The pledge creators can't withdraw unused funds after the pledge is expired in the pause mode.

Lines of code Vulnerability details Impact Currently, the pledge creators can't do anything after the protocol is paused. So they can't withdraw their unused funds after the pledge is expired in the pause mode and the funds will be locked in the contract. Proof of Concept As we can see from...

Divide before multiply

Lines of code Vulnerability details division before multiply Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Proof of Concept In general, this is a problem due to precision. In this case, it also affect...

Liquidator is paid too much

Lines of code Vulnerability details Impact Liquidator is paid 1 + liquidationIncentive repaidDebt, instead of liquidationIncentive repaidDebt. Proof of Concept liquidatorReward is currently calculated in Market.liquidate as follows: uint liquidatorReward = repaidDebt 1 ether / price;...

No access control INVEscrow.onDeposit() --> infinite balance xINV.

Lines of code Vulnerability details Impact No access control on INVEscrow.onDeposityou can call recursively the function to artificially increase your xINV balance. Proof of Concept Any user with a non null balance on its escrow can call the function infinitely to mint xINV tokens via...

The decimal calculation is wrong for tokens with decimals < 18, it will highly inflate the price.

Lines of code Vulnerability details Impact The decimal calculation is wrong for tokens with decimals 18, it will highly inflate the price. Every function that uses oracle price such as borrow and liquidation will be wrong for tokens with decimals 18. Proof of Concept uint8 decimals = 36 -...

Transfer from does not make check for allowance size

Lines of code Vulnerability details Impact Transfer from does not make check for allowance size Proof of Concept Tools Used Static analytics Recommended Mitigation Steps Add check to be sure that currentAllowance = amount is true --- The text was updated successfully, but these errors were...

Oracle's getPrice() returns the wrong price in certain combinations of oracle feed and token decimals

Lines of code Vulnerability details Impact The oracle's getPrice returns a price that is off by several orders of magnitued depending of the combination of decimals for the Chainlink's pricefeed and underlaying token's pricefeed Actually it based on the decimals set when adding the feed tot he...

users can mint infinite tokens xINV

Lines of code Vulnerability details Impact i not very clearly if this work how you want but i think that not is good taht a user can mint tokens infinitos hence i mark it high risk Proof of Concept with just have 1 token in the contract uint invBalance = token.balanceOfaddressthis; allows mint...

No access control for initialize in diamondinit

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The initialize function has no access control and thus a malicious user can call it an rest all the the parameters of the system. Proof of Concept Provide direct links to all referenced code in GitHub...

Arbitrary user can prevent withdrawals on any users through liquidation

Lines of code Vulnerability details Impact The function liquidate is a public function that handles the repayment of debt and provides a reward for users who call this function. Any user can be liquidated if they have debt outstanding. A user incurs debt if they borrow from the market, based on a...

## gov role can affect the whole functioning of the Market

Lines of code Vulnerability details gov role can affect the whole functioning of the Market Impact There are many functions that can only be triggered by onlyGov role, this means losing it will be harmful for the functioning of the system. So basically in Market.sol we find functions affecting th...

Oracle.sol uses deprecated Chainlink API latestAnswer()

Lines of code Vulnerability details Impact Oracle.sol cannot obtain prices from Chainlink feed. Proof of Concept Oracle.sol uses deprecated latestAnswer at This may not return a value as the function is deprecated. Tools Used Code inspection Recommended Mitigation Steps Use latestRoundData --- Th...

Calling repay function sends less DOLA to Market contract when forceReplenish function is not called while it could be called

Lines of code Vulnerability details Impact When a user incurs a DBR deficit, a replenisher can call the forceReplenish function to force the user to replenish DBR. However, there is no guarantee that the forceReplenish function will always be called. When the forceReplenish function is not called...

If transferring DBR after borrowing DOLA in same transaction, DBR amount that is used already for borrowing DOLA can still be shared to allow users who do not own DBR to borrow DOLA

Lines of code Vulnerability details Impact Although my other finding named "DOLA can be borrowed without owning any DBR" indicates that users who do not own any DBR can still borrow DOLA, the design still appears to only allow the DBR owners to borrow DOLA; this is confirmed by , which states tha...

Chainlink latestAnswer is deprecated

Lines of code Vulnerability details Impact Since Chainlink latestAnswer is deprecated, use latestRoundData instead. Since it is deprecated, there is chance of Chainlink to stop supporting this function. Proof of Concept uint price = feedstoken.feed.latestAnswer; Tools Used Manual Analysis...

replenishmentPriceBps can be set arbitrarily high by the operator

Lines of code Vulnerability details Impact The operator can increase the debt of a user with any deficit, beyond what is reasonable. Proof of Concept replenishmentPriceBps can be set arbitrarily high by the operator: function setReplenishmentPriceBpsuint newReplenishmentPriceBps public onlyOperat...

Admin can set very low or very high value for setting fees & collateral factor in Market.sol resulting in value loss and/or DoS

Lines of code Vulnerability details Proof of Concept The contract’s admin has control to set values in setCollateralFactorBps, setLiquidationFactorBps, setReplenismentIncentiveBps, setLiquidationIncentiveBps, setLiquidationFeeBps. All of them have upper bounds, most of them have lower bounds, but...

Misleading code in BorrowController including no validation of the amounts to be borrowed.

Lines of code Vulnerability details Impact BorrowController contract checks if any contract is in the borrow list. However, due to the use of msg.sender == tx.origin statement, it returns true for the EOA addresses. It's also observed that any amount of borrowing is acceptable by the...

If a market with a collateral that has feedDecimals + tokenDecimals > 36 is added it won’t be functional

Lines of code Vulnerability details Proof of Concept Chainlink price feeds usually have 18 decimals, but this is not guaranteed. Also tokens usually have 18 decimals or less but this is also not the case for 100% of widely used tokens YAM-v2 has 24. So the normal use case is when both the feed an...

Front-running approve function

Lines of code Vulnerability details Description There is approve function in a DolaBorrowingRights. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls the approve or permit function. Then, Bob can front-run the transaction by spending the 10 tokens and getting...

Wrong logic at Fed.resign()

Lines of code Vulnerability details Impact The Fed contract has resign function which sets the chair address to address0. The NATSPEC states that this function is useful for immediately removing chair powers in case of a wallet compromise. Since the chair wallet is a multisig wallet, in the event...

A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.

Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...

Consideration of tokens with decimals higher than 18

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check the decimals of the feedDecimals answer by calling feed.decimals and calculate the price by 36 - feedDecimals -...

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

Deprecated ChainLink API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept function latestAnswer externa...

SimpleERC20Escrow's initialize() can be frontrun

Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...

It is really dangerous to borrow to your full credit limit

Lines of code Vulnerability details Impact If a borrower borrows to their max credit limit even the smallest price decrease could get them liquidated. Causing them a loss of collateral. Proof of Concept function testBorrowfullCreditAmount public gibWethuser, wethTestAmount; gibDBRuser,...

Owner can steal all the rewards token from the WardenPledge.sol smart contract and break the internal accounting

Lines of code Vulnerability details Impact The owner of the WardenPledge.sol smart contract can steal all the reward tokens from the contract and break the internal accounting. With the recoverERC20 function, the owner can transfer to him/herself the whole balance of the token. The check at L654...

1-phase governor changing in Fed

Lines of code Vulnerability details Impact Mistake in calling this function setting 0-address or just wrong address will lead to full control loosing Tools Used vs code Recommended Mitigation Steps Do 2-phase changing like in DolaBorrowingRights.setPendingOperator and...

INVEscrow.onDeposit() can be called many times by any user

Lines of code Vulnerability details Impact In INVEscrow.onDeposit there is not sender checks And no checks if xINV was already minted So anyone can call it many times and mint unlimited count of xINV Tools Used vs code Recommended Mitigation Steps Add check requiremsg.sender == beneficiary --- Th...

Liquidatin function does not consider cases where the liquidate user does not have enough collateral to pay.

Lines of code Vulnerability details Impact Liquidatin function does not consider cases where the liquidate user does not have enough collateral to pay. Proof of Concept The problem is the paid collateral in determined by repaiddebt: I ingnored decimals for simplifcation of the formulas I'm gonna...

Decimals are computed in the wrong way if the collateral token doesn't have 18 decimals

Lines of code Vulnerability details Impact Huge accounting errors and losses for borrowers and liquidators if a collateral token with a non-18 decimal value is used. The oracle contract won't always return prices in 18 decimals. Proof of Concept The oracle returns the price in a normalized way...

Fees charged from entire theoretical pledge amount instead of actual pledge amount

Lines of code Vulnerability details Description Paladin receives a 5% cut from Boost purchases, as documented on the website "Warden takes a 5% fee on Boost purchases, and 5% on Quest incentives. However, there are various pricing tiers for Quest creators. Contact the Paladin team for more info."...

DBR can be reused between multiple debtor accounts

Lines of code Vulnerability details Impact A borrower can reuse DBR between various accounts. When a user attempts to call forceReplenish, the borrower will transfer the held DBR to the targeted account. In theory, a borrower can have infinite accounts in DBR debt but enough DBR on a single accou...

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...

Using a non-18 decimals token as collateral (for ex. USDT) in a Market will result in multiple value losing situations

Lines of code Vulnerability details Proof of Concept In multiple places in the code, when doing calculations with both debt and price of collateral there is a multiplication by 1e18 - 1 ether. We have the following calculations: uint minimumCollateral = debt 1 ether /...

In DBR.sol when burning dueTokensAccrued is not decrased

Lines of code Vulnerability details Impact When burning we should also decrease the dueTokensAccrued balance as there is no other way to decrease it, and it makes sense that repaying the DBR should reduce the token debt. Proof of Concept The dueTokensAccrued can only increase l.288, while when...

Repayment/Burn of due tokens is not enforced

Lines of code Vulnerability details Impact Repayment/burning of due DBR tokens is currently not enforced, which enables a user to simply switch addresses to extend their borrowing duration, which eventually leads to almost 0% interest paid if performed repeatedly, breaking one of the core...

Can steal Fed contract's DOLA balance

Lines of code Vulnerability details Description Due to lack of protection control, it is possible to steal Fed contract's DOLA balance by using a malicious attackerMarket contract by callingFedtakeProfit public function. function takeProfitIMarket market public uint profit = getProfitmarket;...

# [KB123-M-1]. return(timestamp / WEEK) * WEEK; is in seconds instead of weeks.

Lines of code Vulnerability details Medium Report KB123-M-1. returntimestamp / WEEK WEEK; is in seconds instead of weeks. Vulnerability details Impact return timestamp / WEEK WEEK; is in seconds Rounded by seconds in 1 week instead of weeks Causing timestamp logic to be broken POC Epoch timestamp...

Owner can bypass ERC20 recovery restrictions and take all rewards

Lines of code Vulnerability details Impact There is a function that is intended to be used to recover ERC20 tokens that were sent to the WardenPledge contract by accident. The function is only usable by the owner and contains a check that no tokens can be taken which are currently whitelisted as...

no interest calculation charging & lp provider reward in market contract

Lines of code Vulnerability details Impact there is no accrued interest charging for the borrower' debt, borrower at the same time cannot decrease their accured interestthis bug's detail is present in my previous finding, and there is also no reward for those lp provider who deposit their token i...

Voting Power double count when the pledge.receiver delegates to their own pledge.

Lines of code Vulnerability details Impact When a pledge is created via the createPledge function, the pledge creator is allowed to select the receiver address which will receive the boost delegation. Additionally, targetVotes parametr is selected which is the maximum target of votes the receiver...

forceReplenish(),borrowInternal() do not judge dola balances in contracts

Lines of code Vulnerability details Impact lender can call recall to transfer amout amount of dola tokens, so it is likely that lender will transfer most of market's funds function recalluint amount public requiremsg.sender == lender, "Only lender can recall"; dola.transfermsg.sender, amount; If...

targetVotes can never be reached by pledge creators

Lines of code Vulnerability details Impact When creating a pledge via the createPledge function, creators are required to input their targetVotes which is the maximum target of votes to have including their own balances plus delegation. However, in the pledge function, there is a check to ensure...

Incorrect implementation of extendPledge()

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The extendPledge function is not correctly implemented because even though the duration is extended, no changes are made to existing delegates who boost to this pledge. A few things need to change: 1 th...

_pledge function has mathematical calculation error

Lines of code Vulnerability details Impact the mathematical formula is incorrect, which will lead to protocol insolvency Proof of Concept the original code is : uint256 slope = amount / boostDuration; uint256 bias = slope boostDuration; // Rewards are set in the Pledge as reward/veToken/sec // To...

No accured interest charge and decrese operation in DBR

Lines of code Vulnerability details Impact although DBR record the accured interest when it increasing, but there is no other operation on it, so if a user borrowed from the protocol, there is no interest chargement of it, and on top of that, the deficitOf function represent the user's debt...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...

rewardAmount and totalRewardAmount break 18 decimals logic by / UNIT

Lines of code Vulnerability details Impact This leads to wrong calculation in rewardAmount for users who will only receive their rewards 18 times less than the actual amount due to / UINT feeAmount are also affected which leads to loss for the protocol Proof of Concept Tools Used Manual Recommend...