Upgraded Q -> 3 from #593 [1699463205259]

Judge has assessed an item in Issue 593 as 3 risk. The relevant finding follows: Prime.sol: Users with issued tokens can instantly re-enter the protocol if they were in the 90 days waiting period If an user is issued a prime token while waiting for the claim period, his stakedAt is not zeroed. If...

Upgraded Q -> 3 from #161 [1699466057671]

Judge has assessed an item in Issue 161 as 3 risk. The relevant finding follows: L-02 Prime.updateScores will revert if users are added after updating nextScoreUpdateRoundId Vulnerability Details In Prime contract: the updateScores function is meant to update scores of a batch of users when a new...

interest is still accuring when the market is paused, force user to incur debts

Lines of code Vulnerability details Impact interest is still accuring when the market is paused, force user to incur debts Proof of Concept when the function accure is called the interest is accured after the interest rate is calculated uint256 interestRate = IIRMirm.getInterestRateaddressthis,...

Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer

Lines of code Vulnerability details Impact Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer and the deposit asset can be wrongly valued, leads to overborrowing Proof of Concept Chainlink aggregators have a built in circuit breaker if the...

Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral

Lines of code Vulnerability details Impact Users can't repay their debts if the OmniPool contract is paused which can cause users to fall into liquidation and lose their collateral Proof of Concept The OmniPool::repay function has implemented the whenNotPaused modifier, which will prevent the...

share update function in OmniToken.sol has accounting issue in transfer

Lines of code Vulnerability details Impact Transfer share function in OmniToken.sol can be abused Proof of Concept there is a function, transfer in OmniToken.sol function transferuint96 subId, bytes32 to, uint8 trancheId, uint256 shares external nonReentrant returns bool requiretrancheId...

SocializeLoss can revert in underflow

Lines of code Vulnerability details Impact SocializeLoss can revert in underflow so the admin cannot socalize loss properly Proof of Concept SocializeLoss can revert in underflow so the admin cannot socalize loss properly In the current implementation of the socialize loss uint256 amount =...

SocializeLoss can does not reduce the user deposit share

Lines of code Vulnerability details Impact SocializeLoss can does not reduce the user deposit share Proof of Concept SocializeLoss can revert in underflow so the admin cannot socalize loss properly In the current implementation of the socialize loss uint256 amount = Math.ceilDivshare...

paucheTranche state can be set to arbitrary value

Lines of code Vulnerability details Impact paucheTranche state can be set to arbitrary value Proof of Concept the protocol has this concept of tranche id and borrower tier, the higher borrower tier means high risk lower borrower tier means low risk but when liquidation happens if the...

There is no check that price from Chainlink hits min/max answer

Lines of code Vulnerability details Impact Chainlink aggregator has bounds minAnswer and maxAnswer within which the price can be set. In a case like LUNA, Chainlink will return minAnswer instead of real asset value, overvaluing it. Proof of Concept Here is explained that current Aggregators have...

Users pay higher fee than intended

Lines of code Vulnerability details Impact Protocol mints incorrect depositAmount and depositShare to protocol. Such that reserveFee is higher than defined. Suppose following scenario: 1. Tranche 2 has 20% APR, has 5000 borrowed 2. Tranche 1 has 10% APR, has 10000 borrowed 3. ReserveFee is 10% 4...

After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount

Lines of code Vulnerability details = Impact After the market configuration expires, there is no cap for liquidation seize amount Proof of Concept After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount when liquidation ...

Upgraded Q -> 2 from #617 [1699030085781]

Judge has assessed an item in Issue 617 as 2 risk. The relevant finding follows: L-01 continue before loop variable increment In updateScores function, the rest of the loop execution is skipped with continue if a user’s score has already been updated. But the updation of the loop variable occurs...

Upgraded Q -> 2 from #203 [1699029806392]

Judge has assessed an item in Issue 203 as 2 risk. The relevant finding follows: L-1 Function updateScores spends all gas and reverts if a user has score updated Summary Function updateScores incorrectly handles case when a user’s score is already updated. Vulnerability Details There is a for loo...

Upgraded Q -> 2 from #345 [1699029532851]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Low-01 When a User-1 sell/transfer a safe to User-2, during transfer allowance is not clear in case of User-1 safeCan is a mapping which set allowance for other addresses, by which they can perform action on behalf o...

Upgraded Q -> 2 from #385 [1699029474432]

Judge has assessed an item in Issue 385 as 2 risk. The relevant finding follows: L-03 UniV3Relayer contract works only with tokens of decimals = 18 Details When the UniV3Relayer contract is deployed; the multiplier state variable that’s going to be used to parse the price result from the aggregat...

Upgraded Q -> 2 from #165 [1699030231989]

Judge has assessed an item in Issue 165 as 2 risk. The relevant finding follows: Clear safeCan in transferSAFEOwnership Links to affected code Impact Old approval remains even if user gets SAFE again. Proof of Concept There is no removal safeCan at transferSAFEOwnership . When the user gets SAFE...

Upgraded Q -> 2 from #659 [1699030291397]

Judge has assessed an item in Issue 659 as 2 risk. The relevant finding follows: L-01 updateScores will result in DoS if pass a user with an already updated score Impact If updateScores is called for a user who is already updated in the same round, the function will misbehave, causing it to repea...

Upgraded Q -> 2 from #246 [1699029732469]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-03 The tokenURI is not compatible with the ERC721 standard Description function tokenURIuint256 safeId public view override returns string memory uri uri = nftRenderer.rendersafeId; tokenURI will call nftRenderer...

Upgraded Q -> 2 from #300 [1699029650174]

Judge has assessed an item in Issue 300 as 2 risk. The relevant finding follows: L-01 transferSAFEOwnership does not reset users allowed to modify a safe on behalf of an owner transferSAFEOwnership is not deleting potential allowed users in safeCan upon transferring a safe ownership. This could...

Upgraded Q -> 2 from #175 [1699029356616]

Judge has assessed an item in Issue 175 as 2 risk. The relevant finding follows: L-02 Initial values for GovernorSettings are very low ODGovernor is a OZ Governor with some plugins. It sets up its parameters in the constructor: ODGovernor::constructor: File: src/contracts/gov/ODGovernor.sol 41:...

Upgraded Q -> 2 from #193 [1699029806458]

Judge has assessed an item in Issue 193 as 2 risk. The relevant finding follows: Missing functions in the BasicActions to reach ODSafeManager Description Both functions allowing other users and handlers to manage the safe are restricted with access control. Only callable by the owner of the safe...

Upgraded Q -> 2 from #320 [1699029580772]

Judge has assessed an item in Issue 320 as 2 risk. The relevant finding follows: 2. The governor setting not reliable The initial setting for the voting period in ODGovernor is 15 block, which can be too tight for the governance. Based on Arbitrum block time, which is about 0.26 seconds, which ca...

Upgraded Q -> 2 from #430 [1699028562977]

Judge has assessed an item in Issue 430 as 2 risk. The relevant finding follows: It’s not clear which token the OD token will be paired with in order to determine the price in the uniV3Relayer contract. Then the following lines are problematic: baseAmount = uint12810...

Upgraded Q -> 3 from #518 [1699029907154]

Judge has assessed an item in Issue 518 as 3 risk. The relevant finding follows: L-01 StakedAt time is not deleted during the issuance of prime tokens When a directly revocable token is issued, the stakedAt time of the user is deleted delete stakedAtusersi. This is not done when an irrevocable...

Upgraded Q -> 2 from #320 [1699029592172]

Judge has assessed an item in Issue 320 as 2 risk. The relevant finding follows: 3. Testnet address being used In CamelotRelayer, CAMELOTFACTORY is assigned with Goerli testnet address, which may cause issue during the mainnet launch address internal constant CAMELOTFACTORY =...

Upgraded Q -> 2 from #246 [1699029716295]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-01 Use the factory constant address of the testnet Description import UNISWAPV3FACTORY, GOERLIUNISWAPV3FACTORY from '@script/Registry.s.sol'; contract UniV3Relayer is IBaseOracle, IUniV3Relayer // --- Registry ---...

Upgraded Q -> 2 from #165 [1699030252844]

Judge has assessed an item in Issue 165 as 2 risk. The relevant finding follows: Allowed user have too much priviledge Links to affected code Impact Allowed user can revoke approval of other allowed address. Proof of Concept The allowed user can allow other user. If allowed address is compromised...

Upgraded Q -> 2 from #221 [1699029747725]

Judge has assessed an item in Issue 221 as 2 risk. The relevant finding follows: L-02 Handling missing for case where ERC20 token has decimal 18 in CamelotRelayer & UniV3Relayer oracles Description In the constructor token decimals of an ERC20 is assumed to be = 18 which can be wrong for some...

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

After market expires, user can still repay / deposit, but fund are lost

Lines of code Vulnerability details Impact After market expires, user can still repay / deposit, but fund are lost Proof of Concept In OmniToken.sol or OmniTokenNoBorrow.sol user can deposit any time If user borrows token, user can repay from OmniPool.sol any time but the problem is that, after a...

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

tranche id check has off-by-one error

Lines of code Vulnerability details Impact tranche id check has off-by-one error Proof of Concept In TestOmniPool.t.sol, we add the following POC function testSetTrancheCountPOC public for uint256 i = 4; i 256; i++ pool.setTrancheCountaddressoToken, uint8i; oToken.deposit0, 255, 1 ether; we run t...

testing submission form - IGNORE

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

Testing form

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

precision issue EthenaMinting:mint() allows users to steal fund.

Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

Wrong vest logic

Lines of code Vulnerability details Impact The judgment on line 90 results in that the interval between two transferInRewards must be greater than or equal to 8 hours, otherwise it will be reverted. Proof of Concept Tools Used Recommended Mitigation Steps Delete 90 lines of judgment. Assessed typ...

StakedUSDe contract allows attackers to steal staked USDe tokens of soft-restricted users

Lines of code Vulnerability details Description The modifier called checkMinShares that is used to ensure that there is always a small non-zero amount of shares in circulation. This is to prevent a donation attack, where an attacker donates a small amount of USDe tokens to the contract and then...

Vesting amount is calculated incorrectly in StakedUSDe contract

Lines of code Vulnerability details Description The description says vestingAmount is the contract balance + any unvested remainder at that time but it is set incorrectly in the code. /// @notice The amount of the last asset distribution from the controller contract into this /// contract + any...

It is possible to prematurely unlock assets that should still be locked up by setting the cooldown duration to 0.

Lines of code Vulnerability details Impact It undermines the security of the cooldown period. Specifically: • Users who have assets locked up in the cooldown period could immediately withdraw them if the admin sets the duration to 0. This violates the intent of having a cooldown period to begin...

Vulnerability in rescueTokens and _beforeTokenTransfer Functions Allows Unrestricted Transfer to Contracts

Lines of code Vulnerability details Impact The rescueTokens function in the provided Solidity contract allows the contract owner to transfer ERC20 tokens to any address, and the beforeTokenTransfer hook allows transfers involving addresses with the FULLRESTRICTEDSTAKERROLE. However, both function...

Vulnerability in in rescueTokens and _beforeTokenTransfer Functions Allows Self-Transfer of ERC20 Tokens

Lines of code Vulnerability details Impact The rescueTokens function and the beforeTokenTransfer hook in the provided Solidity contract lack checks to ensure that the destination address is not the same as the sender from. This oversight can result in tokens being transferred to the same address,...

A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.

Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...

replay attack in StakedUSDe's redistributeLockedAmount function

Lines of code Vulnerability details Impact The vulnerability in the redistributeLockedAmount function of the StakedUSDe contract allows an admin user to redistribute tokens from a restricted address to another address. However, if a user let's call them User A is removed from the blacklist and...

Staking functionality temporary blocking due to lack of address zero check

Lines of code Vulnerability details Impact Though lack of zero check issue for the addToBlacklist function is already at the automated findings output, I suppose it is necessary to show the importance of this check here. In case of accidental or malicious the BLACKLISTMANAGERROLE behavior the...

Limits on mint and redeem per block of USDe will lead to paralysis

Lines of code Vulnerability details Impact Since the number of mint and redeem per block is limited, attackers can use scripts to squeeze out the quota with their own addresses. Thena cannot determine whether it is a normal user address or an attack address, causing the contract to be paralyzed. ...

Unchecked return value when calling ERC20's transfer function inside withdraw function of USDeSilo.sol. It is unsafe transfer of ERC20 tokens.

Lines of code Vulnerability details Summary In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And it's return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong...

Users will retain possession of their USDe after redeeming collateral

Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...