wfCashERC4626.sol#redeem() Lack of slippage control for market sell

Lines of code Vulnerability details function redeem uint256 shares, address receiver, address owner public override returns uint256 // It is more accurate and gas efficient to check the balance of the // receiver here than rely on the previewRedeem method. uint256 balanceBefore =...

Upgraded Q -> M from 182 [1655245716777]

Judge has assessed an item in Issue 182 as Medium risk. The relevant finding follows: L-Can send ETH more than buyOption premium required Link. requiremsg.value = premium should be requiremsg.value == premium to prevent user send too much eth. Only beneficiary benefit from this. Contract should...

block.timestamp as time proxy

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. 1. block.timestamp used as time proxy a. Summary: Risk of using block.timestamp for time should be considered. b. Details: block.timestamp is not an ideal proxy for time because of issues with...

Upgraded Q -> M from 307 [1655245513660]

Judge has assessed an item in Issue 307 as Medium risk. The relevant finding follows: Low feeRate can be modified for existing vaults feeRate is a parameter that controls the fee applied on exercise. It can be set by the function: function setFeeuint256 feeRate external onlyOwner feeRate = feeRat...

Did Not Enforce Underlying To Be A Component Of SetToken Before Calling setRedeemToUnderlying

Lines of code Vulnerability details Proof-of-Concept Within the NotionalTradeModule.mintFCashPosition function, it will check if the sendToken submitted is a component of the SetToken before the minting process. Within the NotionalTradeModule.redeemFCashPosition function, it will check if the...

Approve Returned Value Not Validated

Lines of code Vulnerability details Proof-of-Concept The approve function attempts to performs an ERC20.approve call, but does not check if the returned value is true Succeed or false Failed. Some tokens do not revert if the approval failed but return false instead. / @dev Approve the given...

Residual Allowance Might Allow Tokens In SetToken To Be Stolen

Lines of code Vulnerability details Proof-of-Concept Whenever mintFCashPosition function is called to mint new fCash position, the contract will call the approve function to set the allowance to maxSendAmount so that the fCash Wrapper contact can pull the payment tokens from the SetToken contract...

you can mint any amount of tokens and steal eth from the contract

Lines of code Vulnerability details Impact attacker calls the mintViaAsset function if attacker want to lend eth that you suppy the contract , it wil take eth make it into weth then what you lend . you can mint how many tokens you want because if iseth is true it just converts the eth to weth and...

cause an attacker to get a better deal on intrest rate on borrwoing and lending or cause txs' to revert

Lines of code Vulnerability details Impact if the variable maturity in getMaturity function is a big number that gets put into uint40 and since its to big of a number it will revert because solidity ^0.8.0 dosn't allow overflow and on deployment hasMatured can be true because it very close to the...

cause users to revet right after deployment so they cant lend or borrow

Lines of code Vulnerability details Impact because of deployment hasMatured is false mintInternal reverts then cause users' to loose money on gas and users' cant lend which could lead to worse things and cause more attack vectors. Recommended Mitigation Steps check for delay after deployment or g...

User can alter amount returned by redeem function due to control transfer

Lines of code Vulnerability details Impact Control is transferred to the receiver when receiving the ERC777. They are able to transfer the ERC777 to another account, at which time the before and after balance calculation will be incorrect. uint256 balanceBefore = IERC20asset.balanceOfreceiver; if...

Wrapped idiosyncratic (non-tradable) fCash can possibly not be unwrapped prior to maturity

Lines of code Vulnerability details What is idiosyncratic fCash? Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of th...

PortcalFacet.repayAavePortal() can trigger an underflow of routerBalances

Lines of code Vulnerability details Impact The caller of repayAavePortal can trigger an underflow to arbitrarily increase the caller's balance through an underflow. Proof of Concept // Relevant code sections: // PortalFacet.sol function repayAavePortal address local, uint256 backingAmount, uint25...

Unchecked return value for ERC20.approve call

Lines of code Vulnerability details Impact Tokens that don't actually perform the approve and return false are still counted as a correct approve. Proof of Concept In NotionalTradeModule.sol, there is approve function which makes a low level call but does not check the success return value. Some...

wfCash tokens can be locked in Set

Lines of code Vulnerability details Impact The automatic redemption of matured wfCash tokens within the NotionalTradeModule.moduleRedeemHook hook can cause wfCash tokens to be locked within the Set and prevent investors to redeem. The NotionalTradeModule.moduleRedeemHook hook is always called...

safeMath function being used without importing the safeMath library preventing contract compilation

Lines of code Vulnerability details Impact Contract NotionalTradeModule.sol will not compile due to an error caused by missing import of safeMath and the directive using for. Since safeMath is not imported and no using for directive, the contract would not even compile as it would throw an error ...

Did Not Enforce fCash To Be A Component Of SetToken Before Minting

Lines of code Vulnerability details Proof-of-Concept Assume that the manager decided to add a fCash position called "Wrapped fDAI @ 10 October 2022", which will mature at 10 October 2022, to the SetToken. To do so, the manager will call the NotionalTradeModule.mintFCashPosition function. The...

Integer overflow can affect router balances

Lines of code Vulnerability details Impact Integer overflow can affect router balances. Proof of Concept The repayAavePortal method of the PortalFacet contract subtracts the balance within an unchecked region, but this balance is not checked beforehand to be greater than the amountIn. unchecked...

Users Might Not Be Able To Purchase Or Redeem SetToken

Lines of code Vulnerability details Proof-of-Concept Whenever a setToken is issued or redeemed, the moduleIssueHook and moduleRedeemHook will be triggered. These two hooks will in turn call the redeemMaturedPositions function to ensure that no matured fCash positions remain in the Set by redeemin...

No Slippage Protection During Redeeming Matured Positions

Lines of code Vulnerability details Proof-of-Concept The lack of slippage checks can cause redemption of matured positions to happen at a bad rate/prices, resulting the trade to receive fewer tokens than the fair market rate/price. The NotionalTradeModule.redeemMaturedPositions function calls the...

Division round down 2 times may cause convertToShares calculation incorrect if underlying token with decimals less than 8.

Lines of code Vulnerability details Impact In case fCash has not matured yet, convertToShares may return incorrect value due to division round down 2 times. It may leads to the case that user need more amount of share than expected to withdraw assets. In wfCashERC4626.convertToShares function, it...

Rounding Issues In Certain Functions

Lines of code Vulnerability details Background Per EIP 4626's Security Considerations Finally, ERC-4626 Vault implementers should be aware of the need for specific, opposing rounding directions across the different mutable and view methods, as it is considered most secure to favor the Vault itsel...

NotionalTradeModule._approve() function is missing return value check.

Lines of code Vulnerability details Impact NotionalTradeModule.mintFCashPosition wouldn't work properly when approve function fails to approve without reverting. Proof of Concept This approve function performs an ERC20.approve call but does not check the success return value. Some tokens do not...

Round down in previewWithdraw() may result in withdrawing asset using zero share.

Lines of code Vulnerability details Impact In wfCashERC4626.previewWithdraw function, when fCash has matured, shares is calculated using convertToShares. But convertToShares function rounded down in division. This may lead to the case that user can use zero share to withdraw asset. It has been...

IsWrappedFcash check is a gas bomb

Lines of code Vulnerability details Impact In the isWrappedFCash check, the notionalTradeModule check whether the component is a wrappedCash with the following logic. try IWrappedfCashfCashPosition.getDecodedID returnsuint16 currencyId, uint40 maturity try...

wfCashERC4626 maxWithdraw, previewWithdraw, previewRedeem, convertToAssets, convertToShares doesn't conform to EIP4626

Lines of code Vulnerability details EIP4626 states that maxWithdraw, convertToAssets, convertToShares, previewRedeem and previewWithdraw must not revert unless due to large input, or due to a reason that will make deposit/redeem revert. However, wfCash4626's implementation of those ends up callin...

asdf

Lines of code asdfL7-9 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps...

Upgraded Q -> H from 41 [1655143123011]

Judge has assessed an item in Issue 41 as High risk. The relevant finding follows: StakedCitadelVester.sol Not implemented IVesting interface. The function vest is named incorrectly . Should be setupVesting called from StakedCitadel.sol. --- The text was updated successfully, but these errors wer...

Deposit of wrappedFCash does not follow EIP 4626

Lines of code Vulnerability details Impact The deposit of wfCashERC4626 is not 4626 compatible. wfCashERC4626.solL168-L175 According to EIP4626 MUST revert if all of assets cannot be deposited due to deposit limit being reached, slippage, the user not approving enough underlying tokens to the Vau...

Upgraded Q -> H from 63 [1655008454311]

Judge has assessed an item in Issue 63 as High risk. The relevant finding follows: Function CoreCollection:initialize can be executed by owner after initialisation and state variables like mintFee, maxSupply can be changed to increase/decrease fee and supply, isForSale can be set to false to stop...

Upgraded Q -> M from 96 [1655008585673]

Judge has assessed an item in Issue 96 as Medium risk. The relevant finding follows: Impact - LOW PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of...

Upgraded Q -> H from 45 [1655007594160]

Judge has assessed an item in Issue 45 as High risk. The relevant finding follows: Impact The CoreCollection initialize function is missing the onlyUnInitialized function. The onlyUnInitialized modifier is not used in the contract right now and this allows the initialize function to be called mor...

Upgraded Q -> H from 110 [1655009286368]

Judge has assessed an item in Issue 110 as High risk. The relevant finding follows: platformFee should be upper bounded to avoid DoS and excessive fees platformFee can take a value of 10000 100% which could be seen as a trust issue: File: RoyaltyVault.sol 67: function setPlatformFeeuint256...

Withdraw function does not conform to EIP4626

Lines of code Vulnerability details Impact The withdraw of wfCashERC4626 is not 4626 compatible. wfCashERC4626.solL186-L191 According to EIP4626 Burns shares from owner and sends exactly assets of underlying tokens to receiver. The withdraw function of ERC4626 should send the exact same amount of...

Upgraded Q -> H from 63 [1655008277948]

Judge has assessed an item in Issue 63 as High risk. The relevant finding follows: Function Splitter:incrementWindow is executed by vault:sendToSplitter transfered tokens is pushed into balanceForWindow array and window is incremented, but the function can be executed by any contract and more tha...

Upgraded Q -> M from 96 [1655008755771]

Judge has assessed an item in Issue 96 as Medium risk. The relevant finding follows: Impact - LOW All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may ...

Upgraded Q -> H from 25 [1655007954017]

Judge has assessed an item in Issue 25 as High risk. The relevant finding follows: Fees should have a boundary of 100% 10000: Otherwise the contract will try to transfer more than possible which will result in reverts: It might also be helpful the have an fixed upper boundary that doesn't allow t...

Users cannot initialize() a proxy with a currencyId with a different maturity

Lines of code Vulnerability details The wfCashBase.initialize sets the allowance for NotionalV2 to the assetToken and underlyingToken to the maximum using SafeApprove. However, according to , SafeApprove function requires that the current approval is 0 before setting the new one. Therefore, if a...

Re-entrancy in wfCashERC4626.redeem() can lead to more gains in assets and/or shares

Lines of code Vulnerability details Impact The redeem function in wfCashERC4626.sol can be re-entered at the point of redeemInternal. Assume underlying tokens are sent to receiver after shares are burnt, and user re-enters redeem after redeemInternal is completed., P.S: there's a separate issue o...

Re-entrancy in wfCashERC4626.withdraw() can lead to more gains in assets

Lines of code Vulnerability details This is a corrected version of the previous submission and typo mistakes corrected. Impact The withdraw function in wfCashERC4626.sol can be re-entered at the point of redeemInternal. Assume asset tokens are sent to receiver after shares are burnt, and user...

Re-entrancy in wfCashERC4626.withdraw() can lead to more gains in assets

Lines of code Vulnerability details Impact The withdraw function in wfCashERC4626.sol can be re-entered at the point of redeemInternal. Assume asset tokens are sent to receiver after shares are burnt, and user re-enters withdraw after redeemInternal is completed., P.S: there's a separate issue on...

Upgraded Q -> M from 198 [1654952432267]

Judge has assessed an item in Issue 198 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

wfCashERC4626.withdraw() missing some asset balance checks and calculations can drain contract

Lines of code Vulnerability details Impact The withdraw function in wfCashERC4626.sol has no check for asset token balanceOf and calculations before and after transfer. With this, a user can keep calling withdraw multiple times and keep gaining more assets. Proof of Concept 1. Assume redeemIntern...

Loss of tokens due to wrong burn function

Lines of code Vulnerability details Impact The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal of asset tokens to a receiver. The redeemToAsset is also affected by this since it calls...

Loss of tokens due to wrong burn function

Lines of code Vulnerability details Impact redeemToUnderlying is also affected by the issue I reported earlier which is described below. The redeem function calls burn which is inherited from IERC777Upgradeable contract whose action is to burn ERC20 tokens, thus there is no transfer or withdrawal...

deposit through onERC1155Received can be locked by attackers, making the function useless

Lines of code Vulnerability details Impact Disable depositing through onERC1155Receive, potentially breaking all integrations using this function as entry point. Proof of concept An attacker can transfer another fCash position to the wrapper contract, which will trigger ERC1155Actions.transfer ⇒...

Loss of underlying tokens due to ERC4626 non-compliance in redeem function in wfCashERC4626.sol

Lines of code Vulnerability details Impact Similar to the report I sent earlier on the issue of The withdraw function in wfCashERC4626.sol, the redeem function is missing the code that transfers the underlying tokens to the receiver. According to the EIP-4626 standard, redeem function Burns share...

Loss of underlying tokens due to ERC4626 non-compliance in withdraw function in wfCashERC4626.sol

Lines of code Vulnerability details Impact The withdraw function in wfCashERC4626 is missing the code that transfers the underlying tokens to the receiver. According to the EIP-4626 standard, withdraw function Burns shares from owner and sends exactly assets of underlying tokens to receiver...

Sandwitch attack in NotionalTradeModule

Lines of code Vulnerability details Impact It's possible to do a sandwitch attack in NotionalTradeModule. Proof of Concept The redeemMaturedPositions method uses a slippage of 0 when calling the redeemFCashPosition method. This will allow an attacker to take advantage of it and perform a sandwitc...

Upgraded Q -> M from 37 [1654474354289]

Judge has assessed an item in Issue 37 as Medium risk. The relevant finding follows: Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised: Loss of fund for...