_getTwav is not correct. It is not considering all last 4 blocks.

Lines of code Vulnerability details Impact This will result in invalid deadline to decide the buyout end. Proof of Concept /// @notice returns the TWAV of the last 4 blocks /// @return twav TWAV of the last 4 blocks function getTwav internal view returnsuint256 twav if...

Lack of lock modifier on sell() can lead to reentrancy

Lines of code Vulnerability details Impact NibblVault.sell does not possess the lock modifier that protects against reentrancy. The only attack vector due to reentrancy in this function was found to be executable by the factory that receives the admin fees which is not plausible due to the curren...

_secondaryReserveRatio is likely to be overflowed due to an unsafe downcast

Lines of code Vulnerability details msg.value SCALE 1e18 / initialTokenSupply initialTokenPrice is likely to be more than maxuint32, and therefore secondaryReserveRatio can be overflowed due to the unsafe downcast to uint32. For example, for: initialTokenSupply = 1e20. initialTokenPrice = 1e14. T...

REENTRANCY-Avoid transfer() as reentrancy mitigations. Transfer do not protect from reentrancies in case of gas price changes.

Lines of code Vulnerability details Impact --Check: reentrancy-unlimited-gas --Severity: Informational --Confidence: Medium Transfer and send have been recommended as a security best-practice to prevent reentrancy attacks because they only forward 2300 gas. That being said, gas repricing of...

Malicious Basket Could Be Used To Rug Fractionalized Token Holders

Lines of code Vulnerability details Proof-of-Concept The NibblVaultFactory.createVault accepts any NFT address or any Basket address. Therefore, an attacker could pass a malicious basket address during vault creation. function createVault address assetAddress, address curator, string memory name,...

Fee Was Not Charged When Buying On Secondary Curve

Lines of code Vulnerability details Proof-of-Concept Per the documentation, the admin and curator fees are charged when buying on the secondary curve. Whenever someone mints and burns tokens on the bonding curve, they need to pay some trading fees which is accrued in ETH Within the NibblVault.buy...

NibblVault permit functionality allows redeeming only one "active" signature

Lines of code Vulnerability details Impact Contract NibblVault implements function permit that allows approving spender to spend value of tokens that belongs to owner. The issue is that structHash keeps incrementing noncesowner++ which in case of multiple "active" permits signatures of the same...

User Could Change The State Of The System While In Pause Mode

Lines of code Vulnerability details Proof-of-Concept Calling NibblVault.updateTWAP function will change the state of the system. It will cause the TWAP to be updated and buyout to be rejected in certain condition. When the system is in Pause mode, the system state should be frozen. However, it wa...

Buy logic is not correct

Lines of code Vulnerability details Impact This will affect the curves from where the buy need to happen. This will lead to erroneous result. Proof of Concept Tools Used Manual calculation and code review Recommended Mitigation Steps Update the Buy logic by referring the sell logic. --- The text...

attacker can give a smaller amount of tokens and not pay the fees

Lines of code Vulnerability details Impact an attacker can specify an amount like from 1 wei or more but depends on the state of the contract variables. amount= 1 adminfee=5 / 1000000 = 0 because of persion loss whichfeeAdmin=0 same thing for the other fees and there is no check that they cant be...

TWAV can be attacked by flash loan

Lines of code Vulnerability details Impact updateTWAV can be flash loaned. Hacker may pay the flash loan fee for 4 blocks then execute the attack after that. Proof of Concept function updateTWAVuint256 valuation, uint32 blockTimestamp internal uint32 timeElapsed; unchecked timeElapsed =...

Issue with TWAV calculation.

Lines of code Vulnerability details Impact To calculate time weighted average value, current valuation is used. This is not appropriate way to decide the TWAV while other locations considers only time. This might not be the stable one. Proof of Concept uint256 currentValuation =...

Upgraded Q -> H from 285 [1655952312863]

Judge has assessed an item in Issue 285 as High risk. The relevant finding follows: 1. Excess ether sent to FixedPricePassThruGate is lost low passThruGate redirects to a beneficiary only gate.ethCost, requiring that msg.value = gate.ethCost. As there are no other ways to access native tokens hel...

Upgraded Q -> H from 94 [1655957384739]

Judge has assessed an item in Issue 94 as High risk. The relevant finding follows: 2. Return values of transfer/transferFrom not checked Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate error...

missed valid address check for assetAddress

Lines of code Vulnerability details Impact Malicious Actor can do DoS using Reentrance using createVault and can create vault without depositing any asset Proof of Concept pragma solidity ^0.8.10; import "./NibblVaultFactory.sol"; contract ERC721Attack address curator =...

Transition notBoughtOut -> boughtOut -> notBoughtOut possible because of updateTWAV

Lines of code Vulnerability details Impact Because rejectBuyout uses the TWAV, which is time-weighted and updateTWAV can be called, it is possible that notBoughtOut is true at first, then boughtOut is true, and then notBoughtOut is true again. See Proof of Concept for how one can construct such a...

whenNotPaused modifier missing

Lines of code Vulnerability details Impact whenNotPaused modifier is missing in both createBasket function NibblVaultFactory.solL80 and withdrawUnsettledBids function NibblVault.solL424 This means even when contract is in paused state this function will still be operational Note Other impacted...

ERC1155 support unchecked - NFT can be lost

Lines of code Vulnerability details Impact It is not checked whether withdrawn token supports ERC1155 interface. Also there is no check to see if necessary approval have been set for sending nft The fix need to be applied for all other functions withdrawing ERC1155 Proof of Concept 1. Observe the...

use ECDSA helper library instead of ecrecover

Lines of code Vulnerability details use ECDSA helper library instead of ecrecover the function permit adds approval for a spender for a certain amount of value use of ecrecover to validate signatures without a nonce will allow signatures to be replayed to add additional approvals due to signature...

initiateBuyout and sell functions on NibbleVault.sol Reentrancy vulnerability

Lines of code Vulnerability details Impact 1. In NibbleVault.sol, it is possible for a contract to prevent the Sell event from being fired after being sent ether. From calling the sell function on line 390, an attacker contract is able to keep the event hidden from being listened to by stopping t...

ERC721 support not checked - NFT loss

Lines of code Vulnerability details Impact It is not checked whether withdrawn token supports ERC721 interface. Also there is no check to see if necessary approval have been set for sending nft The fix need to be applied for all other functions withdrawing ERC721 Proof of Concept 1. Observe the...

Some users can redeem more reserve tokens after curator redeems accumulated curator fee.

Lines of code Vulnerability details Impact It is possible for some users to redeem more reserved tokens if the curator redeems accummulated curator fee before their redeem action in the case of a boughtOut. This is possible because NibblVault.redeemCuratorFee sets feeAccruedCurator back to 0. So ...

CNote balance can be affected by griefing attack

Lines of code Vulnerability details Functions borrowFresh, repayBorrowFresh, mintFresh, redeemFresh require CNote balance to be strictly zero, reverting unconditionally otherwise. However, as CNote is ERC20 with usual transfer functionality, anyone can send a cNote tokens to the contract itself,...

Duplicate token can be added to MasterChef

Lines of code Vulnerability details Impact MasterChefV2.add does not check if the lpToken is previously added. This would lead to incorrect accounting of lpToken in different pid. Proof of Concept function adduint256 allocPoint, IERC20 lpToken, IRewarder rewarder public onlyOwner uint256...

Incorrect repayAmount used in CNote

Lines of code Vulnerability details Impact repayAmount was used instead of repayAmountFinal in CNote.repayBorrowFresh. This will lead to revert if the borrower want to repay full amount with typeuint.max Proof of Concept uint actualRepayAmount = doTransferInpayer, repayAmount; Recommended...

Only the state() of the latest proposal can be checked

Lines of code Vulnerability details Impact state function cannot view the state from any proposal except for the latest one. Proof of Concept requireproposalCount = proposalId && proposalId initialProposalId, "GovernorBravo::state: invalid proposal id"; Currently proposalCount needs to be bigger ...

Unable to check state() if proposalId == 0

Lines of code Vulnerability details Impact state function cannot be called to view proposal state if proposalId == 0. Proof of Concept There is no check to prevent queueing a proposalId with a value of 0 via the queue function. However, in the state function there is a check preventing using a...

attacker steals funds from the weth contract

Lines of code Vulnerability details attacker steals funds from the weth contract 1.Attacker has balance of 1 weth 2.Attacker calls withdraw with 1 weth 3.Transfer is called to fallback function in attacker contract 4.Attacker Fallback function sends 1 ether to the weth fallback function 5. It...

BaseRate can be update by anyone

Lines of code Vulnerability details Impact There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value function updateBaseRateuint newBaseRatePerYear public Proof of Concept Tools Used manual review Recommended Mitigation...

WETH.totalSupply() returns wrong result.

Lines of code Vulnerability details Impact WETH.totalSupply returns wrong result. I can't find other contracts that use this function but WETH.sol is a base contract and it should be fixed properly. Proof of Concept WETH.balanceOf just returns a balance of a specific address and totalSupply must ...

In Cnote.sol, anyone can initially become both accountant and admin

Lines of code Vulnerability details Impact Affected code: The function setAccountantContract is supposed to be called after contract initialization, so that the accountant is immediately set. However, this function completely lacks any access control it’s just public so an attacker can monitor th...

WETH.sol computes the wrong totalSupply()

Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...

CNote: Attacker can frontrun the calling of _setAccountantContract and gain admin priviledges and insert a malicious accountant contract

Lines of code Vulnerability details Impact The function does not have access control before the accountant address is set, allowing anyone to call the function, gain admin privileges, and set the accountant address. Proof of Concept CNote.solL17 Recommended Mitigation Steps Include access control...

zeroswap/UniswapV2Pair.sol Token reserves per lp token can be manipulated due to lack of MINIMUM_LIQUIDITY when minting the first liquidity with migrator

Lines of code Vulnerability details if totalSupply == 0 address migrator = IUniswapV2Factoryfactory.migrator; if msg.sender == migrator liquidity = IMigratormigrator.desiredLiquidity; requireliquidity 0 && liquidity != uint256-1, "Bad desired liquidity"; else requiremigrator == address0, "Must no...

MasterChef's emergencyWithdraw can be reentered drawing all lptokens from the contract if pool.lpToken allows for transfer flow control

Lines of code Vulnerability details User's LP funds accounting update in emergencyWithdraw happens after lpToken transfer. If pool.lpToken allows for the control of transfer call flow or can be upgraded to allow it in the future i.e. beforetokentransfer, afterTokenTransfer type of hooks, or an...

CNote updates the accounts after sending the funds, allowing for reentrancy

Lines of code Vulnerability details Having no reentrancy control and updating the records after external interactions allows for funds draining by reentrancy. Setting the severity to medium as this is conditional to transfer flow control introduction on future upgrades, but the impact is up to th...

Base rate update frequency can be bypassed by an admin

Lines of code Vulnerability details Impact Base rate update frequency can be bypassed by an admin. Above function require updateFrequency blocks to be passed. Proof of Concept function updateBaseRateuint newBaseRatePerYear public // check the current block number uint blockNumber = block.number;...

Attackers can call update and grief the users from swapping tokens

Lines of code Vulnerability details Impact Attackers can call update and grief the users from swapping tokens An attacker can specify reserve0 and revsere1 in update function and make it very small number and the user will have to supply zero tokens otherwise the function will fail. mitigation :...

Unnecessary migrate function

Lines of code Vulnerability details Impact There is no need to have a migrate function in zeroswap as there are no liquidity to vampire attack from. This function introduce a significant rug vector. Proof of Concept function migrateuint256 pid public requireaddressmigrator != address0,...

In Note.sol, anyone can become the accountant and mint all the tokens to themselves

Lines of code Vulnerability details Impact Affected code: The function minttoAccountant is supposed to be called after contract initialization, so that the accountant is immediately set and all the tokens are mint to them. However, this function completely lacks any access control it’s just...

Queued proposals cannot be executed in GovernorBravoDelegate.sol

Lines of code GovernorBravoDelegate.solL63 Vulnerability details Impact In GovernorBravoDelegate.sol's queue function, the executed value for the proposal to be queued is set to true. The execute function in GovernorBravoDelegate.sol will revert when called since the state of the proposal is...

Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing

Lines of code Vulnerability details Block.timestamp is always growing in epoch seconds and observation.timestamp needs to be called is its very unlikely to for it to be equal each other Bypassing observation and gets it to be wrong length which could cause logic brakes and worse because your not...

Stack too deep error within BaseV1-periphery.sol

Lines of code BaseV1-periphery.sol lines 323-341 Vulnerability details Impact Stack too deep error when using remove liquidity function, fixing issue allows for avoiding using optimizations thus increases the periphery contract's longevity/scalability. Proof of Concept function...

Overprivileged admin can grant unlimited WETH

Lines of code Vulnerability details Impact Admin can grantComp to any address using any amount and drain the contract. Proof of Concept If admin key gets compromised there is no timelock, no amount boundaries and no address limitations to prevent the assets to be drained immediately to the...

_update function on deployment time isnt actually going to be 30 minutes and you can bypass it

Lines of code Vulnerability details Because timeElapsed = blocktimestamp , on deployment block.timestamp -point.timestamp it can be zero if some calls it right after deployment And block.timestamp 1800 which is true even though its not a pass 30 minutes mitigation have check that updated...

WETH.allowance() returns wrong result.

Lines of code Vulnerability details Impact WETH.allowance returns wrong result. I can't find other contracts that use this function but WETH.sol is a base contract and it should be fixed properly. Proof of Concept In this function, the "return" keyword is missing and it will always output 0 in th...

Attacker can frontrun calling _mint_to_Accountant() which mints the entire supply to the caller, and sets them as _accountant and admin

Lines of code Vulnerability details Impact By leaving minttoAccountant with no access control when accountant = address0 it allows an attacker to call the function, mint the entire supply to themselves, and gain the accountant and admin roles. Additionally, the parameter "address...

repayAmountFinal is not considered while calculating actualRepayAmount while calling doTransferIn(payer, repayAmount)

Lines of code Vulnerability details Impact repayAmountFinal is not used inside repayBorrowFresh The computation for actualRepayAmount doesnot account for repayAmountFinal in L111. Proof of Concept function repayBorrowFreshaddress payer, address borrower, uint repayAmount internal override...

Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable

Lines of code Vulnerability details Impact The contract expects the balance of the underlying token to == 0 at all points when calling the contract functions by requiring getCashPrior == 0, which checks token.balanceOfaddressthis where token is the underlying asset. An attacker can transfer any...

Missing zero address check can set treasury to zero address

Lines of code Vulnerability details Impact AccountantDelegate.initialize is missing a zero address check for treasury parameter, which could may allow treasury to be mistakenly set to 0 address. Proof of Concept Tools Used Manual review Recommended Mitigation Steps Add a require check for zero...