SingleAdminAccessControl contract allows admin to be transferred without removing old admin first

Lines of code Vulnerability details Description The SingleAdminAccessControl contract allows the admin role to be transferred to a new address without first removing the old admin. This is a security vulnerability, as it allows a malicious admin to transfer the role to a new address and then lock...

StakedUSDe contract allows attackers to steal staked USDe tokens of soft-restricted users

Lines of code Vulnerability details Description The modifier called checkMinShares that is used to ensure that there is always a small non-zero amount of shares in circulation. This is to prevent a donation attack, where an attacker donates a small amount of USDe tokens to the contract and then...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

It is possible to prematurely unlock assets that should still be locked up by setting the cooldown duration to 0.

Lines of code Vulnerability details Impact It undermines the security of the cooldown period. Specifically: • Users who have assets locked up in the cooldown period could immediately withdraw them if the admin sets the duration to 0. This violates the intent of having a cooldown period to begin...

Vesting amount is calculated incorrectly in StakedUSDe contract

Lines of code Vulnerability details Description The description says vestingAmount is the contract balance + any unvested remainder at that time but it is set incorrectly in the code. /// @notice The amount of the last asset distribution from the controller contract into this /// contract + any...

Tokens having Fee-On-Transfer are not considered which will make the protocol in retaining less value than expected.

Lines of code Vulnerability details Impact The balance of the custodian Addresses will be smaller than what is expected, making the protocol fail to maintain the delta neutral position. Proof of Concept The function EthenaMinting.sol/transferCollateral is sending the tokens using safeTransferFrom...

In for a penny, in for ten quadrillion dollars

Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...

Temporary DOS attack on all the users minting and redeeming.

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol can be DOS'd temporarily for some blocks by an old user having many tokens staked. Proof of Concept The old user having a high staked amount can easily get the order to redeem and mint with the USDe...

DoS of the staking functionality due to the check of minimum total supply

Lines of code Vulnerability details Impact The StakedUSDe contract can be accidentally blocked if the all shares will be redeemed before the VESTINGPERIOD end. The checkMinShares function will then revert for any eligible deposits. The same result will be in case of asset transferring to the...

Unchecked return value when calling ERC20's transfer function inside withdraw function of USDeSilo.sol. It is unsafe transfer of ERC20 tokens.

Lines of code Vulnerability details Summary In withdraw function of USDeSilo.sol there is one call calling ERC20 transfer function on USDe token. And it's return value neither checked nor safeTransfer of SafeERC20 used . So whenever transfer fails then it will not revert. And result in wrong...

SOFT_RESTRICTED_STAKER_ROLE is able to withdraw stUSDe for USDe even if it shouldnt

Lines of code Vulnerability details As the readme mentions, SOFTRESTRICTEDSTAKERROLE shouldnt be able to deposit or withdraw their USDe/stUSDe: Due to legal requirements, there's a SOFTRESTRICTEDSTAKERROLE and FULLRESTRICTEDSTAKERROLE. The former is for addresses based in countries we are not...

Rewards transfer In fail

Lines of code Vulnerability details Impact the rewards transfer in will fail when current VESTINGPERIOD is not finished. Proof of Concept "function getUnvestedAmount public view returns uint256" is used to calculate the rest rewards in current VESTINGPERIOD. if the period is finished, the result...

Wrong errors degradate UX

Lines of code Vulnerability details Impact If the beneficiary of the order is address0, it will revert popping up the error InvalidAmount. This is bad as the UI will show the users they put wrong either the collateral amount or the USDe amount, when those values may be correct. Proof of Concept...

A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.

Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

Shares Manipulation DoS Vulnerability in StakedUSDe

Lines of code Vulnerability details Impact The StakedUSDe contract is vulnerable to manipulation by a malicious actor, leading to a permanent interruption of operations through a Denial-of-Service DoS attack. This vulnerability also impacts StakedUSDeV2 due to its inheritance of the StakedUSDe...

replay exploitation in StakedUSDeV2's unstake function

Lines of code Vulnerability details Impact The vulnerability in the unstake function of the StakedUSDeV2 contract allows the receiver to claim assets without considering the specific round from which they should receive the assets. The receiver can claim assets from a different round than intende...

Vulnerability in in rescueTokens and _beforeTokenTransfer Functions Allows Self-Transfer of ERC20 Tokens

Lines of code Vulnerability details Impact The rescueTokens function and the beforeTokenTransfer hook in the provided Solidity contract lack checks to ensure that the destination address is not the same as the sender from. This oversight can result in tokens being transferred to the same address,...

Compromised minter can change route to misdirect user funds

Lines of code Vulnerability details Impact The current security assumption revolves around the compromise of a minter, wherein they mint 200k USDe tokens for themselves and subsequently redeem them within the contract. Under this assumption, as long as the gatekeeper key remains secure, the minte...

Malicious user can completely prevent all users or users without large funds from staking

Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...

precision issue EthenaMinting:mint() allows users to steal fund.

Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...

Wrong estimation of acceptable risk of the protocol losses

Lines of code Vulnerability details Impact The protocol losses in case compromised MINTERS or REDEEMERS can be higher than expected due to the GATEKEEPER suppression. Attacker can frontrun the GATEKEEPER and fill block limit with own transactions while it is profitable. Average losses can be more...

EthenaMinting.sol#_setMaxRedeemPerBlock() - Function doesn't enforce any constraints

Lines of code Vulnerability details Explanation The EthenaMinting.solsetMaxMintPerBlock function is responsible for setting the maximum limit for minting USDe tokens in a single block. function setMaxMintPerBlockuint256 maxMintPerBlock external onlyRoleDEFAULTADMINROLE...

Taking deposits hostage

Lines of code Vulnerability details Impact An initial attacker can gain the power to hold subsequent deposits into StakedUSDeV2 hostage, and release them at will e.g. for a ransom. Proof of concept The checkMinShares requirement called after any withdrawal and deposit function checkMinShares...

Reentrancy opened for any contract that calls the withdraw function

Lines of code Vulnerability details Impact Reentrancy opened for any contract that calls the withdraw function in the stakedUSDeV2.sol which would drain of ether. Proof of Concept function withdrawaddress to, uint256 amount external onlyStakingVault USDE.transferto, amount; In this scenario, the...

Limits on mint and redeem per block of USDe will lead to paralysis

Lines of code Vulnerability details Impact Since the number of mint and redeem per block is limited, attackers can use scripts to squeeze out the quota with their own addresses. Thena cannot determine whether it is a normal user address or an attack address, causing the contract to be paralyzed. ...

hardcoded route ratio might hcause verify route return false continously instead use >=

Lines of code Vulnerability details Impact hardcoded rout ratio might cause verify route to return false continuously the verifyroute in ethenaminting.sol is an if that checks whether the route ratio is 10000 or not and the ratio is going to be somewhere around that but what if it actually up wit...

replay attack in StakedUSDe's redistributeLockedAmount function

Lines of code Vulnerability details Impact The vulnerability in the redistributeLockedAmount function of the StakedUSDe contract allows an admin user to redistribute tokens from a restricted address to another address. However, if a user let's call them User A is removed from the blacklist and...

Staking functionality temporary blocking due to lack of address zero check

Lines of code Vulnerability details Impact Though lack of zero check issue for the addToBlacklist function is already at the automated findings output, I suppose it is necessary to show the importance of this check here. In case of accidental or malicious the BLACKLISTMANAGERROLE behavior the...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

Users will retain possession of their USDe after redeeming collateral

Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...

A fully blacklisted user can withdraw their funds

Lines of code Vulnerability details Impact A fully blacklisted user should not have access to any function of the protocol, but it is possible for a user to withdraw their funds right before being blacklisted. A fully blocked user is capable of frontrunning the addToBlacklist call by calling the...

Borrower cannot close their market

Lines of code Vulnerability details The WildcatMarket::closeMarket cannot be executed by a borrower because the WildcatMarketController contract does not implement any function calling it. Proof of Concept The closeMarket is supposed to be called by a borrower to close their market, set the...

Sanctionned funds keep earning APR, and protocol earning fees on these funds

Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...

Borrower cannot change the maximum supply

Lines of code Vulnerability details Impact Maximum supply cannot be increased and by extension the max deposit limit too. Proof of Concept WildcatMarketConfig@setMaxTotalSupply is only callable by the WildcatMarketController but is not used anywhere there. WildcatMarketConfig.sol function...

Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds

Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...

potential DOS cause of rounding up at rayMul and rayDiv

Lines of code Vulnerability details Impact In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS Proof of Concept function normalizeAmount MarketState memory state, uint256 amount internal pure returns uint256 return amount.rayMulstate.scaleFactor; functi...

OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds

Lines of code Vulnerability details Impact In order to prevent a sanctioned lender for example by OFAC to poison an entire market, a function has been developed to block and transfer the sanctionned user's funds to an escrow contract. This escrow contract can be released if borrower decides so by...

Missing check to avoid zero transfer revert

Lines of code Vulnerability details Impact Cannot deploy market with originationFeeAmount == 0 for ERC20 asset which reverts on zero amount transfers. Proof of concept In deployMarket the following is executed: if originationFeeAsset != address0 originationFeeAsset.safeTransferFromborrower,...

Interest accumulation linked to state updates may leak value

Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the frequen...

Borrower cannot change market capacity (max total supply) after creating a market

Lines of code Vulnerability details Impact As per docs, "Subsequent to launch, base APR and capacities can be adjusted by the borrower at will". After creating a market, a borrower cannot increase the maximum total supply which contradicts the documentation. Proof of Concept The...

Borrower escapes delinquency penalty if no intermittent action happens

Lines of code Vulnerability details Impact Once the market goes below required reserves, it is marked as delinquent only if an updateState action happens. Actions like market.updateState, executeWithdrawal, deposit, etc. have to happen else the protocol remains unaware of the market's delinquency...

TRANSFERING FUNDS TO YOURSELF INCREASES YOUR BALANCE

Lines of code Vulnerability details Impact If transferred to yourself, it will cause your balance to increase, thus growing the token balance infinitely. Proof of Concept File: src/market/WildcatMarketToken.sol 54: transferfrom, to, amount; 74: accountsfrom = fromAccount; 78: accountsto =...

New approved lender can receive other peoples accrued interest fees

Lines of code Vulnerability details A new approved Lender by the borrower, getting into the market at the right time can make huge profits in the market due to activity in the market of others, and accruing interest, which make the lender withdraw immediately, without being in the market for a lo...

Sanction Bypass Through Transferring to another account

Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. WildcatMarketTokens are provided to lenders in return for their base assets, these tokens are ERC20 meaning tokens can be...

Single lender can game markets into unexpected states of delinquency

Lines of code Vulnerability details Impact Wildcat Markets allow for for a borrower to accept the risks they are willing to manage when agreeing to terms of uncollatoralised lending. Namely authorised borrowers will permit certain lenders and control certain market parameters like interest rate,...

InterestRate can be changed during close market.

Lines of code Vulnerability details Summary After closing market, the borrower can set the interest rate. Impact Breaking calculations, loss of funds. Vulnerability Details After borrower closed the market, he can set interest rate, this means remaining totalSupply still earn interest while it...

Denial of service to closeMarket.

Lines of code Vulnerability details Summary No mechanism to close the market. Impact Denial of service to closeMarket. Vulnerability Details Only controller can call closeMarket but there is no implementation to close market in controller. Tools Used Manual Review Recommended Mitigation Steps Add...

DoS Any Controller by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any controller contract can be DoSed by sending a 1 wei transaction to the controller address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in controller...