removeDelegatedSigner() will not undelegate address for signing.

Lines of code Vulnerability details Impact Impact is critical as delegator addresses will still retain delegator roll even after the removeDelegatedSigner is called by user. Proof of Concept function setDelegatedSigner is used to set delegation function setDelegatedSigneraddress delegateTo extern...

There is no check for collateral token in mint matches same in withdraw

Lines of code Vulnerability details Impact While we understand that usde is the base token here, we see that on minting used token you would need to transfer some tokens to the contract and get some used minted to you and on redemption get usde burnt to get a token sent back to you. The implicati...

Wrong estimation of acceptable risk of the protocol losses

Lines of code Vulnerability details Impact The protocol losses in case compromised MINTERS or REDEEMERS can be higher than expected due to the GATEKEEPER suppression. Attacker can frontrun the GATEKEEPER and fill block limit with own transactions while it is profitable. Average losses can be more...

DoS of the staking functionality due to the check of minimum total supply

Lines of code Vulnerability details Impact The StakedUSDe contract can be accidentally blocked if the all shares will be redeemed before the VESTINGPERIOD end. The checkMinShares function will then revert for any eligible deposits. The same result will be in case of asset transferring to the...

Temporary DOS attack on all the users minting and redeeming.

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol can be DOS'd temporarily for some blocks by an old user having many tokens staked. Proof of Concept The old user having a high staked amount can easily get the order to redeem and mint with the USDe...

Rewards transfer In fail

Lines of code Vulnerability details Impact the rewards transfer in will fail when current VESTINGPERIOD is not finished. Proof of Concept "function getUnvestedAmount public view returns uint256" is used to calculate the rest rewards in current VESTINGPERIOD. if the period is finished, the result...

SingleAdminAccessControl contract allows admin to be transferred without removing old admin first

Lines of code Vulnerability details Description The SingleAdminAccessControl contract allows the admin role to be transferred to a new address without first removing the old admin. This is a security vulnerability, as it allows a malicious admin to transfer the role to a new address and then lock...

Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...

stakers can withraw reward without waiting the vesting period

Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown peri...

Malicious user can completely prevent all users or users without large funds from staking

Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...

Unrestricted access to critical admin functions in StakedUSDe due to extremely flawed implementation in SingleAdminAccessControl

Lines of code Vulnerability details Summary There is a critical vulnerability in the StakedUSDe CA, allowing an attacker to manipulate the state of the CA and/or drain assets without proper authorization. Vulnerability Detail The StakedUSDe inherits from the SingleAdminAccessControl CA, which...

Tokens having Fee-On-Transfer are not considered which will make the protocol in retaining less value than expected.

Lines of code Vulnerability details Impact The balance of the custodian Addresses will be smaller than what is expected, making the protocol fail to maintain the delta neutral position. Proof of Concept The function EthenaMinting.sol/transferCollateral is sending the tokens using safeTransferFrom...

Wrong errors degradate UX

Lines of code Vulnerability details Impact If the beneficiary of the order is address0, it will revert popping up the error InvalidAmount. This is bad as the UI will show the users they put wrong either the collateral amount or the USDe amount, when those values may be correct. Proof of Concept...

Shares Manipulation DoS Vulnerability in StakedUSDe

Lines of code Vulnerability details Impact The StakedUSDe contract is vulnerable to manipulation by a malicious actor, leading to a permanent interruption of operations through a Denial-of-Service DoS attack. This vulnerability also impacts StakedUSDeV2 due to its inheritance of the StakedUSDe...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

USER WILL SEND TRANSACTION GAS WHICH IS ONLY ENOUGH TO EXECUTE StakedUSDeV2.unstake FUNCTION SUCCESFULLY BUT NOT ENOUGH TO FULLY EXECUTE THE silo.withdraw THUS LOSING ALL USER FUNDS

Lines of code Vulnerability details Impact The StakedUSDeV2.unstake function is used to claim the staking amount after the cooldown period has finished. The unstake function will reset the userCooldown.cooldownEnd and userCooldown.underlyingAmount parameters to 0 for the msg.sender once the cool...

Compromised minter can change route to misdirect user funds

Lines of code Vulnerability details Impact The current security assumption revolves around the compromise of a minter, wherein they mint 200k USDe tokens for themselves and subsequently redeem them within the contract. Under this assumption, as long as the gatekeeper key remains secure, the minte...

EthenaMinting.sol#_setMaxRedeemPerBlock() - Function doesn't enforce any constraints

Lines of code Vulnerability details Explanation The EthenaMinting.solsetMaxMintPerBlock function is responsible for setting the maximum limit for minting USDe tokens in a single block. function setMaxMintPerBlockuint256 maxMintPerBlock external onlyRoleDEFAULTADMINROLE...

Reentrancy opened for any contract that calls the withdraw function

Lines of code Vulnerability details Impact Reentrancy opened for any contract that calls the withdraw function in the stakedUSDeV2.sol which would drain of ether. Proof of Concept function withdrawaddress to, uint256 amount external onlyStakingVault USDE.transferto, amount; In this scenario, the...

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

replay exploitation in StakedUSDeV2's unstake function

Lines of code Vulnerability details Impact The vulnerability in the unstake function of the StakedUSDeV2 contract allows the receiver to claim assets without considering the specific round from which they should receive the assets. The receiver can claim assets from a different round than intende...

hardcoded route ratio might hcause verify route return false continously instead use >=

Lines of code Vulnerability details Impact hardcoded rout ratio might cause verify route to return false continuously the verifyroute in ethenaminting.sol is an if that checks whether the route ratio is 10000 or not and the ratio is going to be somewhere around that but what if it actually up wit...

Minter can censor GATEKEEPER and mint uncollateralized for a prolonged period of time

Lines of code Vulnerability details Impact Ethena explicitly mentions their protection against a compromised minter, the mentioned maximum loss is $100.000. The protection against a compromised minter rests on the GATEKEEPER role which is a system running on AWS set to remove the minter if mints...

A WHALE CAN DoS A NORMAL USER FROM MINTING AND REDEEMING THE USDe BY MAKING THE MINT AMOUNT AND REDEEM AMOUNT PER BLOCK, EXCEEDING THE maxMintPerBlock AND maxRedeemPerBlock RESPECTIVELY

Lines of code Vulnerability details Impact The EthenaMinting.mint function and EthenaMinting.redeem function both have defined modifiers belowMaxMintPerBlock and belowMaxRedeemPerBlock to ensure the mint amount per block and redeem amount per block are limited to upper bounds set by the...

StakedUSDe.totalSupply() may decrease below MIN_SHARES by StakedUSDe.redistributeLockedAmount.

Lines of code Vulnerability details Impact StakedUSDe runs checkMinShares in deposit and withdraw to keep the totalSupply more than MINSHARES, 1e18. It is to prevent an ERC4626 inflation attack. However, StakedUSDe.redistributeLockedAmountuser, address0 burns all the user's shares and decreases t...

SOFT_RESTRICTED_STAKER_ROLE is able to withdraw stUSDe for USDe even if it shouldnt

Lines of code Vulnerability details As the readme mentions, SOFTRESTRICTEDSTAKERROLE shouldnt be able to deposit or withdraw their USDe/stUSDe: Due to legal requirements, there's a SOFTRESTRICTEDSTAKERROLE and FULLRESTRICTEDSTAKERROLE. The former is for addresses based in countries we are not...

A fully blacklisted user can withdraw their funds

Lines of code Vulnerability details Impact A fully blacklisted user should not have access to any function of the protocol, but it is possible for a user to withdraw their funds right before being blacklisted. A fully blocked user is capable of frontrunning the addToBlacklist call by calling the...

Circumvention of soft staking restrictions in StakedUSDeV2 through indirect ERC20 token transfers

Lines of code Vulnerability details Summary The StakedUSDeV2 in the Ethena protocol is designed to allow users to stake USDe tokens and earn rewards. The protocol includes roles and restrictions to manage the staking process, such as SOFTRESTRICTEDSTAKERROLE and FULLRESTRICTEDSTAKERROLE. However,...

In for a penny, in for ten quadrillion dollars

Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...

vesting amount is overwritten when rewards are transferred consecutively before a user redeems thereby increasing/decreasing the totalAssets value than it actually should be

Lines of code Vulnerability details Impact In StakedUSDe there is a special rewarder role that can transfer additional usde as rewards for users who have staked usde tokens, now consider a scenario where a rewarder transfers 2 usde to the contract and the vesting period of 8 hours pass and the...

Default Admin Role will be empty after ownership transfer .

Lines of code Vulnerability details Impact After an ownership transfer of the protocol , the DEFAULTADMINROLE role will be empty.Protocol cannot function properly without DEFAULTADMINROLE cause this is the single most important role in the protocol . Functionalities that only DEFAULTADMINROLE can...

Taking deposits hostage

Lines of code Vulnerability details Impact An initial attacker can gain the power to hold subsequent deposits into StakedUSDeV2 hostage, and release them at will e.g. for a ransom. Proof of concept The checkMinShares requirement called after any withdrawal and deposit function checkMinShares...

The _transferToBeneficiary() incorrectly assumes Native ETH amount and ERC20 Token amount as 1:1.

Lines of code Vulnerability details Impact The transferToBeneficiary function of EthenaMinting.sol incorrectly assumes Native ETH amount and ERC20 Token amount as 1:1. Proof of Concept The transferToBeneficiary function is used in redeem function of EthenaMinting.sol. Though, you are not allowed ...

Missing check to avoid zero transfer revert

Lines of code Vulnerability details Impact Cannot deploy market with originationFeeAmount == 0 for ERC20 asset which reverts on zero amount transfers. Proof of concept In deployMarket the following is executed: if originationFeeAsset != address0 originationFeeAsset.safeTransferFromborrower,...

OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds

Lines of code Vulnerability details Impact In order to prevent a sanctioned lender for example by OFAC to poison an entire market, a function has been developed to block and transfer the sanctionned user's funds to an escrow contract. This escrow contract can be released if borrower decides so by...

Underflow can be occurred in codebase

Lines of code Vulnerability details Impact Because of the lack of the input validation, underflow can be occurred in the code. Proof of Concept function getRegisteredBorrowers uint256 start, uint256 end external view returns address memory arr uint256 len = borrowers.length; end = MathUtils.minen...

Early market adopters can force delinquency to game borrowers

Lines of code Vulnerability details Impact When new markets are created, a lender can call WildcatMarket.updateState. This will trigger a call to WildcatMarketBase.writeState, the check on line 449 state.liquidityRequired totalAssets will return false since totalAssets starts as 0. This will...

Denial of service to closeMarket.

Lines of code Vulnerability details Summary No mechanism to close the market. Impact Denial of service to closeMarket. Vulnerability Details Only controller can call closeMarket but there is no implementation to close market in controller. Tools Used Manual Review Recommended Mitigation Steps Add...

Borrower cannot close their market

Lines of code Vulnerability details The WildcatMarket::closeMarket cannot be executed by a borrower because the WildcatMarketController contract does not implement any function calling it. Proof of Concept The closeMarket is supposed to be called by a borrower to close their market, set the...

A borrower cannot redeploy a controller if their previous controller was removed

Lines of code Vulnerability details Impact A controller can be removed after it was initially deployed in cases where it was created with wrong parameters. However, in the case that a borrower's controller is removed they would be unable to redeploy another controller constraining them to use the...

wrong implementation of bipDiv.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps function...

Borrower escapes delinquency penalty if no intermittent action happens

Lines of code Vulnerability details Impact Once the market goes below required reserves, it is marked as delinquent only if an updateState action happens. Actions like market.updateState, executeWithdrawal, deposit, etc. have to happen else the protocol remains unaware of the market's delinquency...

Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds

Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...

New approved lender can receive other peoples accrued interest fees

Lines of code Vulnerability details A new approved Lender by the borrower, getting into the market at the right time can make huge profits in the market due to activity in the market of others, and accruing interest, which make the lender withdraw immediately, without being in the market for a lo...

Incompatibility with Rebase tokens

Lines of code Vulnerability details Impact Borrowers can choose whatever token they want to be the underlying token for a market. The problem comes when those tokens are Rebasing tokens such as Ampleforth. The balances of those tokens are changed rebased by a certain algorithm depending on the...

An underflow occurred during the token transfer.

Lines of code Vulnerability details Impact An underflow can occur during a token transfer when there is insufficient allowance. Proof of Concept function transferFrom address from, address to, uint256 amount external virtual nonReentrant returns bool uint256 allowed = allowancefrommsg.sender; //...

Malicious initial reserve ratio can be used to rug lenders collateral

Lines of code Vulnerability details Impact Wildcat protocol provides borrowers the ability to adjust annual interest BIPs after market deployment. In order to protect lenders the protocol increases the reserve ratio of ratio of the market to 90% for two weeks. The increased reserve ratio allows...

DoS Any Controller by Frontrunning Creation with a Codehash Change

Lines of code Vulnerability details Impact Any controller contract can be DoSed by sending a 1 wei transaction to the controller address that will be created for a user. When an account has no code and has never been interacted with, the codehash will be bytes320. This will result in controller...

Single lender can game markets into unexpected states of delinquency

Lines of code Vulnerability details Impact Wildcat Markets allow for for a borrower to accept the risks they are willing to manage when agreeing to terms of uncollatoralised lending. Namely authorised borrowers will permit certain lenders and control certain market parameters like interest rate,...

Borrower cannot change the maximum supply

Lines of code Vulnerability details Impact Maximum supply cannot be increased and by extension the max deposit limit too. Proof of Concept WildcatMarketConfig@setMaxTotalSupply is only callable by the WildcatMarketController but is not used anywhere there. WildcatMarketConfig.sol function...