createCollectionFor doesn't transfer ownership to _controller that specified in the parameter.

Lines of code Vulnerability details Impact controller is supplied to the function parameter to be controller of the token and owner of the vault. But actually owner of the vault is VaultRegistry that can't control anything in the Vault. Proof of Concept function createCollectionFor bytes32...

Native ETH transfer should use call() instead of transfer()

Lines of code Vulnerability details Impact It might be impossible for some addresses to receive ETH via transfer because receiver address might have methods that exceed 2300 gas, ultimately leading to frozen funds. Proof of Concept Native transfer function has a limit of 2300 gas, which might not...

Anyone can call propose() and create a DOS

Lines of code Vulnerability details A denial of service can be initiated by anyone, since there is no check for any address, and also no Ether/ERC20 at stake. Impact Denial of service for vault migration Proof of Concept Contract : Migration.sol, function propose Recommended Mitigation Steps Make...

fractionPrice precision can be lost if fractional tokens supply is high enough

Lines of code Vulnerability details Buyout's start now determine fractional token price by dividing native tokens amount by total supply number. Whenever the supply is high enough the precision can be lost, leading to severe losses to buyout proposer as his staked fractional tokens can be valued ...

block.timestamp used as time proxy

Lines of code Vulnerability details block.timestamp used as time proxy Impact a. Summary: Risk of using block.timestamp for time should be considered. b. Details: block.timestamp is not an ideal proxy for time because of issues with synchronization, miner manipulation and changing block times. In...

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Impact Transaction can revert Proof of Concept The original transfer used to send ETH uses a fixed stipend of 2300 gas. This was used to prevent reentrancy. However, this limit your protocol to interact with others contracts that need more than that to proceess...

Proposal commitment takes all fractional balance in Migration contract

Lines of code Vulnerability details Impact The Migration contract holds all fractional token balance of all proposals. Let's suppose a single vault has multiple proposals going on, and one gets committed. If the target price is satisfied, then a buyout starts // Checks if the current price is...

User can increase migration's proposal total tokens artificially

Lines of code Vulnerability details Impact There are two functions that users can use to withdraw deposited ether/tokens from a joined proposal: leave and withdrawContribution. leave correctly decreases the total contribution from a proposal alongside the user's one: // Updates fraction balances ...

Buyout griefing can block almost all functionalities

Lines of code Vulnerability details Impact Everyone can start a Buyout for a vault by paying only 1 wei. For the next 4 days no other Buyout can start. If someone is fast enough, they can start another griefing buyout as soon as one finishes, meaning that it's possible to block the functionality ...

Able to call withdrawContributions with any vaultId may lead to loss of funds

Lines of code Vulnerability details Impact The withdrawContributions function in Migration.sol takes any vault as input. As long as the vault is valid and has an inactive buyout, a user may call withdrawContributions even if the proposal they contributed to is LIVE. This may lead to users not bei...

call() should be used instead of transfer() on address payable

Lines of code Vulnerability details call should be used instead of transfer on address payable Impact The use of the deprecated transfer function for an address wll make the transaction fail when 1. The withdrawer smart contract does not implement a payable function. 2. The withdrawer smart...

Not check fractionPrice > 0 may allow users to buy or sell fractions with zero ETH

Lines of code Vulnerability details Impact In Buyout.start function, fractionPrice is calculated from msg.value and depositAmount, both can be changed by sender. And there is no check if fractionPrice is bigger than 0. So in case fractionPrice = 0, users may sell and buy fractions with zero ETH...

Buyout's buyFractions can be called multiple time reusing the same msg.value with Multicall

Lines of code Vulnerability details Passing multiple buyFractions calls to Multicall's multicall will use the same msg.value many times. This will inflate his contribution without real fund transfers with the corresponding fund loss for the system. Proof of Concept Buyout uses Multicall: contract...

Not update ethBalance after users cash out in Migration may cause loss of funds

Lines of code Vulnerability details Impact In Buyout.cash function, users will burn their fractions to cash out ETH. The ETH amount is proportionate the number of fractions they have. So when someone burn fractions, total amount of ETH ethBalance should be updated accordingly. But in cash functio...

merkleRoot can be set by delegatecall(), violate setMerkelRoot()

Lines of code Vulnerability details Impact When delegatecall to target, the context is on Caller contract, all state change logics reflect on Caller’s storage. If the Vault contract calls the malicious contract by function execute，the important storage variable merkleRoot can be modified. Accordi...

ERC20 Incorrect check on returnedAddress in permit() results in unlimited approval of zero address

Lines of code Vulnerability details Impact When creating ERC20.sol from Solmate, a require in permit was converted to a custom error incorrectly. It now reads: if recoveredAddress != address0 && recoveredAddress != owner revert Invalidmsg.sender, owner; So if the recoveredAddress is non-zero and...

Swivel withdraw wrapper function redeems an amount on underlying tokens

Lines of code Vulnerability details Impact Swivel contract uses the redeemUnderlying function from the Compound CERC20 tokens. This function takes as an input the amount of underlying tokens to be redeemed, which is inconsistent compared to other functions. This issue will lead to user fund losse...

TEST

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- Th...

Upgraded Q -> M from 270 [1657580410834]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

Upgraded Q -> M from 270 [1657580270573]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

Missing zero address check for bribesProcessor

Upgraded from 45: Missing zero address check for bribesProcessor MyStrategy.sol:100 ///@dev Change the contract that handles bribes function setBribesProcessorIBribesProcessor newBribesProcessor external onlyGovernance; bribesProcessor = newBribesProcessor; The bribeProcessor is not set in the...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Proof of Concept JBChainlinkV3PriceFeedcurrentPrice function currentPriceuint256 decimals external view override returns uint256 // Get the latest round information. Only need the price is needed. , int256 price, , , = feed.latestRoundData; // Get a reference t...

Chainlink's latestRoundData (price) might return stale or incorrect result

Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...

Insufficient oracle validation

Lines of code Vulnerability details Impact Oracle my return stale price. Proof of Concept Round completeness and the quoted timestamp are not checked to ensure that the reported price is not stale. roundId, startedAt, updatedAt, and answeredInRound are omitted from the return result of...

Oracle data feeds are insufficiently validated

Lines of code Vulnerability details Impact If the oracle price feeds are insufficiently validated, there will be pricing errors leading to the miss-pricing of assets Proof of Concept The JBSingleTokenPaymentTerminalStore and abstract JBPayoutRedemptionPaymentTerminal both rely on their respective...

Failed transfer during migrate could lockup the fund in old terminal

Lines of code Vulnerability details Without require for boolean checking, if to.addToBalanceOfvalue: payableValueprojectId, balance, token, '', bytes''; fail when transfer, migrate will not revert. This could cause the fund to lockup in the old terminal since store.recordMigrationprojectId; will...

Attacker can prevent other projects from using a custom token

Lines of code Vulnerability details Impact A malicious project owner or an attacker can front-run the JBTokenStore.changeFor function and "steal" the token for their own project. This token can then not be used for any other project as long as it's assigned to a project due to projectOftoken != 0...

oldToken.transferOwnership() to contract may be irreversible

Lines of code Vulnerability details oldToken.transferOwnership to contract may be irreversible Proof of Concept JBTokenStore.sol 265-266: if newOwner != address0 && oldToken != IJBTokenaddress0 oldToken.transferOwnershipprojectId, newOwner; OpenZeppelin library Ownerable.sol: function...

Unsafe _price cast

Lines of code Vulnerability details Impact The price provided by chainlink AggregatorV3 could be a negative, if that happend the cast of the price goes high, in example, cast -1 to uint256 was 2256 - 1 Proof of Concept return uint256price.adjustDecimalsfeedDecimals, decimals; Tools Used Manual...

JBPayoutRedemptionPaymentTerminal#processFees may run out of gas and revert due to long list of _heldFeesOf[_projectId]

Lines of code Vulnerability details Proof of Concept // Get a reference to the project's held fees. JBFee memory heldFees = heldFeesOfprojectId; // Delete the held fees. delete heldFeesOfprojectId; // Push array length in stack uint256 heldFeeLength = heldFees.length; // Process each fee. for...

Unchecked transfer

Lines of code Vulnerability details Description The return value of an external transfer/transferFrom call is not checked Impact There are some tokens that do not revert on failure but return false instead, if such token is used, the return value won'...

Usage of insecure transfer/transferFrom

Lines of code Vulnerability details Proof of Concept This is a well known issue, the protocol uses at many parts the insecure transfer/safeTransfer for generic ERC20 tokens. Recommended Mitigation Steps Use OZ Safe Transfer --- The text was updated successfully, but these errors were encountered:...

JBProjects.createFor should be able to set the project controller

Lines of code Vulnerability details Impact JBProjects.createFor doesn’t set the project controller. Project owners need to call JBDirectory.setControllerOf to set the project controller. However, an allowedlisted address can set the controller before the actual project owner. We can assume that...

The reserves accounting breaks when total balances surpas type(int256).max

Lines of code Vulnerability details Reserved tokens do not get minted automatically when a new payment is received. Instead, they must be explicitly distributed during the funding cycle which contains the reserved rate and splits that should be applied. If a funding cycle's reserved rate or split...

Issue with condition check handling

Lines of code Vulnerability details Impact It might cause data corruption, as most of the data handling is done in low level. Proof of Concept // Add up all the percents to make sure they cumulative are under 100%. uint256 percentTotal = 0; for uint256 i = 0; i typeuint56.max revert...

configureFor's check for interface compliance can backfire

Lines of code Vulnerability details Impact Controlller supplied data.ballot is checked by configureFor to be compliant with IJBFundingCycleBallot interface by wrapping the call. Proof of Concept configureFor checks for interface support with a nested function: try...

JBDirectory.primaryTerminalOf might suffer from out of gas DoS if too many terminals are added through JBDirectory._addTerminalIfNeeded

Lines of code Vulnerability details Impact There is no limit to the size of terminalsOf. if too many terminals are added through JBDirectory.addTerminalIfNeeded. JBDirectory.primaryTerminalOf might suffer from out of gas DoS. Proof of Concept The for loop in JBDirectory.primaryTerminalOf may caus...

JBProjects.sol#createFor(...) function is open to reentrancy attacks

Lines of code Vulnerability details JBProjects.solcreateFor... which used in JPController.sollaunchProjectFor... can be used for reentrancy. PoC contracts/JBProjects.sol: 131: function createForaddress owner, JBProjectMetadata calldatametadata 132 external 133 override 134 returns uint256 project...

No check for stale chainlink oracle data in currentPrice function

Lines of code Vulnerability details Impact There is no check if the value of price returned by chainlink latestRoundData is latest or stale. If stale price is returned, it may result in wrong calculation used further, and in JBPrices.sol Proof of Concept Contract : JBChainlinkV3PriceFeed.sol Line...

Double spend of tokens because unnecessary approve

Lines of code Vulnerability details Impact Double spend of tokens Proof of Concept I believe that there is an error in your logic, while you approve tokens before transfering them will give the receiver twice that you want. function beforeTransferToaddress to, uint256 amount internal override...

Stale prices can be used by the system

Lines of code Vulnerability details updatedAt field of Chainlink's latestRoundData isn't checked, so even substantially outdated price will be used by the system. Proof of Concept Price is the only field that is read from Chainlink: function currentPriceuint256 decimals external view override...

State Variable Shadowing

Lines of code Vulnerability details Impact Check: shadowing-state Severity: High Confidence: High It is possible to use the same variable twice in Solidity, but it can lead to unintended side effects.The TestAllowance.sol contract inherits from TesTBaseWorkflow.sol. In the TestAllowance.sol...

Chainlink oracle lacks proper validation

Lines of code Vulnerability details Impact Calls to the Chainlink price oracle via latestRoundData in JBChainlinkV3PriceFeed.sol use the correct function latestRoundData per Chainlink's documentation, but lack the recommended validations to ensure that the round is complete and does not return...

Insufficient Chainlink price feed validation

Lines of code Vulnerability details JBChainlinkV3PriceFeedcurrentPrice reads the price value from the underlying Chainlink price feed, but ignores the other values returned by latestRoundData, which include the round timestamps and round ID in which the returned price was computed. These values...

Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store.

Lines of code Vulnerability details Impact Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store. If data store is using custom logic that doesn't...

Missing checks on return data from the chainlink

Lines of code Vulnerability details Impact MED - the function of the protocol could be impacted 1. Use stale price information resulting to wrong project's balance 2. In the case of zero price, functions using price information will revert. Proof of Concept // JBPrices::priceFor at line 69 calls...

CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS

Lines of code Vulnerability details Impact This could lead to stale prices according to the Chainlink documentation: Proof of Concept On JBChainlinkV3PriceFeed.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. function currentPriceuint256 decimals...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData might return stale or incorrect results Proof of Concept According to Chainlink documentation, there must be a check for stale prices. It's a link of the same issue. Tools Used Solidity Visual Developer of VSCode Recommended...

Migration to a new terminal allows project to use funding again in same funding cycle

Lines of code Vulnerability details Impact Distribution and overflow allowance can be reused after migration Proof of Concept When migrating to a new terminal only balances are transferred but not usedDistributionLimitOf or usedOverflowAllowanceOf. This means that both of these values will be 0,...

Some fund could be locked in the project forever because only contributors but not project token holders can redeem

Lines of code Vulnerability details Some fund could be locked in the project forever because only contributors but not project token holders can redeem Impact Once the contributor transfered the project tokens to someone elsein some DEX maybe, these tokens could never be redeemed. One of the...