Oracle's getPrice() returns the wrong price in certain combinations of oracle feed and token decimals

Lines of code Vulnerability details Impact The oracle's getPrice returns a price that is off by several orders of magnitued depending of the combination of decimals for the Chainlink's pricefeed and underlaying token's pricefeed Actually it based on the decimals set when adding the feed tot he...

Chainlink latestAnswer is deprecated

Lines of code Vulnerability details Impact Since Chainlink latestAnswer is deprecated, use latestRoundData instead. Since it is deprecated, there is chance of Chainlink to stop supporting this function. Proof of Concept uint price = feedstoken.feed.latestAnswer; Tools Used Manual Analysis...

INVEscrow.onDeposit() can be called many times by any user

Lines of code Vulnerability details Impact In INVEscrow.onDeposit there is not sender checks And no checks if xINV was already minted So anyone can call it many times and mint unlimited count of xINV Tools Used vs code Recommended Mitigation Steps Add check requiremsg.sender == beneficiary --- Th...

Calling repay function sends less DOLA to Market contract when forceReplenish function is not called while it could be called

Lines of code Vulnerability details Impact When a user incurs a DBR deficit, a replenisher can call the forceReplenish function to force the user to replenish DBR. However, there is no guarantee that the forceReplenish function will always be called. When the forceReplenish function is not called...

Owner can steal all the rewards token from the WardenPledge.sol smart contract and break the internal accounting

Lines of code Vulnerability details Impact The owner of the WardenPledge.sol smart contract can steal all the reward tokens from the contract and break the internal accounting. With the recoverERC20 function, the owner can transfer to him/herself the whole balance of the token. The check at L654...

# [KB123-M-1]. return(timestamp / WEEK) * WEEK; is in seconds instead of weeks.

Lines of code Vulnerability details Medium Report KB123-M-1. returntimestamp / WEEK WEEK; is in seconds instead of weeks. Vulnerability details Impact return timestamp / WEEK WEEK; is in seconds Rounded by seconds in 1 week instead of weeks Causing timestamp logic to be broken POC Epoch timestamp...

It is really dangerous to borrow to your full credit limit

Lines of code Vulnerability details Impact If a borrower borrows to their max credit limit even the smallest price decrease could get them liquidated. Causing them a loss of collateral. Proof of Concept function testBorrowfullCreditAmount public gibWethuser, wethTestAmount; gibDBRuser,...

Oracle Price Calculation will Return Wrong Price for Certain Tokens

Lines of code Vulnerability details Impact viewPrice and getPrice functions of Oracle.sol has wrong price calculation implementation and so it will return wrong price for certain tokens. It only works well for tokens that has 18 decimals. This is because of hard-coded "36" in these functions line...

Front-running approve function

Lines of code Vulnerability details Description There is approve function in a DolaBorrowingRights. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls the approve or permit function. Then, Bob can front-run the transaction by spending the 10 tokens and getting...

Misleading code in BorrowController including no validation of the amounts to be borrowed.

Lines of code Vulnerability details Impact BorrowController contract checks if any contract is in the borrow list. However, due to the use of msg.sender == tx.origin statement, it returns true for the EOA addresses. It's also observed that any amount of borrowing is acceptable by the...

Decimals are computed in the wrong way if the collateral token doesn't have 18 decimals

Lines of code Vulnerability details Impact Huge accounting errors and losses for borrowers and liquidators if a collateral token with a non-18 decimal value is used. The oracle contract won't always return prices in 18 decimals. Proof of Concept The oracle returns the price in a normalized way...

The pledge creators can't withdraw unused funds after the pledge is expired in the pause mode.

Lines of code Vulnerability details Impact Currently, the pledge creators can't do anything after the protocol is paused. So they can't withdraw their unused funds after the pledge is expired in the pause mode and the funds will be locked in the contract. Proof of Concept As we can see from...

Wrong reward calculation when reward token's decimals are different than 18

Lines of code Vulnerability details Impact When a user creates a pledge, she can specify the maximum amount of the Total Rewards and the maximum amount of fee amount she is willing to spend. By using the rewardPerVote, the vars.votesDifference and the vars.duration the smart contract calculates...

Votes can be reused

Lines of code Vulnerability details Impact A user can repeatedly call pledge for many Pledges and earn all the different rewards from pledge owners since the votes are not locked up / voting power is not locked up. Proof of Concept User delegates to a Pledge by calling pledge and repeating the...

Pledge creator can increase their pledges' reward per vote without paying in edge cases

Lines of code Vulnerability details Impact Pledge creator can increase their pledges' reward per vote without paying in edge cases. Proof of Concept When pledge creators wants to increase their pledges' reward per vote, they must transfer an additional reward amount and fee: uint256...

The pledge creators might lose all of their funds by recoverERC20().

Lines of code Vulnerability details Impact There is a recoverERC20 function to withdraw ERC20 tokens from the contract. Currently, it checks if the token isn't an active reward token but it can be passed easily if the admin removes the reward token using removeRewardToken. So if the admin removes...

The decimal calculation is wrong for tokens with decimals < 18, it will highly inflate the price.

Lines of code Vulnerability details Impact The decimal calculation is wrong for tokens with decimals 18, it will highly inflate the price. Every function that uses oracle price such as borrow and liquidation will be wrong for tokens with decimals 18. Proof of Concept uint8 decimals = 36 -...

Owner can drain pledged tokens balance with recoverERC20 function

Lines of code Vulnerability details Impact The recoverERC20 function allows the owner to withdraw the ERC20 tokens sent by acceident to the contract but it doesn't allow him to withdraw pldged tokens, the owner though could use the removeRewardToken function to remove a token used currently in a...

Fees charged from entire theoretical pledge amount instead of actual pledge amount

Lines of code Vulnerability details Description Paladin receives a 5% cut from Boost purchases, as documented on the website "Warden takes a 5% fee on Boost purchases, and 5% on Quest incentives. However, there are various pricing tiers for Quest creators. Contact the Paladin team for more info."...

Owner can bypass ERC20 recovery restrictions and take all rewards

Lines of code Vulnerability details Impact There is a function that is intended to be used to recover ERC20 tokens that were sent to the WardenPledge contract by accident. The function is only usable by the owner and contains a check that no tokens can be taken which are currently whitelisted as...

Malicious owner can steal reward tokens

Lines of code Vulnerability details The recoverERC20 function allows the contract owner to transfer arbitrary ERC20 tokens owned by the WardenPledge contract in order to recover tokens sent by mistake to the contract. In order to protect against withdrawal of deposited reward tokens, it includes ...

If a market with a collateral that has feedDecimals + tokenDecimals > 36 is added it won’t be functional

Lines of code Vulnerability details Proof of Concept Chainlink price feeds usually have 18 decimals, but this is not guaranteed. Also tokens usually have 18 decimals or less but this is also not the case for 100% of widely used tokens YAM-v2 has 24. So the normal use case is when both the feed an...

Rug Vector draining DOLA token

Lines of code Vulnerability details Impact Market.sol contract contains a rug vector in plain sight, the recall function. If Market.sol contract's DOLA token is being drained by lender, then any of borrow or replenish function will reverted because no DOLA token exist. Even though this is not...

Arbitrary user can prevent withdrawals on any users through liquidation

Lines of code Vulnerability details Impact The function liquidate is a public function that handles the repayment of debt and provides a reward for users who call this function. Any user can be liquidated if they have debt outstanding. A user incurs debt if they borrow from the market, based on a...

A single point of failure is not acceptable for this project

Lines of code Vulnerability details Impact The pause function on WardenPledge.sol has a single point of failure and onlyOwner can stop all project. Owner is not behind a multisig and changes are not behind a timelock.This information hasnt got in documents Even if protocol admins/developers are n...

Wrong logic at Fed.resign()

Lines of code Vulnerability details Impact The Fed contract has resign function which sets the chair address to address0. The NATSPEC states that this function is useful for immediately removing chair powers in case of a wallet compromise. Since the chair wallet is a multisig wallet, in the event...

In DBR.sol when burning dueTokensAccrued is not decrased

Lines of code Vulnerability details Impact When burning we should also decrease the dueTokensAccrued balance as there is no other way to decrease it, and it makes sense that repaying the DBR should reduce the token debt. Proof of Concept The dueTokensAccrued can only increase l.288, while when...

Consideration of tokens with decimals higher than 18

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check the decimals of the feedDecimals answer by calling feed.decimals and calculate the price by 36 - feedDecimals -...

Repayment/Burn of due tokens is not enforced

Lines of code Vulnerability details Impact Repayment/burning of due DBR tokens is currently not enforced, which enables a user to simply switch addresses to extend their borrowing duration, which eventually leads to almost 0% interest paid if performed repeatedly, breaking one of the core...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed. However, the received data is not validated/checked for freshness and round completeness. This might cause the price to be stale and it can lead t...

Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount

Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...

Using a non-18 decimals token as collateral (for ex. USDT) in a Market will result in multiple value losing situations

Lines of code Vulnerability details Proof of Concept In multiple places in the code, when doing calculations with both debt and price of collateral there is a multiplication by 1e18 - 1 ether. We have the following calculations: uint minimumCollateral = debt 1 ether /...

users can mint infinite tokens xINV

Lines of code Vulnerability details Impact i not very clearly if this work how you want but i think that not is good taht a user can mint tokens infinitos hence i mark it high risk Proof of Concept with just have 1 token in the contract uint invBalance = token.balanceOfaddressthis; allows mint...

Liquidator is paid too much

Lines of code Vulnerability details Impact Liquidator is paid 1 + liquidationIncentive repaidDebt, instead of liquidationIncentive repaidDebt. Proof of Concept liquidatorReward is currently calculated in Market.liquidate as follows: uint liquidatorReward = repaidDebt 1 ether / price;...

Pausing WardenPledge contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling closePledge or retrievePledgeRewards function

Lines of code Vulnerability details Impact The owner of the WardenPledge contract is able to call the pause function to pause this contract. When the WardenPledge contract is paused, calling the closePledge or retrievePledgeRewards function that uses the whenNotPaused modifier reverts, and the...

Timelock Contract should be used to avoid malicious governance

Lines of code Vulnerability details Impact Governance of Market.sol can call following function at anytime. This is not ideal since they can call this function for their own benefits. For example they can change liquidationFactorBps to gain more liquidationFee. They can change collateralFactorBps...

DOLA can be borrowed without owning any DBR

Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...

Admin can rug

Lines of code Vulnerability details Impact Admin can rug all of the contract's funds Proof of Concept The function recoverERC20 is only callable by the owner and its goal is: @notice Recovers ERC2O tokens sent by mistake to the contract. The call fails if minAmountRewardTokentoken != 0 , which is...

Oracle.sol uses deprecated Chainlink API latestAnswer()

Lines of code Vulnerability details Impact Oracle.sol cannot obtain prices from Chainlink feed. Proof of Concept Oracle.sol uses deprecated latestAnswer at This may not return a value as the function is deprecated. Tools Used Code inspection Recommended Mitigation Steps Use latestRoundData --- Th...

If tokenDecimals isn’t 18, “viewPrice” and “getPrice” return unexpected price.

Lines of code Vulnerability details Impact If tokenDecimals is 18, viewPrice and getPrice return the price with decimal 18 and Market.sol catches the price and calculate expectedly. But if tokenDecimals isn’t 18, e.g. 6, they return the price with decimal 30 and Market.sol calculates wrong...

[M1] Owner can steal any createdPledge's tokens

Lines of code Vulnerability details Impact Malicious owner can steal any created pledge even to drain the whole contract Proof of Concept Functions like recoverERC20 are good to recover tokens accidentally transferred to a contract. The common approach for these function is to exclude real tokens...

targetVotes can never be reached by pledge creators

Lines of code Vulnerability details Impact When creating a pledge via the createPledge function, creators are required to input their targetVotes which is the maximum target of votes to have including their own balances plus delegation. However, in the pledge function, there is a check to ensure...

rewardAmount and totalRewardAmount break 18 decimals logic by / UNIT

Lines of code Vulnerability details Impact This leads to wrong calculation in rewardAmount for users who will only receive their rewards 18 times less than the actual amount due to / UINT feeAmount are also affected which leads to loss for the protocol Proof of Concept Tools Used Manual Recommend...

Interference exploit among multiple pledges.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no guarantee that each server has only one pledge, when such scenario appears, vars.votesDifference will be calculated incorrectly and all other calculations will be wrong. Proof of Concept...

_pledge function has mathematical calculation error

Lines of code Vulnerability details Impact the mathematical formula is incorrect, which will lead to protocol insolvency Proof of Concept the original code is : uint256 slope = amount / boostDuration; uint256 bias = slope boostDuration; // Rewards are set in the Pledge as reward/veToken/sec // To...

Voting Power double count when the pledge.receiver delegates to their own pledge.

Lines of code Vulnerability details Impact When a pledge is created via the createPledge function, the pledge creator is allowed to select the receiver address which will receive the boost delegation. Additionally, targetVotes parametr is selected which is the maximum target of votes the receiver...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...

forceReplenish(),borrowInternal() do not judge dola balances in contracts

Lines of code Vulnerability details Impact lender can call recall to transfer amout amount of dola tokens, so it is likely that lender will transfer most of market's funds function recalluint amount public requiremsg.sender == lender, "Only lender can recall"; dola.transfermsg.sender, amount; If...

no interest calculation charging & lp provider reward in market contract

Lines of code Vulnerability details Impact there is no accrued interest charging for the borrower' debt, borrower at the same time cannot decrease their accured interestthis bug's detail is present in my previous finding, and there is also no reward for those lp provider who deposit their token i...

No accured interest charge and decrese operation in DBR

Lines of code Vulnerability details Impact although DBR record the accured interest when it increasing, but there is no other operation on it, so if a user borrowed from the protocol, there is no interest chargement of it, and on top of that, the deficitOf function represent the user's debt...