borrowFresh does not work

Lines of code Vulnerability details Impact The CNote contract uses the borrowFresh function of the CToken contract to perform the borrow operation. However, since the CNote contract does not hold note tokens, getCashPrior returns 0 and is less than borrowAmount, making the borrowFresh function no...

TEST

Lines of code testL1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --...

rwrvw

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Stepsveqv --...

test

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- Th...

Upgraded G -> M from 84 [1656428843011]

Judge has assessed an item in Issue 84 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 194 [1656339935656]

Judge has assessed an item in Issue 194 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656341343180]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 161 [1656344885887]

Judge has assessed an item in Issue 161 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 194 [1656339860374]

Judge has assessed an item in Issue 194 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656341460011]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339464232]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344378079]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 310 [1656347065145]

Judge has assessed an item in Issue 310 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339198066]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 408 [1656345785644]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344441354]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344422031]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656340156818]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338701670]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 27 [1656338378035]

Judge has assessed an item in Issue 27 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 130 [1656344996086]

Judge has assessed an item in Issue 130 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 115 [1656346004435]

Judge has assessed an item in Issue 115 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 409 [1656345261751]

Judge has assessed an item in Issue 409 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339117398]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338695381]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 207 [1656344605107]

Judge has assessed an item in Issue 207 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656340258153]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339301187]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 408 [1656345778095]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 413 [1656341455160]

Judge has assessed an item in Issue 413 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1656344600309]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Removal of liquidity from the reserve can be griefed

Lines of code Vulnerability details Impact Users may be unable to withdraw/remove their liquidity from the LiquidityReserve if a user decides to grief the contract. Proof of Concept This is the only function in this contract that is able to unstake funds, so that they can be withdrawn/removed:...

Critical address change

Lines of code Vulnerability details Impact Changing critical addresses in contracts should be a two-step process. in order to prevent changing admin by mistake Proof of Concept check these links: OpenZeppelin/openzeppelin-contracts1488 OpenZeppelin/openzeppelin-contracts2369 Tools Used Manual...

Uninitialized local variables

Lines of code Vulnerability details Impact Configuration -Check: uninitialized-local -Severity: Medium -Confidence: Medium -Description:Lender.approveaddress,address.i Lender.sol114 is a local variable never initialized.A smart contract with uninitialized local variables may lead to intentional...

Possible DoS in Staking.claim() function

Lines of code Vulnerability details Impact In Staking contract, users are allowed to stake for another recipient. And it also updates warmUpInfo.expiry for recipient address so recipient can only claim after this new expiry is passed. Attackers can abuse this to constantly stake 1 wei for another...

Transfer the original underlying token back to the user but actually transfer from lender to redeemer

Lines of code Vulnerability details Impact Transfer the original underlying token back to the user but actually transfer from lender to redeemer. Underlying token may be locked forever and user may not receive their fund after redeeming. Proof of Concept // Transfer the original underlying token...

Redeemer.sol#redeem() the principal token from Notional can not be redeemed

Lines of code Vulnerability details int256 amount = IERC20principal.balanceOflender; // Transfer the principal token from the lender contract to here Safe.transferFromIERC20principal, lender, addressthis, amount; if p == uint8MarketPlace.Principals.Swivel // Redeems zc tokens to the sender's...

Upgraded Q -> H from 215 [1656255310294]

Judge has assessed an item in Issue 215 as High risk. The relevant finding follows: L-09 wfCashERC4626 contract does not conform to EIP4626 Description The wfCashERC4626 contract implements the EIP4626 standard EIP-4626: Tokenized Vault Standard. However, according to EIP4626, the below-mentioned...

Forgot to mint Illuminate zcTokens for Element

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 a, uint256 r, uint256 d, address e, bytes32 i public unpausedp returns uint256 // Get the principal token for this market for element address principal = IMarketPlacemarketPlace.marketsu, m, p; // the element...

Able to mint any amount of PT

Lines of code Lender.solL192-L235 Lender.solL486-L534 Lender.solL545-L589 Vulnerability details Impact Some of the lend functions do not validate addresses sent as input which could lead to a malicous user being able to mint more PT tokens than they should. Functions affect: Illuminate and Yield...

Arbitrage on stake()

Lines of code Vulnerability details Issue: there is a huge arb opportunity for people who deposit 1 block before the rebase Consequences: then they can call instantUnstakeReserve or instantUnstakeCurve to unstake the staked amount, in this way the profit that needs to be distributed on the next...

[M-03] Wrong minting on lend for Tempus

Lines of code Vulnerability details Impact Will result in either failure to lend or loss of funds for the lender Proof of Concept Not very clear what was the original intention, but I find it hard to believe that subtracting the whole balanceOf iPTs from the return result from Tempus, is what was...

Potential interests are not distributed fairly among the zcTokens holders, nor taken as a protocol fee, but will be frozen in the redeemer contract

Lines of code Vulnerability details function authRedeem address u, uint256 m, address f, address t, uint256 a public authorizedIMarketPlacemarketPlace.marketsu, m, 0 returns bool // Get the principal token for the given market IERC5095 pt = IERC5095IMarketPlacemarketPlace.marketsu, m, 0; // Make...

Deflationary/fee-on-transfer tokens are not supported

Lines of code Lender.solL215 Lender.solL337 Lender.solL398 Lender.solL456 Lender.solL521 Lender.solL564 Lender.solL617 Vulnerability details Impact When an amount of underlying tokens is sent to the Lender.sol contract during a lend, the actual amount gained by the contract might not be exactly t...

ERC5095 redeem must check allowance with principalAmount instead of underlyingAmount

Lines of code Vulnerability details Impact ERC5095 redeem must check allowance with principalAmount instead of underlyingAmount. Allowing any user to redeem token of anybody freely. This is very critical, anyone can lost their money everytime without their acknowledgement. Proof of Concept functi...

Everyone can burn principal token of any other user

Lines of code Vulnerability details Impact Everyone can burn principal token of any other user. It is very critical that you may lost your principal token anytime without any permission. Proof of Concept // Burn the prinicipal token from Illuminate token.burno, amount; function redeem uint8 p,...

Inconsistent balance when fee-on transfer tokens.

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of...

token transfers in LiquidityReserve and Staking contract don't support deflationary ERC20 tokens, and user funds can be lost if stacking token was deflationary

Lines of code Vulnerability details Impact if the token is deflationary then contract will receive less token that requested amount but contract don't check for the real transferred amount. because this is happening in receiving stackingtoken in addLiquidity of LiquidityReserve and stake of Staki...

Unpaused modifier can be sidestepped in one of the lend functions.

Lines of code Vulnerability details Impact Suppose you tried to pause the lend function that is connected to Swivel. In that case, the attacker could sidestep it because there is no verification that the number input from the user corresponds with the desired input. Proof of Concept Let's say a b...

Wrong parameter passed inside _storeRebase() in Yieldy Contract

Lines of code Vulnerability details In Yieldy contract, while calling storeRebase in function rebase, updatedTotalSupply is passed instead of currentTotalSupply. Filing this as medium risk , due to two impacts, in the way this parameter is used in storeRebase function. 1. The rebasePercent is...