An attacker can render CNote’s doTransferOut unusable

Lines of code Vulnerability details Impact In doTransferOut, the underlying balance of the CNote has to be 0 after the transfer. While this works fine when the underlying balance of the CNote was 0 before the call i.e., in the normal case, the function will always revert when the balance was...

rwrvw

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Stepsveqv --...

Upgraded G -> M from 84 [1656428843011]

Judge has assessed an item in Issue 84 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

test

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- Th...

TEST

Lines of code testL1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --...

Upgraded Q -> M from 207 [1656344378079]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656340258153]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 408 [1656345778095]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344422031]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 115 [1656346004435]

Judge has assessed an item in Issue 115 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656341343180]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 408 [1656345785644]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 409 [1656345261751]

Judge has assessed an item in Issue 409 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 130 [1656344996086]

Judge has assessed an item in Issue 130 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344600309]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344441354]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656341455160]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656341460011]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 194 [1656339935656]

Judge has assessed an item in Issue 194 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 194 [1656339860374]

Judge has assessed an item in Issue 194 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339301187]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339198066]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338695381]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339117398]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338701670]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 207 [1656344605107]

Judge has assessed an item in Issue 207 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656340156818]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 27 [1656338378035]

Judge has assessed an item in Issue 27 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339464232]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 161 [1656344885887]

Judge has assessed an item in Issue 161 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 310 [1656347065145]

Judge has assessed an item in Issue 310 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Transfer the principal token from the lender contract to here but actually transfer underlying token

Lines of code Vulnerability details Impact Transfer the principal token from the lender contract to here but actually transfer underlying token from lender to redeemer. Proof of Concept // Transfer the principal token from the lender contract to here Safe.transferFromIERC20u, lender, addressthis,...

Critical address change

Lines of code Vulnerability details Impact Changing critical addresses in contracts should be a two-step process. in order to prevent changing admin by mistake Proof of Concept check these links: OpenZeppelin/openzeppelin-contracts1488 OpenZeppelin/openzeppelin-contracts2369 Tools Used Manual...

No support for fee on transfer tokens

Lines of code Vulnerability details Impact stake will revert for tokens that charge a fee on transfer. Proof of Concept Note: POC below assumes tokePoolContract.depositamount transfers part of Staking.sol balance to tokePoolContract. stake uses the amount as a reference for depositToTokemak and...

[H-03] Attacker can mint unbound amount of iPTs (on APWine)

Lines of code Vulnerability details Note that I've reported a similar vulnerability, on a different 'Principals' and POC\attack vector is a bit different. I will leave it to the judge to decide if these should be grouped as 1 report or not - but I wanted to be specific at the POC instead of...

Upgraded Q -> M from 150 [1656258796240]

Judge has assessed an item in Issue 150 as Medium risk. The relevant finding follows: Unsafe casting may overflow SafeMath and Solidity 0.8. handles overflows for basic math operations but not for casting. Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows when casting...

[PNM-003] _totalStakedBefore_ and _totalStakedAfter_ are the always the same

Lines of code Vulnerability details Description It can be medium or high according to the off-chain logic which is not avaiable for the contest. Specifically, rebases can only be updated by function storeRebase and the only callsite of function storeRebase is in function rebase. While we have...

Upgraded Q -> H from 222 [1656255302682]

Judge has assessed an item in Issue 222 as High risk. The relevant finding follows: L-02 totalAssets of erc4626 should never revert eip-4626 According to the spec, totalAssets of erc4626 should never revert MUST NOT revert. wfcash would revert if it's matured but hasn't settled...

Rug vector for admin of Lender.sol who can max approve all principal tokens for any market without waiting the 3 days to themselves

Lines of code Vulnerability details Impact The admin of Lender.sol is authorized to call the function approve which will grant any address max approval over the principal tokens of a particular market. I assume that this functionality is used to approve the respective redeemer contracts used in...

Unused Return

Lines of code Vulnerability details Impact Configuration Check: unused-return Severity: Medium Confidence: Medium Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may ha...

Unsafe transferFrom()

Lines of code Vulnerability details Impact Yieldy.transferFrom returns false on failure instead of reverting. This might lead to moveFundsToUpgradedContract incorrectly unstaking and restaking tokens, potentially causing user or Migration.sol to lose funds depending on NEWCONTRACT and OLDCONTRACT...

Sense AMM address can be manipulated, allowing unlimited mint of principal tokens

Lines of code Vulnerability details Lender's lend for Sense uses ISensex.swapUnderlyingForPTs output to determine the Illuminate PT amount to be minted for the user. x is a user supplied and not verified address, which can be precooked by a malicious user to return any inflated amount, that will ...

Unable to redeem from Notional

Lines of code Redeemer.solL193 Vulnerability details Impact The maxRedeem function is a view function which only returns the balance of the Redeemer.sol contract. After this value is obtained, the PT is not redeemed from Notional. The user will be unable to redeem PT from Notional through...

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

Lines of code Vulnerability details Swapping function in Marketplace and Lender's yield can be sandwiched as there is no slippage control option. Trades can happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to be medium as those a...

Staking.sol#stake() DoS by staking 1 wei for the recipient when warmUpPeriod > 0

Lines of code Vulnerability details if warmUpPeriod == 0 IYieldyYIELDYTOKEN.mintrecipient, amount; else // create a claim and mint tokens so a user can claim them once warm up has passed warmUpInforecipient = Claim amount: info.amount + amount, credits: info.credits +...

Staking.setCurvePool() doesn't approve allowance when changes CURVE_POOL.

Lines of code Vulnerability details Impact Staking.setCurvePool doesn't approve allowance when changes CURVEPOOL. It will affect when users exchange asset through CURVEPOOL. Proof of Concept When initialize the contract, Staking contract approves CURVEPOOL here. But when admin updates CURVEPOOL...

Everyone can burn principal token of any other user

Lines of code Vulnerability details Impact Everyone can burn principal token of any other user. It is very critical that you may lost your principal token anytime without any permission. Proof of Concept // Burn the prinicipal token from Illuminate token.burno, amount; function redeem uint8 p,...

_storeRebase() is called with the wrong parameters

Lines of code Vulnerability details storeRebase's signature is as such: Yieldy.solstoreRebase File: Yieldy.sol 104: / 105: @notice emits event with data about rebase 106: @param previousCirculating uint 107: @param profit uint 108: @param epoch uint 109: / 110: function storeRebase 111: uint256...

User fund lose in addLiquidity() of LiquidityReserve by increasing (totalLockedValue / totalSupply()) to very large number by attacker

Lines of code Vulnerability details Impact Function addLiquidity suppose to do add Liquidity for the staking Token and receive lrToken in exchange. to calculate amount of IrToken codes uses this calculation: amountToMint = amount lrFoxSupply / totalLockedValue but it's possible for attacker to...

Inconsistent balance when fee-on transfer tokens.

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of...