable to recover any ETH locked in the contract PoC The function rescueETHInfinityExchange.sol is incorrectly implemented. It is using msg.value instead of the balance of the contract function rescueETHaddress destination external payable...

Current implementation of arbitrary call execute failure handler may break some use case for example NFT bridge.

Lines of code Vulnerability details Impact Current implementation of arbitrary call execute failure handler may break some use case for example NFT Bridge. In the case of NFT Bridge, NFT may be lost forever. This is likely to be happened in the case of out of gas. Proof of Concept Relayer receive...

Malicious Relayer Could Cause A Router To Provide More Liquidity Than It Should

Lines of code Vulnerability details Proof-of-Concept Assume this is a fast-transfer path and the sequencer has a good reason e.g. some sophisticated liquidity load balancing algorithm to assign 3 routers to provide liquidity for a transfer of 90 DAI Therefore, each of them will provide 30 DAI...

Precision Loss During Division

Lines of code Vulnerability details Proof-of-Concept Assume that toSwap = 10 DAI and pathLen = 3 in this example. Therefore, the bridge will pull 10 DAI from the RouterFacet contract. However, within the BridgeFacet.handleExecuteLiquidity function, due to precision loss when solidity handles...

Incorrect calculation of startGasPerOrder will cause fund loss to the buyer of the last order due to mischarged gas cost

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; When the orders are matched by the MATCHEXECUTOR, the gas cost of each order is paid by the buyer in WETH, the amount gasCost is calculated based on startGasPerOrder, gasleft and...

Accidental ETH transfers to InfinityStaker cannot be withdrawn

Lines of code Vulnerability details The rescueETH function is meant to allow the contract owner to withdraw ETH accidentally sent to the contract. However, it will forward the exact ETH amount sent by the caller to the given destination address, rather than withdraw ETH from the contract balance:...

Executor and miner collusion and gas price

Lines of code Vulnerability details Impact The MATCHEXECUTOR can choose tx.gasprice and take the gas cost from a buyer. An executor can make a overly costly tx mined by a friendly miner and take extra profits. Proof of Concept and similar functions... Recommended Mitigation Steps There's no...

_transferNFTs() functions doesn't reverts if the transfer item doesn't supports interface for both ERC721 and ERC1155

Lines of code Vulnerability details Impact The transferNFTs function use ERC165 to check if the itemnft supports ERC721 interface or ERC1155 interface and execute transfer accordingly. But if it doesn't supports either, it just exits the functionno revert. Proof of Concept in...

Relayer Will Not Receive Any Fee If execute Reverts

Lines of code Vulnerability details Proof-of-Concept Connext relies on the relayer to trigger the BridgeFacet.execute function on the destination domain to initiate the token transfer and calldata execution processes. Relayers pay for the gas cost to trigger the execute function, and in return fo...

Funds(ETH) permanent lock on InfinityStaker.sol

Lines of code Vulnerability details Impact The rescueETH function does not work as expected and if the contract receives ETH, it gets stuck in the contract Proof of Concept If an addresswallet or contract send ETH to the InfinityStaker.sol contract, the owneradmin can't rescue the ETH because the...

attacker can perform griefing for process() in PromiseRouter by reverting calls to callback() in callbackAddress

Lines of code Vulnerability details Impact process in PromiseRouter is used for process stored callback function and anyone calls it gets callbackFee and it calls callback function of callbackAddress. but attacker set a callbackAddress that reverts on callback and cause process caller griefing...

Wrong implementation of withdrawAdminFees() can cause the adminFees to be charged multiple times and therefore cause users' fund loss

Lines of code Vulnerability details function withdrawAdminFeesSwap storage self, address to internal IERC20 memory pooledTokens = self.pooledTokens; for uint256 i = 0; i pooledTokens.length; i++ IERC20 token = pooledTokensi; uint256 balance = self.adminFeesi; if balance != 0 token.safeTransferto,...

Maker order buyer is forced to reimburse the gas cost at any tx.gasprice

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; // if the execution currency is weth, we can send the protocol fee and gas cost in one transfer to save gas // else we need to send the protocol fee separately in the execution...

in reimburseLiquidityFees() of SponserVault contract swaps tokens without slippage limit so its possible to perform sandwich attack and it create MEV

Lines of code Vulnerability details Impact when code swaps tokens it should specify slippage but in reimburseLiquidityFees code contract calls tokenExchange.swapExactIn without slippage and it's possible to perform sandwich attack and make contract to swap on bad exchange rates and there is MEV...

Should also check balanceOfRewards in _withdrawAll()

Lines of code Vulnerability details Impact withdrawAll should check that all of your positions are unwinded. It does check balanceOfPool and LOCKER.balanceOf. Then withdrawToVault in BaseStrategy.sol can transfer all want to the vault. But it doesn’t check reward tokens. want could also be one of...

prepareWithdrawAll should not be external

Lines of code Vulnerability details Impact Despite commented as Internal Core Implementations, prepareWithdrawAll is external. There also lack guarantee that prepareWithdrawAll is called before withdrawAll. Proof of Concept /// ===== Internal Core Implementations ===== function prepareWithdrawAll...

harvest() can be frontrun, to make the AURABAL token stuck

Lines of code Vulnerability details Impact In the LOCKER contract https://etherscan.io/address/0x3Fa73f1E5d8A792C80F426fc8F84FBF7Ce9bBCACcode anyone can call getreward for any account, therefore an attacker can frontrun an authorized actor, by calling getrewardaddressmyStrategy, before the harves...

_sendTokenToBribesProcessor() doesn't check bribesProcessor's address. Could cause permanent loss of fund

Lines of code Vulnerability details Impact In sendTokenToBribesProcessor, it sends tokens to bribesProcessor. It seems to be ok because claimBribesFromHiddenHand will confirm that bribesProcessor is not address0. sweepRewardToken also triggers sendTokenToBribesProcessor. But it doesn’t check...

Claiming BADGER bribes and sweeping BADGER rewards tokens is broken

Lines of code Vulnerability details Impact Twice the amount of BADGER tokens are sent to badgerTree within the MyStrategy.sendBadgerToTree function. Due to insufficient BADGER tokens, this will break the following functionalities: MyStrategy.sweepRewardToken L107-L113 function...

Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back.

Lines of code Vulnerability details Impact Yearn Curve vault can be removed without withdrawing all deposited tokens. Causing these token to be locked forever unless an owner is added this vault back. Proof of Concept function removeVaultaddress vault external onlyOwner requirevaultsvault !=...

Upgraded Q -> M from 143 [1655579880057]

Judge has assessed an item in Issue 143 as Medium risk. The relevant finding follows: L-04 safeTransferETH should perform simple ETH transfers and don’t forward 30k gas Link: Being a simple funds transfer, having a fallback of a WETH deposit, there should be no extra gas involved when potentially...

User can bypass entryFee by sending arbitrary calldata to ParaSwap operator

Lines of code Vulnerability details Impact Any user is able to bypass the entryFee collection when using NestedFactory.create by passing in arbitrary calldata when using the ParaSwap router. High level, a user can pass in calldata to swap from a miniscule amount of input token to an ERC777 with...

YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut

Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...

DOS on operation execution

Lines of code Vulnerability details Impact A malicious proposer can keep on cancelling all pending operations so that none of the transactions get executed. Admin also has no way to remove the malicious proposer Proof of Concept 1. Proposer A calls schedule function to schedule an operation 2...

Attacker can grief users from withdrawing their tokens and causing users to loose money

Lines of code Vulnerability details Impact balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues: 1. vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when...

Missing reentrancy protections

Lines of code Vulnerability details Impact The files below contain both deposit and withdraw functions which seem re-entrable at the point of calls that transfer tokens. The functions do not fully follow a checks-effects-interactions pattern, thus they can be re-entered multiple times. Depending ...

Too many setToken modules may cause gas limit error

Lines of code Vulnerability details Impact Too many setToken modules may cause gas limit error. Has these impacts: 1. These setToken can't be initialized in NotionalTradeModule 2. Cannot remove any module from that setToken Proof of Concept / @dev MANGER ONLY: Initialize given SetToken with initi...

Wrapped idiosyncratic (non-tradable) fCash can possibly not be unwrapped prior to maturity

Lines of code Vulnerability details What is idiosyncratic fCash? Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of th...

Did Not Enforce fCash To Be A Component Of SetToken Before Minting

Lines of code Vulnerability details Proof-of-Concept Assume that the manager decided to add a fCash position called "Wrapped fDAI @ 10 October 2022", which will mature at 10 October 2022, to the SetToken. To do so, the manager will call the NotionalTradeModule.mintFCashPosition function. The...

NotionalTradeModule._approve() function is missing return value check.

Lines of code Vulnerability details Impact NotionalTradeModule.mintFCashPosition wouldn't work properly when approve function fails to approve without reverting. Proof of Concept This approve function performs an ERC20.approve call but does not check the success return value. Some tokens do not...

Upgraded Q -> H from 25 [1655007954017]

Judge has assessed an item in Issue 25 as High risk. The relevant finding follows: Fees should have a boundary of 100% 10000: Otherwise the contract will try to transfer more than possible which will result in reverts: It might also be helpful the have an fixed upper boundary that doesn't allow t...

Upgraded Q -> M from 268 [1654474507101]

Judge has assessed an item in Issue 268 as Medium risk. The relevant finding follows: High feeRate can break core protocol function PROBLEM There is no maximum input value on setFee in Cally.sol. But if the owner sets it to a uint greater than 1e18, the users will not be able to call exercice as...

Upgraded Q -> M from 74 [1654474884998]

Judge has assessed an item in Issue 74 as Medium risk. The relevant finding follows: Protocol does not support fee-on-transfer tokens The tokenIdOrAmount established in createVault prevents buyers from exercise their option because addressthis holds less than tokenIdOrAmount due to the transfer...

Upgraded Q -> M from 135 [1654503723748]

Judge has assessed an item in Issue 135 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 135 [1654503715861]

Judge has assessed an item in Issue 135 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 294 [1654474576938]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Owner can frontrun exercise to increase fees A malicious owner account can observe and frontrun calls to exercise and extract 100% of the strike price as a protocol fee. Scenario: A malicious owner observes a ca...

Upgraded Q -> M from 124 [1654442937681]

Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-006 : The Contract Should Approve0 first Impact Some tokens like USDT L199 do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the...

Buyer can take from a seller an item they had not offered

Lines of code Vulnerability details Impact Orders in Seaport can involve "criteria-based items", in which case it isn't one specific item that can fulfill the order but any one of a set of items. This set of items is the "criteria", and it is specified in the order as the merkle root of a merkle...

THE FIRST AMM STAKER MAY NOT RECEIVE ACCORDING REWARDS BECAUSE OF POOR CHECKPOINTS

Lines of code Vulnerability details Impact The first staker within the AmmGauge may not get the rewards if the pool is not checkpointed right after he stakes and before he wants to claim the rewards. Proof of Concept A testing environment that reproduces how the protocol is going to be deployed a...

Does not set the offerer as the recipient if execution amount is nonzero

Lines of code Vulnerability details Impact Order structures will be corrupted through invalid fulfillment application logic. Proof of Concept Tools Used Manual inspection Recommended Mitigation Steps Change to // Set the offerer as the receipient if execution amount is nonzero. if...

A malicious filler can fill a partial order in such a way that the rest cannot be filled by anyone

Lines of code Vulnerability details Impact For filling a partial order, because Seaport accepts any representation of a fraction, a malicious filler can provide a giant fraction unreduced. This would severely limit what orders can be filled afterwards and in some cases making any more fills...

call() should be used instead or transfer() on an address payable

Lines of code Vulnerability details This is a classic Code4rena issue: code-423n4/2021-04-meebits-findings2 code-423n4/2021-10-tally-findings20 code-423n4/2022-01-openleverage-findings75 Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail...

RewardHandler.soland FeeBurner.sol will fail due to inexistent AddressProvider.sol getter functions

Lines of code Vulnerability details Impact FeeBurner.burnToTarget and RewardHandler.burnFees will fail every time because addressProvider.getSwapperRouter, addressProvider.getBKDLocker and addressProvider.getFeeBurner are not implemented in AddressProvider.sol. Proof of Concept getSwapperRouter,...

uint120 overflow for partially fillable orders in OrderValidator.sol

Lines of code Vulnerability details Repo commit referenced: 49799ce156d979132c9924a739ae45a38b39ecdd Impact In the lines OrderValidator.solL223-L239 where the orderStatus for an orderHash gets updated: orderStatusorderHash.numerator = uint120 filledNumerator + numerator ;...

Wrong items length assertion in basic order

Lines of code Vulnerability details When fulfilling a basic order we need to assert that the parameter totalOriginalAdditionalRecipients is less or equal than the length of additionalRecipients written in calldata. However in prepareBasicFulfillmentFromCalldata this assertion is incorrect L346: /...

infalting the price of tokens to your benfit and no reentracy gaurd you can make your own function for stakefor

Lines of code Vulnerability details Low: you can mint a lot of tokens to contract and inflating the price of tokens and if there is no of getting tokens out of the contract plus if in stakefor function call the function aboves and since there checks and effects patterns are not implemented or...

Gauge Rewards Stuck In VoterProxy Contract When ExtraRewardStashV3 Is Used Within Angle Deployment

Lines of code Vulnerability details Note: This report aims to discuss the issue encountered when ExtraRewardStashV3 is used within Angle Deployment. There is also another issue when ExtraRewardStashV2 is used within Angle Deployment, but I will raise it in a separate report since ExtraRewardStash...

Missing inheritance makes fulfillBasicOrder() in Consideration.sol non-functional

Lines of code Vulnerability details Impact fulfillBasicOrder in Consideration.sol would not function properly since the call in line 83 - validateAndFulfillBasicOrder is not possible as there's no existing function for it due to a missing inheritance. Users will not be able to fulfill any Basic...

you should always approve zero amount because some contracts need it to interact with it (ust)

Lines of code Vulnerability details :make sure approval is zero first because there are contract that need to approve 0 becaues otherwise alot of contract will fail if approve is not zero first not a user then you can have a problem with ust contract which needs to approved 0 :mitigation:approve ...

Using ExtraRewardStashV2 In Angle Deployment Will Cause Gauge Rewards To Be Frozen

Lines of code Vulnerability details Note: This report aims to discuss the issue encountered when ExtraRewardStashV2 is used within Angle Deployment. There is also another issue when ExtraRewardStashV3 is used within Angle Deployment, but I will raise it in a separate report since ExtraRewardStash...