Allowing multiple checkpoints in a single block can be abused to increase voting power on select proposals

Lines of code Vulnerability details Impact Votes can be multiplied allowing for governance attacks Proof of Concept // Get the pointer to store the checkpoint Checkpoint storage checkpoint = checkpointsaccountid; // Record the updated voting weight and current time checkpoint.votes =...

ERC721Votes.sol checkpoints' timestamp is not unique, which leads to manipulation of the amount of votes

Lines of code Vulnerability details Impact getPastVotes uses the binary search algorithm, which returns the result if it encounters the same timestamp, and since timestamps are not unique in the array The number of votes can be controlled by adding checkpoints to locate any one of the same...

Proposal can be executed unlimited number of times

Lines of code Vulnerability details There is no executed flag for the proposals, so one can be executed an arbitrary number of times. This will have critical impact, for example a proposal to send out 10 ETH can be run 10 times, transferring 100 ETH. Apart from the malicious Owner case, this also...

createBid call front-running

Lines of code Vulnerability details Description There is createBid function in the Auction contract. The function accept the tokenId, which does not contain any information about the token itself. As a result, transactions of users can be front-runned to enforce user make a bid for the token with...

The voting power cannot be returned deterministically, if there are multiple checkpoints sharing the same timestamp

Lines of code Vulnerability details Impact Specifically, when writing a checkpoint, the code does not check whether the latest checkpoint is also in the current block. Consider a user makes multiple times of token transfer, the ERC721Votes contract will record multiple checkpoints with the same...

Potential of underflow on _moveDelegateVotes()

Lines of code Vulnerability details Impact Attacker could get typeuint192.max of voting weight So he can create a proposal to withdraw an amount from the Treasury.sol and he can pass the proposalThreshold with no need to anyone Proof of Concept 1- Attacker buy one NFT and transfer it to addr1 2-...

Its possible to underflow votes using delegate and delegateBySig on ERC721Votes.sol

Lines of code Vulnerability details Impact Is possible to generate an underflow on ERC721Votes.solL216 mainly because its wrapped in an unchecked bracked. prevTotalVotes could be lower than amount so this will generate and underflow; writeCheckpointfrom, nCheckpoints, prevTotalVotes, prevTotalVot...

Users can grief the auction and win it

Lines of code Vulnerability details Impact Users can grief the auction and win it anytime. Proof of Concept A malicious actor who create bids through his/her smart contract can grief the Auction.sol's createBid function. Let's say that the attacker's contract has a fallback function that griefs t...

Use can get unlimited votes

Lines of code Vulnerability details Impact aftertokenTransfer in ERC721Votes transfers votes between user addresses instead of the delegated addresses, so a user can cause overflow in moveDelegates and get unlimited votes Proof of Concept function afterTokenTransfer address from, address to,...

ERC721Votes: Token owners can double voting power through self delegation

Lines of code Vulnerability details The owner of one or many ERC721Votes tokens can double their voting power once and only once by delegating to their own address as their first delegation. Scenario This exploit relies on the initial default value of the delegation mapping in ERC721Votes, which ...

User can steal their delegate's votes by receiving new tokens and redelegating

Lines of code Vulnerability details Impact A user is able to steal all the votes of any other user by delegating to them, accumulating additional NFTs to increase balance without increasing delegated votes, and then moving their delegates which is performed based on their balance. Proof of Concep...

Overflow on _moveDelegateVotes function

Lines of code Vulnerability details Impact A malicious actor can overflow his number of votes Proof of Concept 0. Alice and Kane each have an NFT token 1. Alice uses delegate function to delegate the vote to Kane 2. Kane uses transferFrom to transfer his token to the address Alice 3. Alice uses...

User can generate unlimited votes through faulty transfer logic

Lines of code Vulnerability details Impact When tokens are transferred from one user to another, votes should be moved from the delegatee of the sender to the delegatee of the receiver. Instead, they are transferred from the sender to the receiver. Because the moveDelegateVotes function is...

Malicious pausing the contract

Lines of code Vulnerability details Vulnerability details Description There is a function createAuction in Auction contract. It consist the following logic: /// @dev Creates an auction for the next token function createAuction private // Get the next token available for bidding try token.mint...

baseTokenId variable calculation

Lines of code Vulnerability details Description There is addFounders function in the Token contract. There is the following loop: // Used to store the base token id the founder will recieve uint256 baseTokenId; // For each token to vest: for uint256 j; j founderPct; ++j // Get the available token...

Founders may not receive their vesting allocations

Lines of code Vulnerability details Impact In addFounders the vesting allocations are distributed among the first one hundred nouns according to their ownership percentage. These first one hundred represent the token ID:s modulo 100 that should be minted to the nounders, which is how it is...

Contracts that lock Ether

Lines of code Vulnerability details Impact When receive function, hasn't a revert all ethers send contracts will be locked forever. Proof of Concept Bob send ether to contract, funds were locked forever and Bob lost money. Tools Used manually Recommended Mitigation Steps Remove the payable...

founderPct variable cast

Lines of code Vulnerability details Description There is a function addFounders in Token contract. It accepts array of FounderParams as an input. For each of founders it uses founderPct as an variable to store percent ownership for such founder. It is unsafe to cast it to from uint256 to uint8 in...

Adversary can gain Infinite voting power due to integer overflow

Lines of code Vulnerability details Impact Specifically, ERC721Votes enables users to delegate their voting power to others. Note that when delegating the voting power, the actual token balance will not change. On the other hand, when transferring tokens, the voting power transfers accordingly:...

Attacker can gain more voting power

Lines of code Vulnerability details Impact An attacker can gain more voting power at a low cost Proof of Concept When voting, voting power is taken from the snapshot at the same block as the proposal was created. The attacker can monitor mempool and borrow NFTs just in time when proposal is made...

NFT could be locked in settlement

Lines of code Vulnerability details Impact transferFrom is used to transfer NFT in settlement. If the receiver is a contract without appropriate way to handle the NFT, the NFT might be locked in there and non retrievable. Proof of Concept There is no check if the receiver can deal with NFT if it ...

Users retain votes from their delegated tokens

Lines of code Vulnerability details Impact When a user has undelegated tokens and delegates them to another user, the owner retains all votes for their tokens, while the delegatee also gains those votes. By chaining this attack together, this could allow a user to generate unlimited votes, taking...

Potential of token lost permanently when highest bid is made by a Contract

Lines of code Vulnerability details Impact When auction is happening, there is no checks on who can participate to createBid. In order to work well, contract need to confirm that the Bidder is capable of receiving ERC721 or else their token may be permanently lost. After a bidder decided to be th...

# _safeMint() should be used rather than _mint() wherever possible

Lines of code Vulnerability details safeMint should be used rather than mint wherever possible Impact In Token.sol.sol, eventually it is called ERC721 mint. Calling mint this way does not ensure that the receiver of the NFT is able to accept them, making possible to lose them. safeMint should be...

Use safeTransfer to send ERC721 tokens

Lines of code Vulnerability details Impact Winner of the auction can lose his NFT Proof of Concept When you settle and auction you transfer the NFT using transferFrom token.transferFromaddressthis, auction.highestBidder, auction.tokenId; Maybe this is just an intended behaviour and is the...

Users could keep increasing the voting weight just by one NFT

Lines of code Vulnerability details Impact With only one NFT the user can keep increasing the voting weight on different addresses Proof of Concept 1- let’s say Alice has one NFT 2- he delegate to Bob 3- Alice invoke transferFrom to Richard 4- Richard invoke delegate to Bob So now Bob has two...

Auction.sol : Treasury(payable) typecasting is missed before setting the treasury address

Lines of code Vulnerability details Impact The contract address will not be set with relevant properties, like payable and contract type. Proof of Concept Auction.solL79 : settings.treasury = treasury; Whereas, in Governor.sol, it is set properly. refer the line, Governor.solL74 : settings.treasu...

Initial spam of proposals

Lines of code Vulnerability details Impact In the initial phase, when not many tokens are minted, a malicious actor can start submitting proposals and later execute them. E.g. when the first token is minted, this first owner can instantly submit proposals to retrieve all the eth back from the...

Deployment flow doesn't work

Lines of code Vulnerability details Impact The deployment flow is based on the concept that the ZORA team can deploy implementation contracts and users will be able to deploy proxies. However, because manager is immutably set in the implementation contracts, this entire system will not work. Proo...

Tokens with fee on transfer are not supported

Lines of code Vulnerability details Impact There are ERC20 tokens that charge fee for every transfer or transferFrom. If this tokens are unsupported, ensure there is proper documentation about it. Proof of Concept 6 instances in 2 files: contracts/shutdown/fuse/RariMerkleRedeemer.sol...

Deniel of service with block gas limit.

Lines of code Vulnerability details Impact An array of unknown size can lead to Deniel of service with block gas limit. Proof of Concept When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much...

in function redeem() of TribeRedeemer users would receive less funds because of rounding error in division in previewRedeem()

Lines of code Vulnerability details Impact Function previewRedeem in TribeRedeemer has been used to calculate the amounts of tokens the user would receive for what the user transfer as redeemedToken. the user would receive a ratio of token balance of the contract which ratio is equal to amountIn ...

The mint function is missing the minAmountOut control, this will cause the user to lose their funds.

Lines of code Vulnerability details Impact The mint function of the SimpleFeiDaiPSM contract receives DAI from the user, mints the FEI and sends it to the user. amountIn argument ; the amount of DAI received from the user, minAmountOut argument ; requests output for the amount of FEI given to the...

redeem() doesn't support inflationary or deflationary erc20 tokens

Lines of code Vulnerability details Impact A transfer-on-fee token or a deflationary/rebasing token, causes the received amount to be less than the accounted amount. For instance, a deflationary tokens might charge a certain fee for every transfer or transferFrom. TribeRedeemer.sol supports the u...

Exchange rate may stale.

Lines of code Vulnerability details Impact While deploying rarimarkleredeemer the deployer set exchange rate in constractor and this cant be change through any function so, while calculating the preview redeem it may use a difference exchange rate between the actuall ctoken and the exchange rate ...

Redeem fails when DAI is not enough

Lines of code Vulnerability details Impact In SimpleFeiDaiPSM.sol, redeem fails when DAI amount of the contract is less than input FEI amount. But it can succeed if minAmountOut is less than the DAI amount of the contract. Proof of Concept Let us say amountFeiIn DAI amount of SimpleFeiDaiPSM...

There is no time lock mechanism in RariMerkleRedeemer and constructor of RariMerkleRedeemer contract don't check for maximum value for cTokenExchangeRates, if high value have been set by mistake then attacker can withdraw most of baseToken balance of contract immediately

Lines of code Vulnerability details Impact Exchange rates are used to calculate baseToken amounts that are going to be transferred to the user, if exchange rates are set as a very high number by mistake, an attacker can withdraw baseToken balance of the contract. there should be some checks in th...

Can not Claim the second time per Spec requirement

Lines of code Vulnerability details Impact Reading the spec, MerkleReedeemerSpec "The user can claim a configurable amount of each ctoken, or all of them if possible" means, the claim amount can be called multiple times. Meanwhile, in RariMerkleRedeemer.sol, inside the claim function, it requires...

Broken pro-rata formula

Lines of code Vulnerability details Impact The README.md states: Intended to redeem TRIBE from the effective circulating supply in exchange for a pro rata portion of a list of ERC-20 tokens. Users redeeming the same number of shares get different amounts, meaning that if you are late to redeem,...

Missing access control on burnFeiHeld()

Lines of code Vulnerability details Impact The function burnFeiHeld is external, and can be called by everyone. This allows anyone to burn the FEI balance of the contract. This may affect the 1:1 ratio of FEI and DAI of the contract SimpleFeiDaiPSM.sol Proof of Concept Tools Used Manual review...

High Potential Redeem function can not be executed because of revert

Lines of code Vulnerability details Impact Inside TribeRedeemer constructor tokensReceived is initialized, and can't be modified anywhere else. previewRedeem function will check balance of tokensReceived tokens of TribeRedeemer contract, and there is a require statement which guarantees that the...

SimpleFeiDaiPSM contract user can lose DAI funds after having their FEI tokens burned

Lines of code Vulnerability details Impact The FEI token contract contain a burnFrom function which allow the BURNER account to burn a given amount of FEI tokens from an account. When a user transfers DAI to the SimpleFeiDaiPSM contract he get an equivalent amount of FEI tokens in return, those F...

Contract RariMerkleRedeemer: all of cTokens and redundant baseToken will be locked in contract forever.

Lines of code Vulnerability details 2022-09-tribe Contract RariMerkleRedeemer: all of cTokens and redundant baseToken will be locked in contract forever. tags: c4, 2022-09-tribe, high Affected code Impact Contract does not have directly withdraw function for any token, so all of cTokens that...

Contract TribeRedeemer: fund can be locked in contract because contract does not have directly withdraw function

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: fund can be locked in contract because contract does not have directly withdraw function tags: c4, 2022-09-tribe, high Affected code Impact Contract does not have directly withdraw function, so the only way to withdraw...

Contract TribeRedeemer: redeemBase should has setter function

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: redeemBase should has setter function tags: c4, 2022-09-tribe, high Affected code Impact Contract TribeRedeemer doesn't have setter function for redeemBase. So redeemBase can not be adjusted if it is neccesary. Contract wil...

TribeRedeemer has no way of getting the redeemedToken out

Lines of code Vulnerability details Impact TribeRedeemer has no way of getting the redeemedToken out! The tokens in tokensReceived will be sent in exchange for redeemedToken, but then the received redeemedToken are locked forever in the contract. There is no mechanism to take them out! If this is...

TribeRedeemer.reedem assets can be lost in case of malicious token

Lines of code Vulnerability details Impact The function redeemaddress to, uint256 amountIn to calculate the amount of redemption tokens in turn calls In case of a malicious token will always revert: contract BadBadERC20 is ERC20, ERC20Burnable constructor ERC20"BadToken", "BDT" function...

Loss of precision will lock portions of tokens

Lines of code Vulnerability details Impact When the initial balance of a redemption reward token is smaller than the base, small amounts of the token will be rounded down to zero, meaning small-amount users will get nothing for redeeming tokens. Broken accounting means high severity Proof of...

User's cToken could be locked in _claim()

Lines of code Vulnerability details Impact The function claim can only be called 1 time to set the claims amount, but if later the user's balance of the cToken is updated, whether increase of decrease, the functionality of claim and redeem will break. In the case later some cToken is transferred ...

Low precision in exchange rates

Lines of code Vulnerability details Impact When set the cTokenExchangeRates the requiere checks how the rate it's greater than 1e10 Some tokens hace different decimals, like USD Coin who haves 6 decimals This gives the posibility to have a rate lower than 1e10 Proof of Concept baseToken haves 18...