Upgraded Q -> M from 189 [1655579836940]

Judge has assessed an item in Issue 189 as Medium risk. The relevant finding follows: N02 Using send to send ETH could run out of gas. You have to be sure of the logic of the recipient. --- The text was updated successfully, but these errors were encountered: All reactions...

Wrong Deadline

Lines of code Vulnerability details the deadline is the timestamp after which the transaction will revert. the goal of this field is that the caller can set a deadline for the transaction so the transaction will not succeed in any arbitrary time in the future, and after this deadline, they can...

Emergency withdrawals are broken

Lines of code Vulnerability details Impact Usually, in emergency situations, contracts will be paused by the owner to prevent further damage. To withdraw all funds, the MyStrategy.prepareWithdrawAll function has to be manually called right before BaseStrategy.withdrawToVault can be called see...

User can bypass entryFee by sending arbitrary calldata to ParaSwap operator

Lines of code Vulnerability details Impact Any user is able to bypass the entryFee collection when using NestedFactory.create by passing in arbitrary calldata when using the ParaSwap router. High level, a user can pass in calldata to swap from a miniscule amount of input token to an ERC777 with...

Upgraded Q -> M from 44 [1655579898351]

Judge has assessed an item in Issue 44 as Medium risk. The relevant finding follows: 1. Usage of legacy ETH transfer function Risk Low Impact Contract ForgottenRunesWarriors for withdrawing ETH to vault uses send function, which has a fixed gas stipend and can fail. The reason behind this is that...

BADGER bribes can not be claimed

Lines of code Vulnerability details sendBadgerToTree will send BADGER twice and therefore fail. It is sending it to the BADGERTREE in sendBadgerToTree, and then continues to send the same amount to the vault in processExtraToken. Impact BADGER rewards cannot be claimed. The contract is trying to...

YearnCurveVaultOperator's depositETH can leave the remainder ETH funds frozen and unaccounted for, then utilized by another caller

Lines of code Vulnerability details depositETH effectively do not control the utilization of input token and can freeze WETH input funds in native ETH form on the contract balance when Yearn pool doesn't perform liquidity addition for any reason. Due to presence of the additional WETH - ETH step,...

Yield can be lost due to not specifying limit when transferring auraBAL to BAL/ETH BPT

Lines of code Vulnerability details Impact In harvest, when swapping auraBAL to BAL/ETH BPT the limit variable which specifies the minimum amount of tokens that are to be received when singleSwap.kind=GIVENIN is set to 0. This means that when the swap is made, the transaction can be frontrun and...

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...

Withdrawing all funds at once to vault can be DoS attacked by frontrunning and locking dust

Lines of code Vulnerability details Impact All funds can be migrated withdrawn at once to the caller vault by using the BaseStrategy.withdrawToVault function which internally calls MyStrategy.withdrawAll. The latter function has the following check in place: MyStrategy.solL184-L187 require...

Operator may be removed without checking whether are there fund locked in that operator.

Lines of code Vulnerability details Impact Operator may be removed without checking whether are there fund locked in that operator. Locked fund may not be able to withdraw unless operator is being added back. Proof of Concept /// @inheritdoc INestedFactory function removeOperatorbytes32 operator...

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

Lines of code Vulnerability details Impact If the contract receives rewards from the hidden hand marketplace in BADGER then the contract tries to transfer the same amount of tokens twice to two different accounts, once with sendBadgerToTree in MyStrategy and again with processExtraToken in the...

Missing slippage protection for autocompounding auraBAL rewards into AURA

Lines of code Vulnerability details Impact Autocompounding auraBAL rewards into AURA requires multiple swaps auraBAL - BAL/ETH BPT - WETH - AURA within MyStrategy.harvest. The swaps are at risk of being front-run / sandwiched, resulting in a loss of funds. Since MEV is very prominent I think the...

Low Value Definition On The Slippage

Lines of code Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept MyStrategy contract has low slippage checks which can lead to being vulnerable to sandwich...

_harvest() vulnerable to sandwich attacks due to missing slippage checks

Lines of code Vulnerability details Impact All funds that should have been harvested can be taken via MEV sandwich attacks because there is no slippage control. Proof of Concept The two swap calls pass zero as the third argument: File: contracts/MyStrategy.sol 1 249 uint256 balEthBptEarned =...

Attacker can deposit for MyStrategy in AuraLocker make it unable to withdraw all.

Lines of code Vulnerability details Impact Function withdrawToVault in BaseStrategy will withdraw all funds from strategy to vault, it uses an internal function withdrawAll in MyStrategy. In this function, there is a check that no locked balance is still in AuraLocker. An attacker can keep deposi...

Yield may be stolen by MEV bot by sandwiching harvest()

Lines of code Vulnerability details Impact Yield may be stolen by MEV bot by sandwiching harvest. Because of minimum output amount of swapping is set to 0. Which mean MEV bot can pump price of AURA token to the highest price before your strategy swap to let you buy AURA token at an incredibly hig...

Vault can never fully be emptied

Lines of code Vulnerability details Impact Vault cannot be fully emptied Proof of Concept Whenever rewards are earned they are automatically locked into the the Aura Locker. Since that reward will then earn more rewards while locked, there will be more rewards to be collected when that lock is...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details Impact The solution uses: "OpenZeppelin/[email protected]". This dependency has a known high severity vulnerability: Which makes MyStrategy contract vulnerable contract MyStrategy is BaseStrategy, ReentrancyGuardUpgradeable ... function...

Swap routes are hardcoded for pools that do not exist yet.

Lines of code Vulnerability details Impact The route for swapping auraBAL to AURA is hardcoded and does not allow any flexibility. Proof of Concept The route for this swap is hardcoded to auraBAL - BAL/ETH BPT - WETH - AURA, with specific pool IDs. This seems to be done for the sake of simplicity...

Owner can sweep any token

Lines of code Vulnerability details Impact Admin can sweep any token even if the token is in use by the contract. Ideally only non blacklisted tokens should be allowed by unlockTokens function function unlockTokensIERC20 token external override onlyOwner uint256 amount = token.balanceOfaddressthi...

Functions in OperatorSripts.sol can be called by anyone

Lines of code Vulnerability details Impact The functions defined in OperatorScripts contract are external functions without any other access control. So anyone can add operators for OperatorResolver.getOpertor which is called in MixinOperatorResolver to use in callOperator, which is called when...

destroy function doesn't check if exitFees is set

Lines of code Vulnerability details Impact This issue might lead to 0 amountFees Proof of Concept The destroy function does not check if exitFees is set, therefore in a scenario wherein the owner does not set the value of exitFees, its default value would be 0. In line 264 we can see: uint256...

Reward token (auraBal) can be locked in the strategy

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. getRewardaddress account function of Aura Locker is an external function therefore can be called by anyone by passing in the address of strategy and transferring the rewards to the strategy. harvest...

attacker can lock all the auraBAL rewards in contract address forever and they won't be accessible

Lines of code Vulnerability details Impact auraBAL token is in protected tokens list, so it can't be transferred to bribeProcessor by using sweepRewardToken. function harvest is supposed to call LOCKER.getReward and then swap received auraBAL rewards and deposit them in LOCKER, but it only can do...

receive function is unrestricted

Lines of code Vulnerability details Impact The receive function has not placed any restriction which means if any user accidentally sends any ETH to this contract then it is permanently freezed until timelock decides to release it by creating and approving a new transaction on timelock which...

DOS on operation execution

Lines of code Vulnerability details Impact A malicious proposer can keep on cancelling all pending operations so that none of the transactions get executed. Admin also has no way to remove the malicious proposer Proof of Concept 1. Proposer A calls schedule function to schedule an operation 2...

TimelockControllerEmergency: The sent ether may be locked in the OwnerProxy contract

Lines of code Vulnerability details Impact The call function in the TimelockControllerEmergency contract will send ether to the OwnerProxy contract, and the OwnerProxy contract will delegatecall the script contract. The two existing script contracts will neither use ether nor withdraw ether, whic...

Attacker can grief users from withdrawing their tokens and causing users to loose money

Lines of code Vulnerability details Impact balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues: 1. vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when...

fund lose because of the direct funds transfer to vault address and cause big balance() to totalSupply() ratio and cause big division error in _mintSharesFor() (this is in previous contest scope)

Lines of code Vulnerability details Impact Attacker can cause balance / totalSupply ratio to go as high as he want and then because of rounding error in mintSharesFor lower amount of share would be mint for users. if totalSupply is 0 attacker can directly transfer tokens to contract address and...

Malicious Owner can steal all user funds

Lines of code Vulnerability details Submitting as med risk because it would require malicious multisig, but there should never be absolute trust in any party especially when there's no reason fees would ever need to be that high anyways Impact Owner steals all of user funds Proof of Concept...

Missing reentrancy protections

Lines of code Vulnerability details Impact The files below contain both deposit and withdraw functions which seem re-entrable at the point of calls that transfer tokens. The functions do not fully follow a checks-effects-interactions pattern, thus they can be re-entered multiple times. Depending ...

no slippage check

Lines of code Vulnerability details in the function swapAndAddLiquidity it makes a call swapExactTokensForTokens with slippage hard coded to 1 this could lead to the user receiving much less tokens than expected due to being frontrun / sandwiched which will result in a loss of funds recommend...

amountAMin and amountBMin set to 1

Lines of code Vulnerability details in the function swapAndAddLiquidity it makes a call addLiquidity with amountAMin and amountBMin hard coded to 1 recommend specifying a proper amountAMin and amountBMin rather than 1 --- The text was updated successfully, but these errors were encountered: All...

reentrancy by _harvest() and _deposit() code in the middle of claimBribesFromHiddenHand() external calls to tokens and change balances of AURA token so claimBribesFromHiddenHand() make wrong transfers and fund would be lost

Lines of code Vulnerability details Impact Function claimBribesFromHiddenHand makes some external calls to token lists which fetches from hiddenHandDistributor.rewards if AURA was on of those tokens and also one of those tokens were malicious or made some external call then it's possible to reent...

There is no check that in setBribesProcessor() the value of newBribesProcessor is not 0x0, fund will be lost or locked if by mistake value set to 0x0

Lines of code Vulnerability details Impact Fund can be lost if the value of bribesProcessor set to 0x0 address and there is no check in the setBribesProcessor to prevent it. sendTokenToBribesProcessor sends bribes to bribesProcessor and there is no check there too. so if by mistake the value of...

attacker can call sweepRewardToken() when bribesProcessor==0 and reward funds will be lost because there is no check in sweepRewardToken() and _handleRewardTransfer() and _sendTokenToBribesProcessor()

Lines of code Vulnerability details Impact If the value of bribesProcessor was 0x0 the default is 0x0 and governance can set to 0x0 then attacker can call sweepRewardToken make contract to send his total balance in attacker specified token to 0x0 address. Proof of Concept the default value of...

All withdrawal functionality is paused when contract is paused

Lines of code Vulnerability details Impact When the strategy contract is paused, all withdrawal functionality will be paused. Based on the comments in MyStrategy.sol and baseStrategy.sol, withdrawToVault should not be affected by the pause functionality. This is not the case due to the...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details Proof of Concept The code uses: @openzeppelin-contracts-upgradeable=OpenZeppelin/[email protected]/contracts/ This dependency have a known high severity vulnerability: Which makes the main contract in this audit "MyStrategy" vulnerable...

Update initializer modifier to prevent reentrancy during initialization

Lines of code Vulnerability details The solution uses: OpenZeppelin/[email protected] These dependencies have a known high severity vulnerability: Which makes these contracts vulnerable: Recommended Mitigation Steps Upgrade @openzeppelin/contracts-upgradeable to version 4.4...

Lack of Two-Step Process for Critical Operations

Lines of code Vulnerability details Impact This function transfers/renounce the ownership of the contract in a single step. There is no way to reverse a one-step transfer of ownership to an address without an owner. This would not be the case if ownership were transferred through a two-step proce...

Gitignore too low

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Too short gitignore Tools Used Recommended...

Posible UUPSUpgradeable attack

Lines of code Vulnerability details Impact Missing implementation of the modifier Summary: initializer modifier is found in wfCashBase.sol but none of the OZ Initializable or AAVETokenV2Mintable.sol are included in wfCashBase or any of its related files. Details: I couldn’t find the modifier to b...

attacker can burn anyones tokens and steal everyones money

Lines of code Vulnerability details Impact attacker can burn tokens and balance of contract is an amount of less or greater in sendtokenreciver function and if receiver is me then tokentransfer can be more than i lended or borrwing,withdrawing and gain me extra tokens. burn function is called...

The Oracle address settings for the PriceOracle.sol contract are not checked for ZERO Address, and will not do the expected work if the prophecy machine address is set to Zero address (which will be populated with 0 by default if not passed to the constructor).

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The getPrice function of the PriceOracle contract internally calls getPriceFromAdapters to get the price, but does not check that the adapters are not set to Zero Address, so when the address in the...

Did Not Enforce fCash To Be A Component Of SetToken Before Minting

Lines of code Vulnerability details Proof-of-Concept Assume that the manager decided to add a fCash position called "Wrapped fDAI @ 10 October 2022", which will mature at 10 October 2022, to the SetToken. To do so, the manager will call the NotionalTradeModule.mintFCashPosition function. The...

Approve Returned Value Not Validated

Lines of code Vulnerability details Proof-of-Concept The approve function attempts to performs an ERC20.approve call, but does not check if the returned value is true Succeed or false Failed. Some tokens do not revert if the approval failed but return false instead. / @dev Approve the given...

Missing receive() or fallback() payable function as native token is expected from WETH

Lines of code Vulnerability details receive or fallback payable function is missing in the current implementation of wfCashERC4626, calling WETH.withdraw will revert. WETH.withdrawdepositAmountExternal; As a result, mintInternal when isETH == true will revert. --- The text was updated successfull...

Upgraded Q -> M from 307 [1655245513660]

Judge has assessed an item in Issue 307 as Medium risk. The relevant finding follows: Low feeRate can be modified for existing vaults feeRate is a parameter that controls the fee applied on exercise. It can be set by the function: function setFeeuint256 feeRate external onlyOwner feeRate = feeRat...

you can mint any amount of tokens and steal eth from the contract

Lines of code Vulnerability details Impact attacker calls the mintViaAsset function if attacker want to lend eth that you suppy the contract , it wil take eth make it into weth then what you lend . you can mint how many tokens you want because if iseth is true it just converts the eth to weth and...