Signature replay

Lines of code Vulnerability details Impact Neither the signed content nor the signature are associated with the contract DOMAINSEPARATOR. Therefore, both can be repeated in other contracts that use similar values, usually the same builder or contractor addresses.. Proof of Concept In some areas o...

Builder can pay only half of the agreed upon interest on his debt by exploiting daily interest accrual

Lines of code Vulnerability details Impact Project bulder can get away with paying the community owner only half of the agreed upon interest on his debt. Theoretically, the community owner can defend himself from this exploit, if he's aware of this bug, but chances are that he won’t be aware. Pro...

Project.raiseDispute() might work with the already completed task.

Lines of code Vulnerability details Impact Project.raiseDispute might work with the already completed task. Already completed tasks can't be changed in any cases and it might bring some unexpected outcome when the dispute is approved by fault. Proof of Concept It's impossible to change anything...

block.timestamp used as time proxy

Lines of code Vulnerability details block.timestamp used as time proxy Summary: Risk of using block.timestamp for time should be considered. Details: block.timestamp is not an ideal proxy for time because of issues with synchronization, miner manipulation and changing block times. This can be...

Lent principal includes lender fee

Lines of code Vulnerability details Impact A community owner is able to lend funds to a project by calling the function Community.lendToProject. Lending requires the lender to pay a lenderFee, a percentage of the fee a lender has to pay to the HomeFi system. However, the current implementation...

Storage variable modifications when the contract is paused

Lines of code Vulnerability details Impact The function addMember can be called to modify the the storage variable community even if the contract is paused. function addMemberbytes calldata data, bytes calldata signature external virtual override // Compute hash from bytes bytes32 hash =...

Insecure SignatureDecoder.recoverKey method

Lines of code Vulnerability details Impact The SignatureDecoder.recoverKey function can return address0 and incur errors, so it is considered insecure. Proof of Concept For example, in Project.checkSignatureValidity a signature could be accepted as valid if any of the addresses used have not yet...

In Community.sol, the interest calculation formula is not correct.

Lines of code Vulnerability details Impact Currently, it calculates interest using the number of days and builders would pay nearly half or less interest than they should. So lenders wouldn't get the interest as expected and it means builders can steal the interest from lenders. Proof of Concept ...

Attacker can use the same param to call Community.escrow() multiple times and reduce all the debt

Lines of code Vulnerability details Impact In Community contract, function escrow is used to reduce debt when lender comed in terms with the builder and agent to reduce debt. It checks that all lender, builder and agent are signed the data. But the issue is there is no nonce value in data which...

Can add member and publish project to future community without community owner approval

Lines of code Vulnerability details Impact Anyone can add himself as a member of community for any future community. This can be done due to a combination of facts: Non initialized address storage values are defaulted to address0 addMember doesn't check if community is already created...

_postRebalanceChecks doens't properly account for flashloan fees

Lines of code Vulnerability details Impact Rebalances that should fall outside of variance requirement are approved Proof of Concept MIMOAutoBalance.solrebalance and MIMOManagedRebalance.solrebalance pass flData.amount into isVaultVariationAllowed. However, in MIMORebalance.solrebalanceOperation...

It should never be possible to change the status of a completed task

Lines of code Vulnerability details High Risk Finding Impact In Project.sol, once a task is set as completed by calling function setComplete, the contract pays the subcontractor. Once in this state, in should not be possible to change the task state back to ACTIVE/INACTIVE, because then the same...

User's may accidentally overpay in register() / renew() and the excess will be paid to the vault creator :-

Lines of code Vulnerability details Vulnerability details Impact User's may accidentally overpay in register / renew and the excess will be paid to the vault creator Proof of Concept 1. File: 2022-08-mimo/contracts/actions/MIMORebalance.sol line 129-132: require...

Possible to create projects with currency=address(0)

Lines of code Vulnerability details Impact Sometimes it is possible to create projects with currency=address0. Proof of Concept if you call createProject before the contract has been initialized, some areas of the Project service might be denied. Nowhere is it checked that the address is empty,...

Possible signature replay in updateTaskHash() and updateProjectHash() function

Lines of code Vulnerability details Impact In updateProjectHash function, the data encoded only hash and nonce value but not the projectAddress. In case builder had 2 or more projects, the signature that builder used in updateProjectHash can also be used in other projects by attackers. bytes memo...

Malicious delegated contractor can block funding tasks or mark tasks as complete

Lines of code Vulnerability details Impact A malicious delegated contractor can add a huge number of tasks or one task with a huge cost. This would then pose problems in allocateFunds as tasks could not be funded. Builder could remove delegation for the contractor but couldn't replace the...

Manager can drain vault by taking flashloan in unexpected currency

Lines of code Vulnerability details Impact Manager can drain vault Proof of Concept address fromCollateral = vaultsData.vaultCollateralTypevaultId; uint256 rebalanceValue = priceFeed.convertFromfromCollateral, rebalanceAmount; The source of the exploit is that the above lines wrongly assume that...

H02: code is not same as intended function description

Lines of code Vulnerability details MIMOManagedAction.sol, 27-39 / @notice Sets a vault management parameters @dev Can only be called by vault owner and can only appoint whitelisting managers as manger @param vaultId Vault id of the vault to be put under management @param mgtParams ManagedVault...

MIMOEmptyVault.sol executeOperation() does not transfer the Vault leftover assets to the owner, it is locked in the MIMOEmptyVault

Lines of code Vulnerability details Impact MIMOEmptyVault.sol executeAction is supposed to pay off the debt and return the leftover assets to the owner of the Vault But In fact the emptyVault contract, after executing the executionOperation, only pays back the flash loan, and does not transfer th...

H01: code is not same as intended function description

Lines of code Vulnerability details MIMOAutoAction.sol, 26-38 / @notice Sets a vault automation parameters @dev Can only be called by vault owner @param vaultId Vault id of the vault to be automated @param autoParams AutomatedVault struct containing all automation parameters / function...

H03: do use default zero to check account exist.

Lines of code Vulnerability details MIMOProxyRegistry.sol, deployFor function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy already exists and the owner is the same. if addresscurrentProxy != address0 &...

Previous {Operators/Weights/Threshold} Are Still Able To Sign Off New Commands After Operatorship Is Transferred

Lines of code Vulnerability details The administrator will call AxelarAuthWeighted.transferOperatorship function to transfer the operatorship to a new set of Operators/Weights/Threshold. However, it was observed that after transferring the operatorship to a new set of Operators/Weights/Threshold,...

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

AxelarAuthWeighted - Can set operators to same values to override OLD_KEY_RETENTION

Lines of code Vulnerability details Impact It is possible to transfer operatorship to the same operators by simply doubling the values of the newWeights array and newThreshold value. This could be used by newly appointed operators to invalidate all previous operators and thus invalidate the...

Malicious DepositBase may stole dust fund from ReceiverImplementation

Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver function...

AxelarDepositService: When wrappedToken is not weth, sendNative may cause users to lose ether.

Lines of code Vulnerability details Impact In the sendNative function of the AxelarDepositService contract, the wrappedToken address is treated as weth-like and the wrappedToken's deposit function is called. If the wrappedToken address is TokenType.External token and is not weth-like and the...

XC20Wrapper may lost received token forever if LocalAsset(xc20).mint is reverted indefinitely

Lines of code Vulnerability details Impact XC20Wrapper may lost received token forever if LocalAssetxc20.mint is reverted indefinitely. Similar to ERC20, the spec said that if mitn returns false it means minting is failed. But it is commonly revert instead of returning false which is also a minti...

Approve will fail

Lines of code Vulnerability details Impact Multiple ERC20 tokens require zero address approval before approving the required amount. The contract seems to be missing this. Proof of Concept 1. Observe the receiveAndSendNative function at ReceiverImplementation.sol...

Anyone can receive tokens

Lines of code Vulnerability details Impact As long as there is token balance or WETH in ReceiverImplementation contract, anybody can receive tokens or weth by making a call to AxelarDepositService.nativeUnwrap with their address as recipient Tools Used Manual review Recommended Mitigation Steps...

Approval from non-zero to non-zero amount can lead to DoS

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved. Proof of Concept The following function use an unsafe approvement...

Unprotested _setup function in XERC20Wrapper via Upgradable Contract

Lines of code Vulnerability details Impact If a caller calls the setup function and the address within the IMPLEMENTATIONSLOT does not equal zero, the function will call setup. The setup function changes the ownership of the contract. Proof of Concept The Upgradable contract has a setup function...

Approve not compatible with Tether (USDT) implementation

Lines of code Vulnerability details Impact Approve not compatible with Tether USDT implementation Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT or CVX's approve function will revert if the current...

Unable To Verify Signature If There Are Too Many Signers And Operators

Lines of code Vulnerability details It was observed that there is a nested for loop within the AxelarAuthWeighted.validateSignatures function. If there are a large number of signatures and operators, it will result in an "Out of Gas" error or a "Block Gas Limit" error and the command's signature...

DOS on valid signatures

Lines of code Vulnerability details Impact It was observed that signature matching can fail due to incorrect updation of operatorIndex. Each loop iteration should reset operatorIndex but this is not happening causing matches to be skipped as shown in POC Proof of Concept 1. Assume...

Refund Address can forcefully receive WETH

Lines of code Vulnerability details Impact In AxelarDepositService.sol , the refundAddress could forcefully receive WETH instead of the refundToken when calling any of the 3 functions refundTokenDeposit , refundNativeDeposit and refundNativeUnwrap. This is possible by due to // Allowing only the...

Malicious operators within epoch can not be manually invalidated

Lines of code Vulnerability details Impact Messages are verified and validated by a set of operators. Operators their weights and threshold are defined per epoch and stored as a hash. Transferring operatorship which means creating a new set of valid operators creates a new epoch. Operator sets th...

Add cancel and refund option for Transaction Recovery

Lines of code Vulnerability details Add cancel and refund option for Transaction Recovery Impact Transactions could fail or stuck, according to the documentation: Occasionally, transactions can get "stuck" in the pipeline from a source to destination chain e.g. due to one-off issues that arise wi...

Anyone Can Become Owner Of XC20Wrapper Contract

Lines of code Vulnerability details Anyone can become the owner of the XC20Wrapper contract by calling the XC20Wrapper.setup function. Proof-of-Concept The XC20Wrapper contract inherits from Upgradable contract. contract XC20Wrapper is AxelarExecutable, Upgradable As such, the XC20Wrapper contrac...

Hash Collision Within The epochForHash Mapping

Lines of code Vulnerability details It is not possible for the administrator to transfer operatorship to a new set of Operators/Weights/Threshold that has been previously configured because a hash collision will occur within the epochForHash mapping. Proof-of-Concept Assuming that OLDKEYRETENTION...

Not calling approve(0) before setting a new approval causes the call to revert when used with some tokens

Lines of code Vulnerability details Not calling approve0 before setting a new approval causes the call to revert when used with Tether USDT Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value it will revert if the current approval is not...

Will Not Work If Signatures Are Not Sorted

Lines of code Vulnerability details Commands cannot be executed if the signatures submitted are not stored. Proof-of-Concept Consider the following is submitted to the AxelarAuthWeighted.validateSignatures function. Operators = Alice, Bob, Charles Signatures = Charles's Signature, Bob's Signature...

Returned Value Of Function Call Not Verified

Lines of code Vulnerability details When executing a function call, two data are returned success condition and return data. It was observed that after executing the command via a function call, the contract verifies the success condition to ensure that the call did not revert. However, it does n...

Users will be able to receive tokens through _executeWithToken() after RemoveWrapping() by onlyOwner

Lines of code Vulnerability details Impact Whenever owner removes wrapping by calling removeWrapping , it sets the wrappedaxelarToken to 0. This would allow users to be able to call executeWithToken when the function is used in the future by calling a function that calls it i.e if this function i...

Functions that send Ether to arbitrary destinations

Lines of code Vulnerability details M-1. Functions that send Ether to arbitrary destinations Description Unprotected call to a function that allow a user to refund to another address. Mitigation Ensure that an arbitrary user cannot withdraw unauthorized funds...

selfdestruct will be banned after "The Purge" phase of ethereum merge. DepositReceiver may be broken. Any interaction between AxelarDepositService may result in the loss of fund.

Lines of code Vulnerability details Impact selfdestruct will be banned after "The Purge" phase of ethereum merge. DepositReceiver may be broken. Any interaction between AxelarDepositService may result in the loss of fund. Since AxelarDepositService that deal with native token is highly associated...

Did Not Approve To Zero First

Lines of code Vulnerability details Some ERC20 tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. The...

Upgraded Q -> M from 93 [1659526885300]

Judge has assessed an item in Issue 93 as Medium risk. The relevant finding follows: Use call instead of transfer Contract ETHRegistrarController.sol Description It was observed that withdraw function is using transfer function instead of call for transferring ether. This could become a problem i...

NO STORAGE GAP FOR UPGRADEABLE CONTRACT MIGHT LEAD TO STORAGE SLOT COLLISION

Lines of code Vulnerability details NO STORAGE GAP FOR UPGRADEABLE CONTRACT MIGHT LEAD TO STORAGE SLOT COLLISION Impact For upgradeable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with...

Anyone can steal the ether or the ReceiverImplementation tokens

Lines of code Vulnerability details Impact Anyone can steal the ether or the ReceiverImplementation tokens. Proof of Concept As you can see in the receiveAndSendNative method: function receiveAndSendNative address payable refundAddress, string calldata destinationChain, string calldata...

Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom

Lines of code Vulnerability details Impact Its a good to add require statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affec...