External Calls inside loops of _multiRedeem & redeem function may cause Denial of Service

Lines of code Vulnerability details Impact Calls inside loops that may address DoS. Proof of Concept Calls to external contracts inside a loop are dangerous especially if the loop index can be user-controlled because it could lead to DoS if one of the calls reverts or execution runs out of gas...

Lack of Access Control on burnFeiHeld() function.

Lines of code Vulnerability details Impact: The burnFeiHeld has external visibility modifier. There is no access control on burnFeiHeld function in SimpleFeiDaiPSM.sol contract. Any external user can burn FEI on this contract. function burnFeiHeld external uint256 feiBalance =...

Calls inside loops that may address DoS/Griefing

Lines of code Vulnerability details Calls inside loops that may address DoS/Griefing Description Calls to external contracts inside a loop are dangerous especially if the loop index can be user-controlled because it could lead to DoS if one of the calls reverts or execution runs out of gas...

redeem WIll Fail If There Is One tokenReceived Has Zero Balance

Lines of code Vulnerability details Impact redeem will always revert if there is one token received has zero balance, and user will not able redeem their token. So the token will lock in that contract. Proof of Concept Suppose, user A wants to redeem the token P, Q, R, so user A will call redeem...

redeem FUNCTION COULD REVERT DUE TO UNDERFLOW

Lines of code Vulnerability details Impact User will not able to redeem the token, because the function will revert due to no check for redeemBase. Proof of Concept User will call redeem function with to and amountIn parameter. There is decrement for the base variable inside the function. Since...

Contract TribeRedeemer: function previewRedeem() might unable to be called forever because of devide by 0

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: function previewRedeem might unable to be called forever because of devide by 0 tags: c4, 2022-09-tribe, medium Affected code Impact After redemptions, redeemBase can be 0. Then function previewRedeem always revert when be...

Contract TribeRedeemer: User might not redeem with large amount

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: User might not redeem with large amount tags: c4, 2022-09-tribe, medium Affected code Impact After many redemptions of contract TribeRedeemer, redeemBase will be reduced and might not be still large. Then users can not rede...

Unbounded Loop

Lines of code Vulnerability details 🎨 Category Denial of Service 💥 Impact If the number of tokensReceived gets too big, the transaction's gas cost could exceed the block gas limit and make it impossible to call previewRedeem at all. 📝 Proof of Concept previewRedeem function iterates over all...

DoS with (Unexpected) revert or Gas Limit DoS on a Contract via Unbounded Operations

Lines of code Vulnerability details Impact According to SWC-113, external calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its own transaction that can be...

burnFeiHeld() in SimpleFeiDaiPSM burns FEI balance of contract, which includes FEI received because of redeems and FEI transferred or minted for the contract address. contract should only burn FEI received in redeems. this functionality a backdoor to transfer and burn FEI tokens by this contract.

Lines of code Vulnerability details Impact it's possible to burn FEI tokens without receiving DAI tokens, one can transfer FEI tokens to SimpleFeiDaiPSM contract address and then call burnFeiHeld to burn FEI tokens. this is a backdoor to burn FEI tokens. the contract should only burn FEI tokens...

TribeRedeemer.redeem() might revert for revert-on-zero-value-transfers tokens.

Lines of code Vulnerability details Impact TribeRedeemer.redeem might revert for revert-on-zero-value-transfers tokens. Currently, it doesn't check when the transfer amount is zero and it might revert for some weird tokens. Proof of Concept As we can see here, some ERC20 tokens don't allow to...

Potential DoS in _claim()

Lines of code Vulnerability details Impact An attacker could call claim in an infinite loop to conduct DoS attack. Proof of Concept Here is the implementation of claim: // User provides the the cToken & the amount they should get, and it is verified against the merkle root for that cToken ///...

Function getRedeemAmountOut can't deliver was it should be

Lines of code Vulnerability details Proof of Concept The fn of getRedeemAmountOut can't be deliver the same as it should be eversince it has @params uint256 amountIn and return amountIn which clearly should be amountFeiIn. So the calculate would be deliver wrong value. Tools Used Manual Review...

Wrong exchange rates after some time, because It's not possible to change excahngeRates after contract deployments, the rates can be changed after some times in real life but it's not possible to change rates in contract

Lines of code Vulnerability details Impact exchange rates are used to calculate amounts of baseToken users received for their cTokens, exchange rates are set when contracts get deployed but it's not possible to change them after some time, so users would get the wrong exchange rates after some ti...

TribeRedeemer.redeem function can possibly revert when block gas limit is reached

Lines of code Vulnerability details Impact As the following constructor shows, when constructing the TribeRedeemer contract, the number of tokens in tokensReceived that is used to set tokensReceived is not capped. When the redeem function below is called, tokensReceived, which is essentially toke...

A reverting token transfer will lock all payouts.

Lines of code Vulnerability details Impact A reverting fallback function will lock all payouts. Proof of Concept External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each...

Can easily bypass the require by modifying parameter

Lines of code Vulnerability details Impact User can easily bypass the require code inside redeem function inside SimpleFeiDaiPSM.sol file by modifying the parameter. the requireamountFeiOut = minAmountOut, ... and requireamountOut = minAmountOut, .. statement can be bypassed easily since the two...

FEI Minter can drain SimpleFeiDaiPSM contract DAI balance

Lines of code Vulnerability details Impact The FEI token contract contain a mint function which allow the MINTER to mint a given amount of FEI tokens to any account including his own address. So the Minter can mint to his own account an amount of FEI tokens equivalent to the SimpleFeiDaiPSM...

user fund loss in redeem() of RariMerkleRedeemer, because of division rounding error in previewRedeem() which is used in _redeem() and _multiRedeem()

Lines of code Vulnerability details Impact Because of the division rounding error in calculating baseToken amount, when users tries to redeem, they receive less baseToken for the amount of cToken they transferred to the RariMerkleRedeemer contract. This bug is more critical when cToken is a very...

possbile griefing using replay attack

Lines of code Vulnerability details users who want to user redeem function has to set a value for amountIn this value cant be more than redeemBase , which is set in contract's constructor. the value of redeemBase will decrease in case of a successful call of redeem . while contract's solidity...

Mint function on the simplefeidaiPSM() might DOS

Lines of code Vulnerability details Impact While a user call mint function it imediately mint fei token by supplying DAI and when a user redeem a token the fei will be transfered to this contract without burning the fei token, this could lead DOS if the total supply of the fei token reach the...

User that uses auto compounding solution to auto compound cTokens and smart contracts that hold cTokens can't redeem their cTokens to FEI

Lines of code Vulnerability details Impact You mentioned that "Only EOA addresses will be listed in the merkle nodes, as addresses also need to perform an ECDSA signature on a message to claim the swap." This leaves any contract holding that cToken rugged. Moreover, not only contract Is rugged, b...

It can be Underflow

Lines of code Vulnerability details 🎨 Category Data Validation 💥 Impact If amountIn is greater than redeemBase, this happens underflow and reverting the transaction. 📝 Proof of Concept The value of amountIn can set by users so It can be underflow. e.g redeemBase = 5 redeemaddresstest, 10 This...

Missing access Control to burnFeiHeld function

Lines of code Vulnerability details Impact burnFeiHeld hasn't any owner modifier , so everybody run it Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function burnFeiHeld external uint256...

_claim function vulnerable to cross-chain-replay attacks

Lines of code Vulnerability details If there's a fork, since anyone can call claim, an attacker can monitor the blockchain for calls to claim, and then make the same call with the same arguments on the other chain. Proof of Concept There are no EIP-712 protections in the encoding: bytes32 leafHas...

Unending and Eventually Futile TRIBE Redemption

Lines of code Vulnerability details Impact TRIBE holders can redeem for pro rata share of remaining DAO controlled assets according to TIP-121 proposal. In the light of this, users would rush into redeeming their TRIBE before the balances of each tokensReceived held on this contract run out...

an attacker can take out flash loan and cause users not to be able to redeem their tokens because of undflow or divsion by zero

Lines of code Vulnerability details Impact An attacker can take out a flash loan and cause the state variable redeemBase=1 causing users who call this function to get dosed and since users can't call this function after the attacker makes the reedem function unuseable which can cause funds to be...

Signature replay in RariMerkleRedeemer

Lines of code Vulnerability details Impact It is possible to reuse the signature used in the sign method in different chains or forks. Proof of Concept Neither the signed content nor the signature are associated with the contract DOMAINSEPARATOR. Therefore, both can be repeated in other contracts...

No way to burn or withdraw redeemedToken from TribeRedeemer

Lines of code Vulnerability details Impact There is no way to burn or withdraw redeemedToken, sended to this contract Recommended Mitigation Steps Burn tokens in redeem or add function to withdraw that tokens --- The text was updated successfully, but these errors were encountered: All reactions...

MISSING CHECK OF TOKEN RESULTING IN WRONG ANSWER OF LP TOKEN PRICE

Lines of code Vulnerability details Impact When calculating the LP price, due to the lack of checking of the tokens, if both the token0 and token1 of the pair are not wcanto or note, it will lead to the wrong LP price. Proof of Concept if pair.stable // stable pairs will be priced in terms of Not...

Strict $1 price for stablecoin

Lines of code Vulnerability details Impact Stablecoins price is strictly set to 1, this could result in inaccurate and delayed capture of market price, and serious loss to the pool. When stablecoins such as USDT/USDC crashes, the corresponding lending pool will also be affected and become...

Lack of input array length check in UNSAFE_swapExactTokensForTokens() could lock user's funds

Lines of code Vulnerability details Impact In case the amounts and routes array do not match in length by mistake: the swap might fail the swap could stop early during the swap path user funds could be locked forever in some situations Proof of Concept src/Swap/BaseV1-periphery.sol function...

Division Before Multiplication Can Lead To Precision Loss

Lines of code Vulnerability details Impact There is a division before multiplication bug that exists in getPriceLP. When this occurs the returned TWAP pricing of the LP tokens from pairs will be off. Proof of Concept Consider the following example: a = 100 b = 30 c = 13 function mathuint256 a,...

There is a problem with price calculation using BaseV1Pair._getAmountOut.

Lines of code Vulnerability details Impact Currently, it calculates token price with the amount of decimals here and normalizes using 1e18 after that. There are some irregular tokens with small decimals and the token price might be calculated wrongly. Proof of Concept As we can see here, some...

ATTACKER COULD PREVENT ANY OTHER USERS FROM MINTING SYNTHETIC TOKENS

Lines of code Vulnerability details An attacker can repeatedly call mint followed by burn after depositing some collateral with deposit. If this is appropriately sized and timed, it can cause the mint call to fail for another user due to the check here that is called during mint here. Every time ...

transferFrom() failure in _safeTransferFrom() could drain the pair

Lines of code Vulnerability details Impact For some tokens, tokenCon.transferFrom could fail and return false but not revert. Some malicious user can abuse it the addLiquidity/addLiquidityCANTO function to perform failure transferFrom but still get the liquidity, and later remove liquidity to dra...

Unbounded loop in BaseV1-core.sol could lead to a griefing/DOS attack

Lines of code Vulnerability details Denial Of Service Attack Denial-of-service attacks: Attacks that cause DoS are called DoS attacks. The purpose is to disable the computer or network from providing normal service. Description: As this array can grow quite large, the transaction’s gas cost could...

Should add check for Insufficient allowance

Lines of code Vulnerability details Impact There is not check for Insufficient allowance inside transferFrom method. Proof of Concept Tools Used Code analytics Recommended Mitigation Steps requirecurrentAllowance = amount, "ERC20: insufficient allowance"; --- The text was updated successfully, bu...

Add to Blacklist function

Lines of code Vulnerability details L-2. Add to Blacklist function Description: Cryptocurrency mixing service, Tornado Cash, has been blacklisted in the OFAC. A lot of blockchain companies, token projects, NFT Projects have blacklisted all Ethereum addresses owned by Tornado Cash listed in the US...

Unbounded loop on array can lead to DoS

Lines of code Vulnerability details Description: As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all Actual Codes used: src/Swap/BaseV1-core.sol:96: observations.pushObservationblock.timestamp, 0, 0,0;...

Price can be manipulated by flashloan

Lines of code Vulnerability details Impact The last observation of the TWAP can be manipulated by a flashloan, which thus manipulates the price. Proof of Concept The price calculated in getPriceLP is based on the last 8 observations. As the last observation may be in the current block it is...

Reserves are not updated correctly

Lines of code Vulnerability details Impact Reserves are not updated on calling transfer function when dst is contract itself. This will lead to incorrect calculation of reserve0CumulativeLast and reserve1CumulativeLast which impacts the outcome prices returned by contract Proof of Concept 1. User...

Controlling the ERC20 Token contract from symbol is not secure

Lines of code Vulnerability details Impact BaseV1-periphery.solL491 in the getUnderlyingPrice function , the correctness of the CToken contract received from the instance is done with if compareStringssymbol, "cCANTO" on line BaseV1-periphery.solL490 This is not a safe way, fake contracts similar...

Miscalculation for cUSDT and cUSDC

Lines of code Vulnerability details Impact getUnderlyingPrice stated that it would return the underlying price of the assets as a mantissa scaled by 1e18. However, the arithmetic setup on lines 503 and 507 could result in answers not scaled by 1e18. Proof of Concept 1e18 1e18 / 10 decimals is...

setPeriodSize need check for value range

Lines of code Vulnerability details Impact If periodSize is mistakenly set too small, 0 or a small value, the price oracle might be easier to manipulate. As a consequence, multiple functionality depending on oracle price feed may lose accuracy, and even incur large fund loss. Proof of Concept The...

getUnderlyingPrice returns an incorrect value for cUSDC

Lines of code Vulnerability details BaseV1Router01.getUnderlyingPricecToken returns the price of cToken in $NOTE. As per the docs, the function is designed so that cStable coins USDC, USDT, NOTE have prices that are statically set to 1e18. The issue is that USDC uses 6 decimal places of precision...

No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call

Lines of code Vulnerability details No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call Impact Address wcanto is not being validated. In case of wrong deployment, function swapExactCANTOForTokens will lock ether in a wrong contract. Consideration...

BaseV1Pair - current() is manipulable

Lines of code Vulnerability details Impact The value returned by current isn't really a TWAP and is cheaply manipulable by an attacker. Proof of Concept current compares the currentCumulativePrice and the last observation. But the last observation may only date from a few blocks ago. Imagine the...

Tokens with low trading volumes will have distorted time weighting

Lines of code Vulnerability details Proof of Concept Although the docs talk of time weighted values, the actual processing of values by update,reserves, sampleReserves and sampleSupply weights all observations as equal, regardless of duration. So long as update is being called frequently, this...

Hardcoded cUSDT and cUSDC prices are dangerous to the system when those stablecoins depeg

Lines of code Vulnerability details Proof of Concept function getUnderlyingPriceCToken ctoken external override view returnsuint address underlying; //manual scope to pop symbol off of stack string memory symbol = ctoken.symbol; if compareStringssymbol, "cCANTO" underlying = addresswcanto; return...