Some fund could be locked in the project forever because only contributors but not project token holders can redeem

Lines of code Vulnerability details Some fund could be locked in the project forever because only contributors but not project token holders can redeem Impact Once the contributor transfered the project tokens to someone elsein some DEX maybe, these tokens could never be redeemed. One of the...

DOS(Denial Of Service).External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract.

Lines of code Vulnerability details Impact --Check: calls-loop --Severity: Medium --Confidence: Medium External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. There are two instances where this can occur. Proof of Concept -- --ConsenSys Smart...

Price Feed is not checked for freshness and may report old / incorrect value

Lines of code Vulnerability details Price Feed is not checked for freshness In times of network conjestion, the priceFeed may take longer than expected to update, and the price may take longer than usual to update, in order to ensure the latest price is fresh within update window, you should veri...

JBPayoutRedemptionPaymentTerminal#processFees may run out of gas and revert due to long list of _heldFeesOf[_projectId]

Lines of code Vulnerability details Proof of Concept // Get a reference to the project's held fees. JBFee memory heldFees = heldFeesOfprojectId; // Delete the held fees. delete heldFeesOfprojectId; // Push array length in stack uint256 heldFeeLength = heldFees.length; // Process each fee. for...

Inconsistent state of _terminalsOf & _primaryTerminalOf state variables at JBDirectory

Lines of code Vulnerability details Vulnerability details When a call to setTerminalsOf is followed by setPrimaryTerminalOf, the state variables, terminalsOf & primaryTerminalOf, are maintained in consistent state by including the primaryTerminal in terminals also. Refer, But when a call to...

CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS

Lines of code Vulnerability details Impact This could lead to stale prices according to the Chainlink documentation: Proof of Concept On JBChainlinkV3PriceFeed.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. function currentPriceuint256 decimals...

The reserves accounting breaks when total balances surpas type(int256).max

Lines of code Vulnerability details Reserved tokens do not get minted automatically when a new payment is received. Instead, they must be explicitly distributed during the funding cycle which contains the reserved rate and splits that should be applied. If a funding cycle's reserved rate or split...

Project Owner can mint all tokens to their own address

Lines of code Vulnerability details Impact A project owner may mint all tokens for the project in JBController.mintTokensOf , with all tokens minted by the project owner to their own address, the payer during any pay call would be unable to to mint any project token as the mint function would...

JBDirectory.primaryTerminalOf might suffer from out of gas DoS if too many terminals are added through JBDirectory._addTerminalIfNeeded

Lines of code Vulnerability details Impact There is no limit to the size of terminalsOf. if too many terminals are added through JBDirectory.addTerminalIfNeeded. JBDirectory.primaryTerminalOf might suffer from out of gas DoS. Proof of Concept The for loop in JBDirectory.primaryTerminalOf may caus...

Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store.

Lines of code Vulnerability details Impact Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store. If data store is using custom logic that doesn't...

latestRoundData should have returned value checks

Lines of code Vulnerability details Impact when we use the latestRoundData we should always check the returned value because it may return stale data. , int256 price, , , = feed.latestRoundData; Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any...

Attacker can prevent other projects from using a custom token

Lines of code Vulnerability details Impact A malicious project owner or an attacker can front-run the JBTokenStore.changeFor function and "steal" the token for their own project. This token can then not be used for any other project as long as it's assigned to a project due to projectOftoken != 0...

Attacker can frontrun and reenter this function causing users to get griefed

Lines of code Vulnerability details Impact 1. attacker calls createFor and there is reentracy in safemint and an attacker can reenter and just keep increasing count just a side note 2. but what an attacker can do is when a user wants to call this function or launch a project an attacker frontruns...

oldToken.transferOwnership() to contract may be irreversible

Lines of code Vulnerability details oldToken.transferOwnership to contract may be irreversible Proof of Concept JBTokenStore.sol 265-266: if newOwner != address0 && oldToken != IJBTokenaddress0 oldToken.transferOwnershipprojectId, newOwner; OpenZeppelin library Ownerable.sol: function...

Chainlink's latestRoundData (price) might return stale or incorrect result

Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...

Insufficient Chainlink price feed validation

Lines of code Vulnerability details JBChainlinkV3PriceFeedcurrentPrice reads the price value from the underlying Chainlink price feed, but ignores the other values returned by latestRoundData, which include the round timestamps and round ID in which the returned price was computed. These values...

In JBERC20PaymentTerminal.sol#_transferFrom(...) ignoring return value when IERC20(token).transferFrom(...)

Lines of code Vulnerability details In JBERC20PaymentTerminal.soltransferFrom... ignoring return value when IERC20token.transferFrom... Some of ERC20 token implementations return false upon unsuccess transfer like USDT token, this can lead to some unpredictable balances to rise up without actual...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData might return stale or incorrect results Proof of Concept According to Chainlink documentation, there must be a check for stale prices. It's a link of the same issue. Tools Used Solidity Visual Developer of VSCode Recommended...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Proof of Concept JBChainlinkV3PriceFeedcurrentPrice function currentPriceuint256 decimals external view override returns uint256 // Get the latest round information. Only need the price is needed. , int256 price, , , = feed.latestRoundData; // Get a reference t...

Insufficient oracle validation

Lines of code Vulnerability details Impact Oracle my return stale price. Proof of Concept Round completeness and the quoted timestamp are not checked to ensure that the reported price is not stale. roundId, startedAt, updatedAt, and answeredInRound are omitted from the return result of...

JBProjects.sol#createFor(...) function is open to reentrancy attacks

Lines of code Vulnerability details JBProjects.solcreateFor... which used in JPController.sollaunchProjectFor... can be used for reentrancy. PoC contracts/JBProjects.sol: 131: function createForaddress owner, JBProjectMetadata calldatametadata 132 external 133 override 134 returns uint256 project...

rewaer

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- Th...

Upgraded Q -> M from 95 [1657055392912]

Judge has assessed an item in Issue 95 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

Upgraded Q -> M from 164 [1657055445786]

Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Fake orders can be created for non existant tokens

Lines of code Vulnerability details Impact NFT's can be stolen by an attacker Proof of Concept The putty contract is using the solmate safeTransfer instead of OpenZeppelin's so contract existence isn't being checked for transferred tokens. In the putty case, contract existance is checked for the...

Short position owner will loose funds when put option expired

Lines of code Vulnerability details Impact Fees are expected to be paid whenever an option is exercised as per the function comment on L235. However, the current protocol implementation also charges fees for expired put options. The owner of a short put option is subject to paying fees whenever t...

Short Call Maker Asset Can Be Frozen

Lines of code Vulnerability details Impact The fillOrder function only checks that the floorAssetTokenIds.length must be 0 when a taker fill a short call order. In other words, it does not check whether order.floorTokens.length is 0 or not, which means that if the maker includes any address in...

both order side positions don’t exist is not checked

Lines of code Vulnerability details Impact The flow in fillOrder as documented in expects the check order side positions doesn't exist . However the fillOrder function does not have a require check for this. This allows for the same side positions to be created multiple times leading to loss of...

Create a short call order with non empty floor makes the option impossible to exercise and withdraw

Lines of code Vulnerability details Impact HIGH - assets can be lost If a short call order is created with non empty floorTokens array, the taker cannot exercise. Also, the maker cannot withdraw after the expiration. The maker will still get premium when the order is filled. If the non empty...

Returned Value not checked when Depositing Eth

Lines of code Vulnerability details Impact In fillorder function, when eth is converted to weth, at line 335, it deposit the msg.value here. But it does not check the return value if the call succeeded. Proof of Concept IWETHweth.depositvalue: msg.value; Tools Used Visual Studio Code Recommended...

Doesn’t check order.baseAsset.code when exercising call order

Lines of code Vulnerability details Impact It is safe to check order.baseAsset.code.length and token.code.length in fillOrder and transferERC20sIn. Because SafeTransferLib doesn’t check whether the erc20 token is actually a contract. /// @dev Note that none of the functions in this library check...

PUT short option is always in loss

Lines of code Vulnerability details Impact For a long PUT condition the party which is doing short will always be in loss Proof of Concept 1. Alice creates and signs a long put option order off-chain for 2 Bored Ape floors with a duration of 30 days, a strike of 124 WETH and a premium of 0.8 WETH...

onERC721Received() could delegatecall to transder the tokens

Lines of code Vulnerability details onERC721Received could delegatecall to transder the tokens Impact Some onERC721Received could use delegatecall to drain the tokens Putty holds. Because the msg.sender is Putty contract, the tarnsfer can go through. Or taking the ownership of the Putty contract...

Counter offer is not implemented correctly

Lines of code Vulnerability details Impact acceptCounterOffer is not verifying if the original order has already been filled. In case maker makes a counter offer and by the time counter offer is called, some user has already filled the original order then both original and counter offer will be...

Orders could be unable to be fulfilled due to insufficient fund/underlying when when filled

Lines of code Vulnerability details Orders could be unable to be fulfilled due to insufficient fund/underlying when when filled Proof of Concept Let's say on day 1, Alice created a long call order for 5 ERC721 Bored Apesid1, id2, id3, id4, id5, with premium 2.5 ETH. But there will be a gap betwee...

fee proportional to strike even for unexercised orders

Lines of code Vulnerability details Impact The protocol takes a fee proportional to the order's strike. This happens during a withdraw: // transfer strike to owner if put is expired or call is exercised if order.isCall && isExercised || !order.isCall && !isExercised // send the fee to the admin/D...

Cannot create short call floorToken option

Lines of code Vulnerability details The solution is not supporting maker shorting a call of N floorToken although platform declare it support all four types: short\long call\put Proof of Concept Exercising an option is done one-sided by the long taker, at this point the floorTokens should be...

Using SafeTransferLib as a transfer medium has a certain probability of causing problems

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function exerciseOrder memory order, uint256 calldata floorAssetTokenIds public payable / CHECKS / bytes32 orderHash = hashOrderorder; // check user owns the position requireownerOfuint256orderHash ==...

The fee is not paid as intended for put orders

Lines of code Vulnerability details Impact MEDIUM - functions of the protocol could be impacted For put options, the fees are not paid as intended. Proof of Concept poc0: fee on non-exercised put option poc0 shows that fee is applied for put option, even though the option was not exercised. poc1:...

Not-yet-exist ERC20 Could Be Used Within An Order

Lines of code Vulnerability details Vulnerability Details It was observed that the PuttyV2 contract uses solmate's SafeTransferLib for pulling ERC20 assets from the order maker or taker to the PuttyV2 contract. There is some difference between the implementation of solmate's SafeTransferLib and...

Zero strike call options can be systemically used to steal premium from the taker

Lines of code Vulnerability details Some non-malicious ERC20 do not allow for zero amount transfers and order.baseAsset can be such an asset. Zero strike calls are valid and common enough derivative type. However, the zero strike calls with such baseAsset will not be able to be exercised, allowin...

Fee is being deducted when Put is expired and not when it is exercised.

Lines of code Vulnerability details Impact Fee is being deducted when Put is expired and not when it is exercised in PuttyV2.sol. Comment section of the setFee function mentions "fee rate that is applied on exercise" which signifies that the fee amount is meant to be deducted from strike only whe...

fund steal by crating a lot of bad long positions and then transferring NFT token of long position to all users and trick them(or by mistake) to click on exercise()

Lines of code Vulnerability details Impact when fillOrder is called code mints two PuttyV2 NFT token, one for Long position and one for Short Position and It's possible to transfer this NFT tokens to others. exercising unwanted bad Long positions can cause users to lose funds and tokens, for...

[H-02] Owner does not get any fee when call is expired

Lines of code Vulnerability details Owner\creators lose profit by not collecting the fees on half the expired cases all calls. The only place where owner receives fee is when withdrawing an exercised call or expired put: But when a call expired, no fee has been collected on any part of the order...

Any one can mint penny NFT to take some advantage

Lines of code Vulnerability details Any one can mint penny NFT to take some advantage Impact Some users might be taken advantage of, for those who long call or short put the floortoken, and finnally lead to loss of these users. Proof of Concept There is no control over the floortoken platform,...

Attacker may front-run acceptCounterOffer() cause users to take both original order and new one

Lines of code Vulnerability details Impact Function PuttyV2.acceptCounterOffer is used in case users see better deal and want to cancel their own order before filling the new one. But attacker can abuse this function by front-run calling fillOrder before it is cancelled in acceptCounterOffer...

Problems with the access control of the fillOrder() function

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. fillOrder does not check order.maker ! = caller, which means that mintorder.maker, uint256orderHash; & mintmsg.sender, positionId; can mint NFT to the same person and therefore may create unintended...

Attacker can take premium from taker who fill short-call orders for free.

Lines of code Vulnerability details Impact Takers who fill short-call orders may unable to exercise their long-call position. Attackers can abuse it to take premium from takers for free. In PuttyV2.fillOrder function, when taker fill short-call order, order’s maker only has to transfer erc20Asset...

PuttyV2.sol is allowing the cancelled orders to exercise and withdraw

Lines of code Vulnerability details Impact A cancelled order can be exercised and withdrawn Proof of Concept function exerciseOrder memory order, uint256 calldata floorAssetTokenIds public payable / CHECKS / bytes32 orderHash = hashOrderorder; // check user owns the position...