totalAssets() can overflow leading to the incorrect pricing of assets

Lines of code Vulnerability details The TurboSafe's totalAssets function is used by ERC4626.previewDeposit, ERC4626.previewMint, ERC4626.previewWithdraw, and ERC4626.previewRedeem. These preview functions are called directly by the non-preview versions and therefore if totalAssets has the wrong...

onSafeSlurp() can be called by anyone on TurboMaster.sol

Lines of code Vulnerability details Impact In TurboMaster.sol the onSafeSlurp function can be called directly by anyone while the logic implies that it should only be called by the slurp function on the TurboSafe.sol contract which performs the required calculations beforehand. When onSafeSlurp i...

[WP-H3] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders DEFAULTADMINROLE of BribeVault to send transactions transferBribes to move funds from BribeVault to RewardDistributor before the users can get rewards from the contract. This introduces a high centralizati...

DEPOSITOR_ROLE can manipulate b.amount value

Lines of code Vulnerability details Impact Malicious DEPOSITORROLE can doing self transfer and manipulate b.amount Proof of Concept In case malicious DEPOSITORROLE inputing WETH address and putting briber == addressthis in safeTransferFrom argument which is self transfering. Therefore, it is...

Zero collection module can be whitelisted and set to a post, which will then revert all collects and mirrors with PublicationDoesNotExist

Lines of code Vulnerability details Impact In case when zero collection module be white listed and then zero collection module set to a post done by different actors, its functionality will be partially broken: every collecting and mirroring of it will be reverted with...

User can collect publication at lesser fees

Lines of code Vulnerability details Impact User will pay lesser Collect Module fees and the difference will be borne by Publication owner. This way Publication owner will always be on loss Attacker can also make this a business in which he can collect victim nft at discounted price and then sell...

NestedFactory.addOperator/removeOperator have no effect until importOperators

Lines of code Vulnerability details Impact addOperator/removeOperator being run alone don't have any effect, as the cache is used in operations, which is only updated when an implementation is added or removed via importOperators. If an operation is added via addOperator, but importOperators isn'...

Wrong logic around areOperatorsImported

Lines of code Vulnerability details Impact The logic related to the areOperatorsImported method is incorrect and can cause an operator not to be updated because the owner thinks it is already updated, and a vulnerable or defective one can be used. Proof of Concept The operators mapping is made up...

Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

Reentrancy in ConcurRewardPool::claimRewards

Lines of code Vulnerability details Impact Any address that has nonzero reward for a token tokensi is able to drain all contact token funds if the transfer function is reentrant for example, ERC777 token. As tokensi is an arbitrarily implemented, a reentrant transfer function can be assumed to be...

Repeated withdrawals from Shelter

Lines of code Vulnerability details Impact function withdraw in Shelter sets claimed flag: claimedtokento = true; but it never actually checks if the user has already claimed, so users can invoke the withdrawal function multiple times and claim more rewards than were entitled. Recommended...

Remaining reward balance is wrongly updated

Lines of code Vulnerability details The ConvexStakingWrapper.calcRewardIntegral function makes the dreward = IERC20reward.token.balanceOfaddressthis; - reward.remaining amount available for claiming. Then it updates the reward.remaining value to the balance before the distribution. RewardType...

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

Lines of code Vulnerability details Impact tl;dr Anyone who can call withdraw to withdraw their own funds can call it repeatedly to withdraw the funds of others. withdraw should only succeed if the user hasn't withdrawn the token already. The shelter can be used for users to withdraw funds in the...

Possible rug #2

Lines of code Vulnerability details Impact The finalize function can be called only by the owner. Thus, if an owner account is lost, unable to send a transaction, or controlled by a bad actor, the contract may not get finalized. Thus the claim function will never be able to succeed and funds will...

[WP-H2] Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders Owner to send transactions finalize to finalize the sale before the buyers can claim the tokenOut from the contract. function finalize external onlyOwner require!finalized, "TokenSale: already finalized";...

Improper Upper Bound Definition On The OnlyOwner Function Variables

Lines of code Vulnerability details Impact During the documentation of the contest, It has been seen that the following comment added. Specific care should be put in: Economic exploits Rug Vectors However, onlyOwner function does not have upper bound definition on the related variables. Values th...

No minOutAmount amount checks when buying

Lines of code Vulnerability details The tokenOutPrice can be changed with the setTokenOutPrice even if the sale is already running. Users might accept the current token price, send a purchase transaction, and before it is mined the token price can be un-intentionally changed. The user might recei...

TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens to sell.

Lines of code Vulnerability details Impact If totalTokenOutBought tokenOut.balanceOfaddressthis the finalize function will forever revert and no-one will be able to claim their bought tokens. Proof of Concept TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens...

Users should be allowed to control accepted tokenOutPrice

Lines of code Vulnerability details Impact Users should be able to control the accepted price. The owner can anytime invoke function setTokenOutPrice and thus change the ratio of token in/out. Users have to trust the owner not to front-run them and make the tokens more expensive. Recommended...

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall

Handle leastwood Vulnerability details Impact As sNOTE have governance voting rights equivalent to the token amount in NOTE, users who stake their NOTE are also able to vote on governance proposals. In the event a majority of NOTE is staked in the sNOTE contract, it doesn't seem likely that stake...

Use of deprecated Chainlink API

Handle defsec Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...

Lack of access control in the parameterize function of proposal contracts

Handle shw Vulnerability details Impact Most of the proposal contracts have a parameterize function for setting the proposal parameters, and these functions are protected only by the notCurrent modifier. When the proposal is proposed through a lodgeProposal transaction, an attacker can front-run...

double transfer

Handle danb Vulnerability details on transferAndCall, the money is transferred twice. Recommended Mitigation Steps remove line 29. --- The text was updated successfully, but these errors were encountered: All reactions...

getVotingPower Is Not Equipped To Handle On-Chain Voting

Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...

Improper Validation Of Chainlink's latestAnswer Function

Handle leastwood Vulnerability details Impact The latestAnswer function does not allow EIP1271Wallet.validateOrder to validate the output of the Chainlink oracle query. As a result, it is possible for off-chain orders to use stale results, potentially allowing the taker of the order to extract mo...

latestAnswer doesn't check if the value is up to date

Handle pauliax Vulnerability details Impact EIP1271Wallet.sol is calling latestAnswer to get the last price: uint256 oraclePrice = toUint AggregatorV2V3InterfacepriceOracle.latestAnswer ; This method will return the last value, but you won’t be able to check if the data is fresh. On the other han...

generateFLNQuote() can be used to prevent migration()

Handle GeekyLumberjack Vulnerability details Impact generateFLNQuote can be used to always cause migrate to revert. Effectively ending one of Behodler's main function's operability. Migration is core to Behodler economics. Proof of Concept 1. Attacker would write a script to call generateFLNQuote...

You can flip governance decisions without extending vote duration

Handle camden Vulnerability details Impact The impact here is that a user can, right at the end of the voting period, flip the decision without triggering the logic to extend the vote duration. The user doesn't even have to be very sophisticated: they can just send one vote in one transaction to ...

Upper limit for set CoolDownTime

Handle Jujic Vulnerability details Impact There is no upper limit for coolDownTimeInSeconds. It may be set too large. Proof of Concept function setCoolDownTimeuint32 coolDownTimeInSeconds external onlyOwner coolDownTimeInSeconds = coolDownTimeInSeconds; emit...

Oracle might return stale or incorrect results (Cvx3CrvOracle.sol)

Handle ye0lde Vulnerability details Impact Oracle might return stale or incorrect results Cvx3CrvOracle.sol The peek function in the contract Cvx3CrvOracle.sol fetches the daiPrice, usdcPrice, usdtPrice from a Chainlink aggregator using the latestRoundData function. If there is a problem with...

addVault and removeVault lack validation of caller address

Handle cccz Vulnerability details Impact The addVault and removeVault functions of the ConvexYieldWrapper contract lack validation of the caller address, allowing anyone to add or remove vaults from other addresses function addVaultbytes12 vaultId external address account =...

Unsecure oracle price

Handle 0x1f8b Vulnerability details Impact The oracle price use an unsecure calculation. Proof of Concept The contract Cvx3CrvOracle use the min price of dai, usdt and usdt instead of the average, so if an attacker is able to compromise the oracle end point, and change one of them, the contract...

Improper Upper Bound Definition on the Fee

Handle Jujic Vulnerability details Impact The rJoePerSec does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. Proof of Concept function updateEmissionRateuint256 rJoePerSec external onlyOwner updatePool; rJoePerSec = rJoePerSec;...

transferFrom return value unchecked

Handle hack3r-0m Vulnerability details createRJLaunchEvent is followed by initialization of launch event, the balance of launch event address is what is supplied by above mentioned safe transfer call According to EIP20, transferFrom returns boolean function transferFromaddress from, address to,...

transferAllowed() function can be called by anyone

Handle jayjonah8 Vulnerability details Impact In ControllerV1.sol the transferAllowed function can be called by anyone and supplied with arbitrary values to manipulate the protocol as if it was the LPool address. This function should only be callable by the LPool as can be seen in the mintAllowed...

Unchecked token transfers are used in LaunchEvent and RocketJoeFactory

Handle hyh Vulnerability details Impact For some ERC20 tokens no revert occurs but false is returned if transfer failed for any reason. If this isn't checked, the system will enter a wrong state with an accounted, but not executed transfer. This effect can pile up, messing the logic altogether...

Add liquidity before phase 3 can force the launch event to stop

Handle WatchPug Vulnerability details function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; require factory.getPairwavaxAddress, tokenAddress == address0 || IJoePair IJoeFactoryfactory.getPairwavaxAddress,...

Uninitialized RocketJoeStaking.lastRewardTimestamp can inflate rJoe supply

Handle cmichel Vulnerability details The RocketJoeStaking.lastRewardTimestamp is initialized to zero. Usually, this does not matter as updatePool is called before the first deposit and when joeSupply = joe.balanceOfaddressthis == 0, it is set to the current time. function updatePool public if...

transfer return value of a general ERC20 is ignored

Handle mics Vulnerability details Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer return value has to be checked as there are some other tokens that returns false instead revert, that...

possibility of minting rJOE tokens before ownership is changed to RocketJoeStaking

Handle hubble Vulnerability details Impact There is a possibility of the rJOE tokens in RocketJoeToken.sol to be minted by original owner without staking any JOE, before the ownership is transferred to RocketJoeStaking Proof of Concept Contract : RocketJoeToken.sol Line : 37 function mintaddress...

Sherlock: Decouple yield strategy with withdrawals

Handle GreyArt Vulnerability details Impact If there are funds remaining in an old strategy, there is only 1 way to claim those funds which is through Sherlock.updateYieldStrategy . It is quite an inconvenience to do this. Recommended Mitigation Steps Create an additional function to allow anyone...

Non-transferable critical privileged role

Handle gzeon Vulnerability details Impact DEPLOYER is a constant in Manager and it is the only role that can call setSherlockCoreAddress to change sherlockCore address. Consider this is a critical function and there might be a need to change the deplorer address in the future e.g. governance...

Attacker can grief initial pool by providing 1 baseToken, 1 quoteToken, and manually transferring 1 baseToken

Handle camden Vulnerability details Impact Read the attack composition below. But the main criteria is that the attacker has to be the first person to provide liquidity. They can at least from my testing permanently grief a pool and make it impossible for any later person to get liquidity tokens,...

calculateLiquidityTokenFees returns zero fee

Handle sirhashalot Vulnerability details Impact The MathLib.sol calculateLiquidityTokenFees function returns a non-zero fee quantity only if rootK rootKLast. The rootK and rootKLast values are calculated from the same values, so this will never occur. This will result in the DAO never receiving a...

Denial-of-service condition: emergency shutdown after pair creation loses contract funds

Handle static Vulnerability details Impact If the owner of the contract set specifically the Factory owner, executes allowEmergencyWithdraw after the pair is created, then the withdraw functions including the emergencyWithdraw will not function and the funds including the liquidity tokens, will b...

Owner can set arbitrary premium which allow nonStakers drain funds

Handle wuwe1 Vulnerability details Impact Owner can set arbitrary premium, this will cause protocol lose all the activeBalance, stakers lose all the claimable premium and nonStakers can drain all the usdc. Proof of Concept setProtocolPremium does not check the value of premium. premium can be...

calculateQuoteTokenQty() Does Not Check Rebase Event May Cause MisPricing

Handle Meta0xNull Vulnerability details Impact // xy=k - we track these internally to compare to actual balances of the ERC20's When Rebase Event Happen, the curve change and affect Pricing for Both Buy & Sell. calculateBaseTokenQty Do Check if Experience Quote Token Decay / a Rebase Down event a...

Reenterancy in _sendSherRewardsToOwner()

Handle kirk-baird Vulnerability details Impact This is a reentrancy vulnerability that would allow the attacker to drain the entire SHER balance of the contract. Note: this attack requires gaining control of execution sher.transfer which will depend on the implementation of the SHER token. Contro...

Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...