Price can be manipulated by flashloan

Lines of code Vulnerability details Impact The last observation of the TWAP can be manipulated by a flashloan, which thus manipulates the price. Proof of Concept The price calculated in getPriceLP is based on the last 8 observations. As the last observation may be in the current block it is...

Stable/non-stable pair creation mistake could be abused

Lines of code Vulnerability details Impact Stable and non-stable pair use different formula to calculate the invariant k. If a non-stable pair is treated as stable, or vice versa. $x^3y+y^3x$ behave quite differently compare with $xy$, on the edge of relative stable price range, price volatility...

Hardcoded prices are subject to be abused

Lines of code Vulnerability details Impact Hardcoded prices are subject to be abused which might address the protocol being drained. Proof of Concept There are 2 possible different issues of the Lending Protocol; 1. The attack surface/risk is not originated directly through the Canto protocol but...

Oracle may be relying on a low reserves pair, which is easy to manipulate

Lines of code Vulnerability details Impact While the observations isn't easy to manipulate, it's still possible to manipulate some of them using an MEV bot and some tokens. In case of a pair with low reserves, the manipulation is going to be cheaper and might be worth for an attacker. Since there...

Add to Blacklist function

Lines of code Vulnerability details L-2. Add to Blacklist function Description: Cryptocurrency mixing service, Tornado Cash, has been blacklisted in the OFAC. A lot of blockchain companies, token projects, NFT Projects have blacklisted all Ethereum addresses owned by Tornado Cash listed in the US...

Dividing before multiplying can cause data loss

Lines of code Vulnerability details Impact Note: I'll use the notation decimals here to represent 10 token.decimals, just like th variable defined in the BaseV1Router.getPriceLP function. In the BaseV1Router.getPriceLP function, the token0 TVL is calculated in terms of NOTE, by multiplying the TV...

Possible division loss during LpPricesCumulative calculation

Lines of code Vulnerability details Impact During the token0TVL calculation, it divides by decimals without multiplying 1e18 first. So there might be division loss and the price might be calculated wrongly. Proof of Concept When we calculate this part, it divides first without multiplying 1e18...

Hardcoded cUSDT and cUSDC prices are dangerous to the system when those stablecoins depeg

Lines of code Vulnerability details Proof of Concept function getUnderlyingPriceCToken ctoken external override view returnsuint address underlying; //manual scope to pop symbol off of stack string memory symbol = ctoken.symbol; if compareStringssymbol, "cCANTO" underlying = addresswcanto; return...

The skim function allows to withdraw tokens for any address

Lines of code Vulnerability details Impact Any address can call the skim function and remove tokens that are in excess of the reserves of those tokens. This would lead to the loss of token 0 and 1. Recommended Mitigation Steps You should have an access control so that only the factory, for exampl...

getUnderlyingPrice returns an incorrect value for cUSDC

Lines of code Vulnerability details BaseV1Router01.getUnderlyingPricecToken returns the price of cToken in $NOTE. As per the docs, the function is designed so that cStable coins USDC, USDT, NOTE have prices that are statically set to 1e18. The issue is that USDC uses 6 decimal places of precision...

Unbounded loop on array can lead to DoS

Lines of code Vulnerability details Description: As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all Actual Codes used: src/Swap/BaseV1-core.sol:96: observations.pushObservationblock.timestamp, 0, 0,0;...

Comparison of tokens

Lines of code Vulnerability details Impact In function named getUnderlyingPrice the BaseV1Router01 contract desides price of the token by comparing tokens' symbol name with predefined constant. By passing custom token attacker can force returned value of getUnderlyingPrice function to be incorrec...

Unbounded loop on array can lead to DoS

Lines of code Vulnerability details Description: As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all a push exist but there's no pop in the solution, that means it will continuously only push which wil...

There is a problem with price calculation using BaseV1Pair._getAmountOut.

Lines of code Vulnerability details Impact Currently, it calculates token price with the amount of decimals here and normalizes using 1e18 after that. There are some irregular tokens with small decimals and the token price might be calculated wrongly. Proof of Concept As we can see here, some...

WHEN PAIR TOKENS ARE ALL NOT NOTE OR WANCTO GETPRICELP（） WILL PRODUCE WRONG LP TOKEN PRICE

Lines of code Vulnerability details Impact If pair tokens all is not wcanto or note ，it will calculate wrong lp price of getPriceLP . Proof of Concept with docs description,Canto Lending Market will allow LP tokens from Canto’s native decentralized exchange to be used as collateral ,and createPai...

Newton's iteration convergence might not converge

Lines of code Vulnerability details Impact In getAmountOut for stable pair, Newton's method is used, however there is no check for the solution convergence. The numerical stability for Newton's method only applies to initial value close enough to the real solution. If the iteration fail to...

Lack of input array length check in UNSAFE_swapExactTokensForTokens() could lock user's funds

Lines of code Vulnerability details Impact In case the amounts and routes array do not match in length by mistake: the swap might fail the swap could stop early during the swap path user funds could be locked forever in some situations Proof of Concept src/Swap/BaseV1-periphery.sol function...

State variables written after the call

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The external function burn updates state variables balance0 and balance1 after safeTransfer has been called. This could potentially be exploited as an attacker could call the burn function multiple time...

MISSING CHECK OF TOKEN RESULTING IN WRONG ANSWER OF LP TOKEN PRICE

Lines of code Vulnerability details Impact When calculating the LP price, due to the lack of checking of the tokens, if both the token0 and token1 of the pair are not wcanto or note, it will lead to the wrong LP price. Proof of Concept if pair.stable // stable pairs will be priced in terms of Not...

Reserves are not updated correctly

Lines of code Vulnerability details Impact Reserves are not updated on calling transfer function when dst is contract itself. This will lead to incorrect calculation of reserve0CumulativeLast and reserve1CumulativeLast which impacts the outcome prices returned by contract Proof of Concept 1. User...

Strict $1 price for stablecoin

Lines of code Vulnerability details Impact Stablecoins price is strictly set to 1, this could result in inaccurate and delayed capture of market price, and serious loss to the pool. When stablecoins such as USDT/USDC crashes, the corresponding lending pool will also be affected and become...

Miscalculation for cUSDT and cUSDC

Lines of code Vulnerability details Impact getUnderlyingPrice stated that it would return the underlying price of the assets as a mantissa scaled by 1e18. However, the arithmetic setup on lines 503 and 507 could result in answers not scaled by 1e18. Proof of Concept 1e18 1e18 / 10 decimals is...

[M03] Incorrect price calculation for non-stablecoin pairs marked as stable

Lines of code Vulnerability details Impact Pairs that don't have NOTE token but that are still marked as stable will always have an incorrect price calculated for them. Proof of Concept As it can be concluded from the code, stablecoin pairs are pairs with NOTE token: However, there's a separate...

No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call

Lines of code Vulnerability details No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call Impact Address wcanto is not being validated. In case of wrong deployment, function swapExactCANTOForTokens will lock ether in a wrong contract. Consideration...

Upgraded Q -> H from 9 [1662668273831]

Judge has assessed an item in Issue 9 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Division Before Multiplication Can Lead To Precision Loss

Lines of code Vulnerability details Impact There is a division before multiplication bug that exists in getPriceLP. When this occurs the returned TWAP pricing of the LP tokens from pairs will be off. Proof of Concept Consider the following example: a = 100 b = 30 c = 13 function mathuint256 a,...

Tokens with low trading volumes will have distorted time weighting

Lines of code Vulnerability details Proof of Concept Although the docs talk of time weighted values, the actual processing of values by update,reserves, sampleReserves and sampleSupply weights all observations as equal, regardless of duration. So long as update is being called frequently, this...

# WRONG DESIGN/IMPLEMENTATION OF ADDLIQUIDITY() ALLOWS ATTACKER TO STEAL FUNDS FROM THE LIQUIDITY POOL

Lines of code Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the po...

BaseV1Pair - current() is manipulable

Lines of code Vulnerability details Impact The value returned by current isn't really a TWAP and is cheaply manipulable by an attacker. Proof of Concept current compares the currentCumulativePrice and the last observation. But the last observation may only date from a few blocks ago. Imagine the...

ATTACKER COULD PREVENT ANY OTHER USERS FROM MINTING SYNTHETIC TOKENS

Lines of code Vulnerability details An attacker can repeatedly call mint followed by burn after depositing some collateral with deposit. If this is appropriately sized and timed, it can cause the mint call to fail for another user due to the check here that is called during mint here. Every time ...

Upgraded Q -> M from 202 [1662178014316]

Judge has assessed an item in Issue 202 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 167 [1662177851548]

Judge has assessed an item in Issue 167 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 167 [1662177846442]

Judge has assessed an item in Issue 167 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 272 [1662178113276]

Judge has assessed an item in Issue 272 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 208 [1662178021917]

Judge has assessed an item in Issue 208 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Zero approval missing

Lines of code Vulnerability details Impact Frontrunning is possible where user withdraw money before setApproval refill the approval limit. This allows User to get more funds than required Proof of Concept 1. User A is approved an amount of 50 2. "custodian" decides to reduce the approval amount ...

Checked range.low.market and range.high.market can be deliver wrong return

Lines of code Vulnerability details Impact Deactived checked can be deliver wrong return Proof of Concept When auctioneer was live, so range.low.market and range.high.market was checked is back above the cushion and if the price is below the wall the only way was used && since if the case was the...

possibility of front-run on swap()

Lines of code Vulnerability details Impact The user swapper could lose all their money Proof of Concept 1- the user invokes swap with tokenIn == ohm 2- on this line MINTR.burnOhmaddressthis, amountIn; this user send their money to the TRSRY.sol 3- keeper invoke beat to update the price 4- here...

Check additional fields returned by latestRoundData to ensure price data is not stale/incorrect

Lines of code Vulnerability details Impact Not checking additional fields returned by Chainlink might cause incorrect prices being processed. Proof of Concept The only values being check from latestRoundData are price and updatedAt. File: src/modules/PRICE.sol 161: , int256 ohmEthPriceInt, ,...

The _movingAverage always have the same value as _movingAverage + (currentPrice / numObs)

Lines of code Vulnerability details Impact On updateMovingAverage the calculate new moving average is always movingAverage == movingAverage + currentPrice / numObs Proof of Concept 1- keeper invoke beat on Heart.sol 2- this PRICE.updateMovingAverage; to updating the moving average on the Price...

Operator role can update a policy without going through the governance / kernel update execution mechanism

Lines of code Vulnerability details Impact A privileged role can make contract updates that should go through governance Proof of Concept In OlympusDao updates to policies and modules are made by the kernel and are only callable by the governanceExecutors that only executes updates voted by the...

Lock of voting power

Lines of code Vulnerability details Description There is a function vote in OlympusGovernance smart contract. It contains the logic for voting on proposals. In the case of failed vote voters' tokens will remain on the balance of OlympusGovernance until the activation of the new proposal. But for...

Privilege Escalation

Lines of code Vulnerability details Impact An attacker with permissions to the INSTR.store function can obtain the "executor" and "admin" role. This implementation also gives space to human error because when the Kernel's executor changes, the permissions to INSTR.store needs to be changed manual...

Possibility of unfair voting

Lines of code Vulnerability details Impact The proposal could never get the THRESHOLD Proof of Concept On VoterRegistration.sol: 1- the voteradmin could mint issueVotesTo unlimited tokens to address0 or any address On Governance.sol: 2- this will effect to the totalSupply so no one can execute...

PRICE's getCurrentPrice() can return zero price

Lines of code Vulnerability details Currently no price validity check is performed in getCurrentPrice. This way zero ohmEthPriceFeed.latestRoundData produced prices will yield zero getCurrentPrice which will be passed over to the logic. Also, negative OHM price or zero / negative reserve...

Cushion bond markets are opened at wall price rather than current price

Lines of code Vulnerability details Impact Incorrect initial bond market price Proof of Concept uint256 initialPrice = range.wall.high.price.mulDivbondScale, oracleScale; uint256 initialPrice = invWallPrice.mulDivbondScale, oracleScale; In the above lines the initial prices are set to the wall...

User Votes will stuck

Lines of code Vulnerability details Impact Due to insufficient checks User will not be able to withdraw there Votes after a non successful proposal. 1. The effect could be permanent if majority vote holders participated in the proposal, such that new proposal can't be created due to noone having...

Olympus votes can be locked in OlympusGovernance contract

Lines of code Vulnerability details Impact Olympus votes can be locked in Governance.sol OlympusGovernance contract. Proof of Concept When a user votes for a proposal, their current balance of VOTE is transferred to the OlympusGovernance contract. Those votes can be reclaimed once the proposal is...

Anyone can pass any proposal alone before first VOTES are minted

Lines of code Vulnerability details Impact Before any VOTES are minted anyone can activate and execute an arbitrary proposal even with 0 votes cast. So an attacker can pass any proposal i.e. change the executor + admin of the Kernel, gaining access to all permissioned functions and to funds held...

TRSRY: front-runnable setApprovalFor

Lines of code Vulnerability details Impact An attacker may be able to withdraw more than intended Proof of Concept Let's say the alice had approval of 100. Now the treasury custodian reduced the approval to 50. Alice could frontrun the setApprovalFor of 50, and withdraw 100 as it was before. Then...