length OF THE BYTES ARRAY IS NOT CHECKED BEFORE SUBSTRING IS EXTRACTED FROM IT, WHICH COULD LEAD TO SUBSTRING OF bytes(0)

Lines of code Vulnerability details Impact In RRUtils.readDNSKEY function, if the length == 4 then the self.publicKey will be an empty bytes array. No check is performed to validata the length variable. This will return the public key of the DNSKEY as an empty bytes array. Check should be perform...

The resolver address is redeclared in the "proveAndClaimWithResolver" function, which may cause a potential vulnerability.

Lines of code Vulnerability details Impact The vulnerability may allow an attacker to use a different address and potentially exploit the system for their own gain Proof of Concept address public immutable resolver; The proveAndClaimWithResolver function redeclares the resolver variable even thou...

Upgraded Q -> 2 from #623 [1682589089611]

Judge has assessed an item in Issue 623 as 2 risk. The relevant finding follows: L‑05 Stuck dust in SafEth contract for division When stake in the contract SafEth some WEIs could be stuck in the contract because the equation uint256 ethAmount = msg.value weight / totalWeight;, in example: ethAmou...

SHA1Digest Contract Vulnerability

Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...

verifySignatureWithKey - RRSIG RR's Signer's Name is never checked if it matches owner name

Lines of code Vulnerability details Impact According to RFC 4035 and as mentioned in the comments in function "verifySignatureWithKey" , the Signer's name should also be checked if it matches the owner name. If the Signer's Name field of an RRSIG record does not match the owner name of a DNSKEY...

function restructureCapTable() in Equity.sol not functioning as expected

Lines of code Vulnerability details Impact Incorrect typo in function restructureCapTable leading to only burning tokens of first address of addressToWipe array arguement. Proof of Concept Here, in L313, addressToWipe0 only takes first address of the array. While ignoring the rest and also since...

can launch a challenge without any collateral in MintingHub.sol

Lines of code Vulnerability details Impact launchChallenge... function in MintingHub.sol ignores return value by challenge.position.collateral.transferFrom Several tokens do not revert in case of failure and return false. If the token used as collateral return false, the user can launch a challen...

The minter can steal the Frankencoin in notifyLoss()

Lines of code Vulnerability details Impact The minter can steal the Frankencoin in notifyLoss because of In this code: if reserveLeft = amount transferaddressreserve, msg.sender, amount; The minter can call the function notifyLoss Constantly. When reserveLeft = amount, the minter who call the fir...

Anyone can open any position with no init period

Lines of code Vulnerability details Impact Anyone can immediately open a malicious position by calling openPosition... and passing 0 as initPeriodSeconds. Proof of Concept The function on line has public visibility, whereas I suspect it should be private. This effectively means anyone can mint an...

Underflow in suggestMinter function

Lines of code Vulnerability details Impact The suggestMinter function in the smart contract allows users to suggest a new minter address by specifying an application period, an application fee, and a message. The function sets the mintersminter mapping to the current block timestamp plus the...

An attacker can mint himself many tokens for free by cloning a position and adjusting its price

Lines of code Vulnerability details Impact A malicious attacker can mint himself the max limit amount of tokens of any position for free, by cloning a position and manipulating its price. Proof of Concept Steps overview: 1. a The attacker clones an existing position 2. b The attacker sets the pri...

ETHCrowdfundBase#_calculateRefundAmount can return too many funds to users and brick refunds

Lines of code Vulnerability details Impact Malicious user can honeypot and grief users causing loss of funds Proof of Concept ETHCrowdfundBase.solL227-L230 if fundingSplitRecipient != address0 && fundingSplitBps 0 uint96 feeAmount = amount fundingSplitBps / 1e4; amount -= feeAmount; When a user...

Contributors wouldn't claim their party cards from the finalized ReraiseETHCrowdfund by a malicious crowdfund creator.

Lines of code Vulnerability details Impact With the custom min/maxContributions settings, contributors wouldn't claim their part cards after the ReraiseETHCrowdfund was finalized. As a result, their funds will be locked inside the party forever because they can't claim from TokenDistributor witho...

Voters can call VetoProposal.voteToVeto() as many times as they like.

Lines of code Vulnerability details Impact Each voter can veto a proposal if they want by calling voteToVeto several times to pass the passThresholdBps. Proof of Concept Every voter shouldn't vote several times, otherwise, the voting system will be broken. But voteToVeto doesn't check the already...

Upgraded Q -> 2 from #219 [1681246395864]

Judge has assessed an item in Issue 219 as 2 risk. The relevant finding follows: Emojis split in different lines --- The text was updated successfully, but these errors were encountered: All reactions...

PartyGovernanceNFT.sol: burn function does not reduce totalVotingPower making it impossible to reach unanimous votes

Lines of code Vulnerability details Impact With the new version of the Party protocol the PartyGovernanceNFT.burn function has been introduced. This function is used to burn party cards. According to the sponsor the initial purpose of this function was to enable the InitialETHCrowdfund contract t...

Upgraded Q -> 2 from #13 [1680615156614]

Judge has assessed an item in Issue 13 as 2 risk. The relevant finding follows: Lines of code Vulnerability details Impact The MuteBond.deposit function allows the user to purchase a bond with LP tokens and receive MUTE tokens in return. The bondPrice increases linearly over time which I should...

Upgraded Q -> 2 from #17 [1680620718364]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-05 Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...

Attacker can steal the locked NFT in protocol because of lacking check in function borrowToBuy()

Lines of code Vulnerability details Impact In function borrowToBuy, the borrower takes a loan offer and uses the funds to purchase NFT. / Take the loan offer. / takeLoanOfferoffer, signature, lienId, loanAmount, collateralTokenId; / Lock token. / offer.collection.transferFrommsg.sender,...

An edge case in amplifier allows user to stake after end time, causing reward to be locked in the contract

Lines of code Vulnerability details Proof of Concept Observe that if nobody has staked after the period has ended, it's still possible for a single user to stake even though the period has ended. if firstStakeTime == 0 firstStakeTime = block.timestamp; else requireblock.timestamp if...

MuteBond.sol: deposit function reverts if remaining payout is very small due to >0 check in dMute.LockTo function

Lines of code Vulnerability details Impact I will show in this report how the MuteBond.deposit function can experience a temporary DOS. The attacker or just any other user by mistake or by not knowing about it can receive a payout from the deposit function that puts the payoutTotal of the current...

WstEth.withdraw() improper implementation of slippage check

Lines of code Vulnerability details Impact In the current implementation of withdraw, the amount is not controlled by minOut. Impact: Users can get rekt. Proof of Concept function withdrawuint256 amount external onlyOwner IWStETHWSTETH.unwrapamount; uint256 stEthBal =...

Reth.poolCanDeposit checks only two out of three conditions

Lines of code Vulnerability details Impact Staking is blocked. Proof of Concept When staking the deposit of each derivative is called. Reth.deposit deposits in the Rocket Pool directly if possible. To decide if this is possible it uses Reth.poolCanDeposit which returns whether the deposit pool si...

DOS attack to RedeemTo() and GetUnderlyingTokens(), leading to loss of funds.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An attacker can launch a DOS attack to RedeemTo and GetUnderlyingTokens so that it will always fail for a particular account, say Bob. In this way, Bob will not be able to redeem the MuteToken locked...

Upgraded Q -> 3 from #74 [1679875886032]

Judge has assessed an item in Issue 74 as 3 risk. The relevant finding follows: Exchange Rate can be manipulated if positions are big enough for a long enough time --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #60 [1679803414194]

Judge has assessed an item in Issue 60 as 3 risk. The relevant finding follows: LiquidityPool.sol: The deposit queue processing in processDeposits reads the price of the liquidity token only once at the start of the loop so this means that some queued deposits may not incur price slippage dependi...

Upgraded Q -> 2 from #99 [1679874011180]

Judge has assessed an item in Issue 99 as 2 risk. The relevant finding follows: 02 VaultToken.setVault FUNCTION IS CALLABLE BY ANYONE, AND DEV TEAM'S VaultToken.setVault TRANSACTION CAN BE FRONTRUN BY MALICIOUS ACTOR --- The text was updated successfully, but these errors were encountered: All...

Upgraded Q -> 2 from #211 [1679800480796]

Judge has assessed an item in Issue 211 as 2 risk. The relevant finding follows: L-4 LiquidityPool processWithdraws overwrites returnedAmount for withdrawals processed in multiple steps The returnedAmount field in the QueuedWithdraw struct is incorrectly overwritten when the withdraw is processed...

Upgraded Q -> 2 from #60 [1679803335439]

Judge has assessed an item in Issue 60 as 2 risk. The relevant finding follows: LiquidityPool.sol: If the fee recipient is not set then all LP operations such as deposits and withdrawals will fail. Consider making fee transfers optional depending on whether a fee recipient and percentage is set -...

Upgraded Q -> 2 from #29 [1679672352018]

Judge has assessed an item in Issue 29 as 2 risk. The relevant finding follows: M-02 Division before multiplication incurs unnecessary precision loss 29 --- The text was updated successfully, but these errors were encountered: All reactions...

No access control in mint function

Lines of code Vulnerability details Impact Canto Bio Protocol: Should allow the association of a single biography to an identity address The mint function does not have any access control mechanism in place, allowing anyone to mint multiple Bio NFTs. This could lead unwanted minting of bios. Tool...

A user can override a namespace created by another user, using the same name

Lines of code Vulnerability details Impact Let's say: Julian, and Juliet minted separate trays of characters in the Tray contract Julian approves Alice to mint a Namespace subprotocol NFT with the name Ali😀 Juliet also approves Alite to mint a Namespace subprotocol NFT with the name Ali😀 If a...

Profile Picture: Address Registry should maintain storage between consecutive deploys

Lines of code Vulnerability details H-01 Profile Picture: Address Registry should maintain storage between consecutive deploys This vulnerability is more in the code of Canto Identity Protocol, but it impacts the ProfilePicture Subprotocol. A ProfilePicture NFT with id=pfpId is linked to a CID NF...

Unprotected setVault function can be frontrun to set the attacker controlled vault address

Lines of code Vulnerability details Impact Unprotected setVault function from VaultToken.sol can be frontrun to set the attacker controlled vault address. Once attacker controlled vault address is set as a vault, attacker can mint large amount of tokens for himself and also able to burn other use...

Uneven deduction of performance fee causes some KangarooVault users to lose part of their token value

Lines of code Vulnerability details In KangarooVault.resetTrade, a performanceFee is charged upon closing of all positions, on the premiumCollected. This is inconsistent with getTokenPrice as premiumCollected is factored in the token price computation, while the performanceFee is not. This leads ...

KangarooVault.removeCollateral doesn't remove collateral from the EXCHANGE

Lines of code Vulnerability details Impact The owner of the KangarooVault can't receive collateral from EXCHANGE when he wants to remove collateral from the vault. Proof of Concept KangarooVault.removeCollateral doesn't remove collateral from the EXCHANGE. KangarooVault interacts with EXCHANGE, a...

SVG script injection in Bio.tokenURI

Lines of code Vulnerability details Impact Bio.tokenURI function returns an encoded SVG that is supposed to be parsed by a browser or another tool. A hacker can inject a malicious script in the SVG element by minting Bio NFT with a bio with a javascript .... Depending on how this SVG element is...

Tray tile characterIndex values (via PRNG) can be manipulated by miners

Lines of code Vulnerability details Impact By manipulating the ordering of transactions in blocks, miners could manipulate the characterIndex values of a Tray's tiles. This could result in miners being able to specifically select characterIndex values that they want for specific Tray tiles, rathe...

Why does prelaunch checking do only for namespaceNFT case in Tray.burn?

Lines of code Vulnerability details Impact In function Tray.burnid, we can see prelaunchMinted checking. But that part is inside if msg.sender == namespaceNFT. We should take care about it in all cases. Proof of Concept function burnuint256 id external address trayOwner = ownerOfid; if namespaceN...

No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol

Lines of code Vulnerability details Impact The "to" address can be zero address while converting from uint256 to uint160. Proof of Concept // SPDX-License-Identifier: GPL-3.0 pragma solidity ^0.8.0; contract Test uint256 public to = 2160; function check external view assertaddressuint160to ==...

Unchecked msg.value will lead to losing funs inside the contract

Lines of code Vulnerability details Impact While paying for the transaction, function payForTransaction bytes32, // txHash bytes32, // suggestedSignedHash Transaction calldata transaction external payable ignoreNonBootloader ignoreInDelegateCall //@audit-issue no checks that actulayy there is...

Incorrect usage of EIP-150

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Users pay excessive gas cost for sending bytecode hashes to L1

Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...

A user can mint a PFP NFT multiple times using the same _nftId

Lines of code Vulnerability details Impact A user might unintentionally "intentionally" try to take advantage of the mint function in ProfilePicture.sol Proof of Concept The pfp mapping stores the pfp data per NFT, L31-32 of Profilepicture.sol /// @notice Stores the pfp data per NFT mappinguint25...

Attacker could potentially burn the token balance of totalSupply and L2EthContract

Lines of code Vulnerability details Impact Attacker potentially can burn all L2EthContract and totalSupply tokens Proof of Concept function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount;...

Misconfiguration of LP token contract

Lines of code Vulnerability details Impact If the LP token contract is set to a non-contract address or a no-revert-on-transfer token, users will be able to: 1. Mint huge amounts of BYTES 2.0 tokens. 2. Drain the contract of all its LP tokens. Vulnerability Details Throughout the contract, it is...

Staker can withdraw a staked LP token amount that is small enough to ensure that lpPosition.points does not change when calling NeoTokyoStaker._withdrawLP function and cause extra reward shares, which the staker is not entitled to, to be minted to the staker when calling lpPosition.getPoolReward function later

Lines of code Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw function, which further calls the following NeoTokyoStaker.withdrawLP function, to withdraw each of such...

Some Amount of tokens will be left behind in BYTES 1.0

Lines of code Vulnerability details Impact If user wants to upgrade all its token he won't be able to do that. Proof of Concept Let's see what is happening function upgradeBytes uint256 amount external if IERC20BYTES1.balanceOfmsg.sender amount revert DoNotHaveEnoughOldBytesamount; During the...

Newly staked LP tokens' end time can overwrite previously staked LP tokens' end time

Lines of code Vulnerability details Impact When the following NeoTokyoStaker.stakeLP function is called for the first time to stake some LP tokens, stakerLPPositionmsg.sender.timelockEndTime = block.timestamp + timelockDuration is executed. Then, calling this function for a second time to stake...

Possible loss of rewards when staking non-component vaults

Lines of code Vulnerability details Impact Users could gain less rewards if they stake a non-component vault, as compared to reassembling their S1 Citizen with the vault and and staking it as a component vault. Vulnerability Details From the repository's README.md: S1 Citizens without a component...