Some Amount of tokens will be left behind in BYTES 1.0

Lines of code Vulnerability details Impact If user wants to upgrade all its token he won't be able to do that. Proof of Concept Let's see what is happening function upgradeBytes uint256 amount external if IERC20BYTES1.balanceOfmsg.sender amount revert DoNotHaveEnoughOldBytesamount; During the...

Newly staked LP tokens' end time can overwrite previously staked LP tokens' end time

Lines of code Vulnerability details Impact When the following NeoTokyoStaker.stakeLP function is called for the first time to stake some LP tokens, stakerLPPositionmsg.sender.timelockEndTime = block.timestamp + timelockDuration is executed. Then, calling this function for a second time to stake...

Possible loss of rewards when staking non-component vaults

Lines of code Vulnerability details Impact Users could gain less rewards if they stake a non-component vault, as compared to reassembling their S1 Citizen with the vault and and staking it as a component vault. Vulnerability Details From the repository's README.md: S1 Citizens without a component...

Upgraded Q -> 2 from #345 [1678798679676]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Issue 2 - Undermining the fairness of the protocol in swapSource and possibilities for stealing a jackpot --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #493 [1678589994012]

Judge has assessed an item in Issue 493 as 2 risk. The relevant finding follows: L-02 --- The text was updated successfully, but these errors were encountered: All reactions...

createDao is suspicious of the reorg attack

Lines of code Vulnerability details Description The createDao function creates a dao contract via create opcode. The trace is createDao = createDAO=createERC1967Proxy. The address of the newly created contract depends on the DAOFactory nonce. At the same time, block reorg may happen on any...

AddresslistVoting.removeAddresses txn can be monitored to create proposal and cast vote.

Lines of code Vulnerability details Impact The AddresslistVoting contract contains removeAddresses function to remove the addresses from address list. function removeAddresses address calldata members external authUPDATEADDRESSESPERMISSIONID removeAddressesmembers; emit MembersRemovedmembers:...

Malicious member can steal funds from the DAO contract.

Lines of code Vulnerability details Impact The malicious member can steal assets from DAO protocol. Proof of Concept The protocol allows the member to have the voting power to create a proposal createProposal. Where the action struct in the parameter refers to be consumed by the DAO's execute...

User may force fail the action from the DAO:execute

Lines of code Vulnerability details Description The execute function from the DAO.sol contract allow to execution of any call to any address if the caller has appropriate permission. Some calls are expected to be always successfully executed, and some may revert and execute will continue the...

Accounting for totalTicketsForReferrersPerDraw is not correct in referralRegisterTickets

Lines of code Vulnerability details Impact When referralRegisterTickets is called, accounting for totalTicketsForReferrersPerDraw is not correct. totalTicketsForReferrersPerDraw for currentDraw should be updated when unclaimed tickets for referrer meets the minimun eligible criterial in currentDr...

Incorrect usage of safeTransferFrom() function . This permanently traps ticketPrice in sender address (msg.sender )

Lines of code Vulnerability details Impact Because the callermsg.sender never gives approval for ERC20 transfers, calls to safeTransferFrom on the contract will revert with insufficient approval. This will trap from caller and unable to transfer ticketPrice to Lottery contract address. The root...

Upgraded Q -> 2 from #17 [1678363178694]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...

Gas griefing is possible on unsafe external calls on execute

Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...

Risk of flashloan attacks in the Staking contract

Lines of code Vulnerability details Impact An attacker can steal a large amount of rewardsToken from the Staking contract by using flashloans, thus all the users will receive less rewards for their staked amounts. Proof of Concept In the Staking contract any user can stake a given amount of...

Source can change the result of the Lottery

Lines of code Vulnerability details Impact The loss of lottery winnings and incorrect distribution of funds Proof of Concept Reentrancy in Lottery.receiveRandomNumberuint256 src/Lottery.sol203-232: External calls: - winAmountdrawFinalizedselectionSize = drawRewardSizedrawFinalized,selectionSize /...

TicketUtils#reconstructTicket is biased towards lower numbers and allows gaming of odds

Lines of code Vulnerability details Impact Probability of lower numbers is higher and odds can be gamed Proof of Concept for uint256 i = 0; i selectionSize; ++i numbersi = uint8randomNumber % currentSelectionCount; randomNumber /= currentSelectionCount; currentSelectionCount--; To determine the...

referralRegisterTickets there is an inaccurate calculation of the total number of tickets for referrers

Lines of code Vulnerability details Impact There is an inaccurate total ticket count for referrers, that is, when the number of unclaimed tickets for referrers has reached the minimum EligibleReferralscurrentDraw, but when the number of referrer tickets is added to the new number of tickets will...

The claimWinningTickets() function does not include a check to ensure that the caller owns the tickets, or if has already been claimed

Lines of code Vulnerability details The claimWinningTickets function in the contract contains multiple vulnerabilities that can result in a loss of funds for the contract and its users. Firstly, the function can be called by anyone, even if they are not the owner of the ticket, allowing malicious...

The minimum values of selectionMax and selectionSize are not verified when creating a lottery, which may create an unreasonable lottery

Lines of code Vulnerability details Summary src/LotterySetup.sol constructorLotterySetupParams memory lotterySetupParams if addresslotterySetupParams.token == address0 revert RewardTokenZero; if lotterySetupParams.ticketPrice == uint2560 revert TicketPriceZero; if lotterySetupParams.selectionSize...

Funds can be stuck in DAO contract

Lines of code Vulnerability details Impact The DAO contract allows for depositing tokens and native coins, but it does not properly account received funds neither allows it to withdraw them afterwards. Due to that, anyone depositing into DAO contract won't be able to withdraw their funds. Proof o...

setWithdrawalQueue never removes items from the queue and can get out of gas

Lines of code Vulnerability details Impact setWithdrawalQueue calls delete, this sets to 0 each element of the array rather than removing elements what it's done with .pop. After that, strategies are pushed in a for loop, therefore, each time setWithdrawalQueue is called, length of the queue is...

CommunityIssuance doesn't check the return value of OathToken.transferFrom() and OathToken.transfer()

Lines of code Vulnerability details Impact The function CommunityIssuance.fund calls OathToken.transferFrom but doesn't check the return value, which indicates whether the transfer succeeded or failed. Similarly, the function CommunityIssuance.sendOath calls OathToken.transfer but doesn't check t...

Redemption fee increase can be thwarted

Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...

CommunityIssuance.sol – Stability pool can manipulate time stamps with the fund function to issue more oath than appropriate.

Lines of code Vulnerability details If lastDistributionTime is set to a date in the future, it would allow the issueOath function to continue to mint tokens even after it should have stopped. This is because the if statement in issueOath checks whether the current time is greater than...

The design defect of the ActivePool rehypothecation mechanism, ReaperVaultV2 administrators have too much authority and have the conditions and motives to do evil, so make users lack trust in the ETHOS system (crisis of trust)

Lines of code Vulnerability details Impact In the design logic of the current system, ActivePool holds all the collaterals of active troves and deposits part of them in ReaperVaultV2 for re-mortgaging. If the deposit and withdraw functions of ReaperVaultV2 revert, Core functions such as borrowing...

Decay interval can be extended

Lines of code Vulnerability details Impact The half-life defined by MINUTEDECAYFACTOR can be extended from 12h up to 24h. Proof of Concept minutesPassed is truncated to the minute. This means that the actual time passed may be up to a minute more than calculated. updateLastFeeOpTime is used to on...

Lack of logic to mint OATH within the CommunityIssuance#issueOath(), which results in that entire OATH insurance mechanism will not work properly

Lines of code Vulnerability details Impact OATH will be never minted issued when the the CommunityIssuanceissueOath would be called. As a result, OATH will be never provided to the market. This results in that the treasury will be never able to buy the OATH from the market. This lead to a bad...

Upgraded Q -> 2 from #625 [1677633526031]

Judge has assessed an item in Issue 625 as 2 risk. The relevant finding follows: 4. lastHarvest variable inside AdapterBase will never be updated after a successful harvest,this will create big problems related to all the harvest function inside AdapterBase by making this function unusable,in fac...

Upgraded Q -> 2 from #19 [1677669261110]

Judge has assessed an item in Issue 19 as 2 risk. The relevant finding follows: KFC-03L: Inexistent Duplicate Entry Prevention Affected Lines: L175-L180 The KUMAFeeCollector::changePayees function does not adequately sanitize the new payees, permitting duplicate entries to exist which will cause...

Upgraded Q -> 2 from #596 [1677228840417]

Judge has assessed an item in Issue 596 as 2 risk. The relevant finding follows: withdraw and redeem function withdraw IERC4626 vault, address to, uint256 amount, uint256 maxSharesOut public payable virtual override returns uint256 sharesOut ERC20addressvault.safeApproveaddressvault, amount; if...

Upgraded Q -> 3 from #148 [1677186744098]

Judge has assessed an item in Issue 148 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact Detailed description of the impact of this finding. buyoutLien in LienToken.sol failes to update the new PublicVault's slope, yIntercept, and s.epochData....liensOpenForEpoc...

Doubling of KIBToken balances

Lines of code Vulnerability details Impact The KIBToken.transfer function overrides the ERC20Upgradeable.transfer function and adds custom logic. The modified function looks like this: function transferaddress from, address to, uint256 amount internal override // ... uint256 startingFromBalance =...

Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...

Value of totalProfit might be wrong because of wrong logic in function sellMalt()

Lines of code Vulnerability details Impact Contract SwingTraderManager has a totalProfit variable. It keeps track of total profit swing traders maded during sellMalt. However, the logic for accounting it is wrong so it will not have the correct value. As the results, it can affect other contracts...

Unnecessary precision loss in redeemKIBT()

Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...

Average APRs might be calculated wrongly after calling populateFromPreviousThrottle().

Lines of code Vulnerability details Impact Average APRs might be calculated wrongly after calling populateFromPreviousThrottle and targetAPR might be changed unexpectedly. Proof of Concept The epoch state struct contains cumulativeCashflowApr element and cashflowAverageApr is used to adjust...

RewardThrottle.setTimekeeper: If changing the timekeeper causes the epoch to change, it will mess up the system

Lines of code Vulnerability details Impact RewardThrottle.setTimekeeper allows POOLUPDATERROLE to update the timekeeper when RewardThrottle is active, function setTimekeeperaddress timekeeper external onlyRoleMaltPOOLUPDATERROLE, "Must have pool updater privs" requiretimekeeper != address0, "Not...

LinearDistributor.declareReward() might revert after changing vestingDistributor.

Lines of code Vulnerability details Impact LinearDistributor.declareReward might revert after changing vestingDistributor due to uint underflow. Proof of Concept In LinearDistributor.sol, there is a setVestingDistributor function to update vestingDistributor. And in declareReward, it calculates t...

SwingTraderManager.addSwingTrader will push traderId with active = false to activeTraders

Lines of code Vulnerability details Impact In SwingTraderManager.addSwingTrader, if active = false, the traderId is also pushed to activeTraders. function addSwingTrader uint256 traderId, address swingTrader, bool active, string calldata name external onlyRoleMaltADMINROLE, "Must have admin privs...

Users can't remove liquidity while malt price is below peg defend threshold

Lines of code Vulnerability details Impact The protocol is designed to limit buys while malt price is below peg defend threshold. But it is implemented by blocking any malt token transfer which is originated from the target pool. So it unexpectedly blocks users from removing liquidity too...

Mitigation of M-05: Issue not fully mitigated

Lines of code Vulnerability details Original issue: M-05: early user can call issue and then melt to increase basketsNeeded to supply ratio to its maximum value and then melt won't work and contract contract features like issue won't work Not mitigated - attacker can still manipulate the...

Mitigation of H-02: Issue not fully mitigated

Lines of code Vulnerability details Mitigation of H-02: Issue not fully mitigated Original issue: H-02: Basket range formula is inefficient, leading the protocol to unnecessary haircut Not mitigated - top range can still be too high, leading to unnecessary haircut The applied mitigation follows t...

Incompatibilty of BackingManager with some tokens.

Lines of code Vulnerability details Impact The BackingManager contains a grantRTokenAllowance function which is used to grant token allowances to the RToken contract. function grantRTokenAllowanceIERC20 erc20 external notFrozen requireassetRegistry.isRegisterederc20, "erc20 unregistered"; // ==...

Upgraded Q -> 2 from #154 [1676532286167]

Judge has assessed an item in Issue 154 as 2 risk. The relevant finding follows: Quest.claim can risk gas exhaustion on large receipt claims due to multiple mandatory loops function claim public virtual onlyQuestActive if isPaused revert QuestPaused; uint256 memory tokens =...

RewardsStartTime should be reset when decreaseAVAXAssigned is called

Lines of code Vulnerability details Impact Proof of Concept The fix for M-19 is to get rid of the miniCount code-423n4/2022-12-gogopool-findings235 in calculateAndDistributeRewards function, however, the logic below is added: // check if their rewards time should be reset if...

There is no way to retrieve the rewards from the MultisigManager and rewards are locked in the vault.

Lines of code Vulnerability details C4 issue M-21: Division by zero error can block RewardsPoolstartRewardCycle if all multisig wallet are disabled. Comments The protocol provides an external function startRewardsCycle so that anyone can start a new reward cycle if necessary. Before mitigation,...

Mitigation Confirmed for Mitigation of H-06 Issue mitigated

C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...

MiniPool.Count state is not fully cleaned up

Lines of code Vulnerability details Impact MiniCount state is not fully cleaned up Proof of Concept According to the PR that aims to address M-19 code-423n4/2022-12-gogopool-findings235 We removed minipool count entirely, in favor of the new AVAXValidating variable that tracks the amount of AVAX...

amountAvailableForStaking() not fully utilized with compoundedAvaxNodeOpAmt easily forfeited

Lines of code Vulnerability details Impact The mitigated step is implemented at the expense of economic loss to both the node operators and the liquid stakers if compoundedAvaxNodeOpAmt ggAVAX.amountAvailableForStaking after all due to situations like liquid stakers have been actively calling...

Deficiency of slashed GGP amount should be made up from node operator's AVAX

Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...