Upgraded Q -> M from 41 [1654474648312]

Judge has assessed an item in Issue 41 as Medium risk. The relevant finding follows: L02: Lack of upper bound for feeRate Line References Description Fees can be set above 1e18, preventing options from being exercised. Recommended Mitigation Steps Consider having a hard cap of x% 100%. // Eg. cap...

Upgraded Q -> M from 135 [1654503723748]

Judge has assessed an item in Issue 135 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 63 [1654488227536]

Judge has assessed an item in Issue 63 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 69 [1654495749150]

Judge has assessed an item in Issue 69 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 294 [1654474576938]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Owner can frontrun exercise to increase fees A malicious owner account can observe and frontrun calls to exercise and extract 100% of the strike price as a protocol fee. Scenario: A malicious owner observes a ca...

Upgraded Q -> M from 37 [1654474354289]

Judge has assessed an item in Issue 37 as Medium risk. The relevant finding follows: Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised: Loss of fund for...

Upgraded Q -> M from 74 [1654474884998]

Judge has assessed an item in Issue 74 as Medium risk. The relevant finding follows: Protocol does not support fee-on-transfer tokens The tokenIdOrAmount established in createVault prevents buyers from exercise their option because addressthis holds less than tokenIdOrAmount due to the transfer...

Upgraded Q -> H from 103 [1654497033247]

Judge has assessed an item in Issue 103 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 135 [1654503748167]

Judge has assessed an item in Issue 135 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 135 [1654503715861]

Judge has assessed an item in Issue 135 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 119 [1654475092615]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...

Upgraded Q -> M from 74 [1654474712630]

Judge has assessed an item in Issue 74 as Medium risk. The relevant finding follows: Use of transferFrom instead of safeTransferFrom Cally.solL295 When buyers exercise the transferFrom function is used instead of safeTransferFrom. In the very unlikely event the receiving contract is somehow not...

Upgraded Q -> M from 95 [1654474439349]

Judge has assessed an item in Issue 95 as Medium risk. The relevant finding follows: Incompatability with deflationary / fee-on-transfer tokens Function Cally.createVault function takes a tokenIdOrAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer /...

Upgraded Q -> M from 286 [1654474962848]

Judge has assessed an item in Issue 286 as Medium risk. The relevant finding follows: No min/max fee rate Line Refrences Cally.solL119-121 Description Limits for the fee rate should be set to avoid mistakes when setting the fee. A fee rate that is over 100% could result in the exercise function n...

Upgraded Q -> M from 174 [1654475154140]

Judge has assessed an item in Issue 174 as Medium risk. The relevant finding follows: feeRate Can Be Set to 100% Permalinks Description There is no maximum limit on how high the feeRate can be, which might result in a fee rate of 100%, meaning the protocol will collect every ether sent in...

Upgraded Q -> M from 131 [1654475029272]

Judge has assessed an item in Issue 131 as Medium risk. The relevant finding follows: Recommend using safeTransferFrom instead of transferFrom for NFTs The EIP-721 standard states: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING...

Upgraded Q -> M from 190 [1654475279061]

Judge has assessed an item in Issue 190 as Medium risk. The relevant finding follows: L-02 Fee in Cally.setFee should be upper-bounded A malicious owner or owner account compromise can set the fee very high, up to 100%, siphoning all profits from the protocol. Consider implementing a reasonable...

Upgraded Q -> M from 98 [1654475216526]

Judge has assessed an item in Issue 98 as Medium risk. The relevant finding follows: Set Limits on setFee A Malicious owner could set feeRate to = 100 1e18 / 100; which would give the entire value of an exercise transaction to the protocol, create a limit on the fees the owner can set. --- The te...

Upgraded Q -> M from 103 [1654497041670]

Judge has assessed an item in Issue 103 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 124 [1654443300023]

Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-007 : USE SAFEERC20.SAFEAPPROVE Impact This is probably an oversight since SafeERC20 was imported and safeTransfer was used for ERC20 token transfers. Nevertheless, note that approve will fail for certain tok...

Upgraded Q -> M from 87 [1654442977298]

Judge has assessed an item in Issue 87 as Medium risk. The relevant finding follows: Issue 3 Low - Some tokens do not allow for Non-Zero to Non-Zero value approvals USDT, for example, will not allow approving a non-zero amount and then approving another non-zero amount. The approval must be reset...

Upgraded Q -> M from 104 [1654443194486]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: transfer return value of a general ERC20 is ignored Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer...

Upgraded Q -> M from 104 [1654442859269]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: Check transfer receiver is not 0 to avoid burned money Transferring tokens to the zero address is usually prohibited to accidentally avoid "burning" tokens by sending them to an unrecoverable zero address. Code...

Upgraded Q -> M from 124 [1654442937681]

Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-006 : The Contract Should Approve0 first Impact Some tokens like USDT L199 do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the...

Upgraded Q -> M from 137 [1654449389324]

Judge has assessed an item in Issue 137 as Medium risk. The relevant finding follows: It does not even check the return value and a low-level call succeeds if the address is empty or non-existent. dexMapping is a manually operated config so it may not contain info for all collateral tokens, and i...

Upgraded Q -> M from 114 [1654442763376]

Judge has assessed an item in Issue 114 as Medium risk. The relevant finding follows: PROBLEM All external functions that can be called by users should have comments SEVERITY Non-Critical PROOF OF CONCEPT Instances include: SuperVaultFactory.sol SuperVaultFactory.sol:23: function clonebytes...

Caller always pays for ETH even for ETH offer items

Lines of code Vulnerability details Impact It's possible to create ItemType.NATIVE offer items that the offerer should pay for but this is not possible as only the caller fulfiller can send native tokens ETH when fulfilling an order. Therefore, this item type does not make sense in an offer. The...

Attacker can get drain ETH for targetLpToken_

Lines of code Vulnerability details Impact Attacker can drain all ETH from FeeBurner.sol. Technically msg.value gets sent to swapperRouter, but since this contract is out of scope FeeBurner.sol will be treated as the victim Proof of Concept FeeBurner.solL56-L65 ... for uint256 i; i tokens.length;...

Any user can start inflation for Minter.sol

Lines of code Vulnerability details Submitting as a high risk bug because it is equivalent to calling startInflation which is a function reserved for only governance to call and it drastically alters token distribution Impact Bypass governance only call restriction and cause immediate inflation...

StakerVault.unstake(), StakerVault.unstakeFor() would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault._poolTotalStaked.

Lines of code Vulnerability details Impact StakerVault.unstake, StakerVault.unstakeFor would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault.poolTotalStaked. Proof of Concept Currently it saves totalStaked for strategies and non-strategies separately. uint...

Governance Token limit can be massively increased due to uninitialised lastEvent variable

Lines of code Vulnerability details Impact Due to insufficient checks in the executeInflationRateUpdate in the Minter contract, the limit on tokens that can be minted is massively increased. As lastEvent is uninitialised and equal to 0 by default, in the first line of executeInflationRateUpdate,...

Minter.sol#startInflation() can be bypassed

Lines of code Vulnerability details function startInflation external override onlyGovernance requirelastEvent == 0, "Inflation has already started."; lastEvent = block.timestamp; lastInflationDecay = block.timestamp; As lastEvent and lastInflationDecay are not initialized in the constructor, they...

Users will lose all of their money during pool migration

Lines of code Vulnerability details Impact Users will lose all of their money when they migrate by calling PoolMigrationZap.migrate Proof of Concept File: protocol/contracts/zaps/PoolMigrationZap.sol 1 52 function migrateaddress oldPoolAddress public override 53 ILiquidityPool oldPool =...

Fulfill transactions that are not protected with a deadline may lead to unfavorable trade.

Lines of code Vulnerability details Impact A fulfill transaction of order with descending/ascending amount should be protected by the deadline. The price of an order with a descnding amount is sensitive to the time. Letting users make such a trade without providing the deadline would lead to...

BurnToTarget can be exploited to receive more LP tokens

Lines of code Vulnerability details Issue: depositInPool uses addressthis.balance Consequences: exploiter will get more lp tokens File: FeeBurner.sol 81: // Depositing target underlying into target pool 82: uint256 targetLpTokenBalance = depositInPooltargetUnderlying, targetPool; 83: 84: //...

Can overfill orders

Lines of code Vulnerability details Impact There's a bug in the partial order filling that allows an attacker to overfill any order fill more than the total size of the order. This bug happens because the fractions are stored as uint120s in orderStatus but intermediate computations to scale the...

Can avoid paying for additional recipients' consideration items due to out of bounds read for additionalRecipients

Lines of code Vulnerability details Impact The assertConsiderationLengthIsNotLessThanOriginalConsiderationLength call is off-by-one for the parameters.additionalRecipients.length + 1. // requires parameters.additionalRecipients.length + 1 = parameters.totalOriginalAdditionalRecipients...

[WP-H0] Unsafe type casting for the order's denominator and numerator may allow the attacker to buy more than the offered amount from the seller against the seller's will

Lines of code Vulnerability details orderStatusorderHash.numerator = uint120 filledNumerator + numerator ; orderStatusorderHash.denominator = uint120denominator; When an order is filled partially, the order's denominator and numerator will be updated in...

_verifyProof allows empty proofs (allows malleable transactions)

Lines of code Vulnerability details Impact verifyProof allows empty proofs and in that case it expects the leaf to equal the root, because no hashing and iteration is taking place. The purpose of the tree is to hold multiple accepted tokenIds, where the consideration contains one and proving its...

Upgraded G -> H from 10 [1654286526568]

Judge has assessed an item in Issue 10 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Fees from delisted pool still in reward handler will become stuck after delisting

Lines of code Vulnerability details Impact Unclaimed fees from pool will be stuck Proof of Concept When delisting a pool the pool's reference is removed from address provider: Burning fees calls a dynamic list of all pools which no longer contains the delisted pool: Since the list no longer...

Merkle Tree criteria can be resolved by wrong tokenIDs

Lines of code Vulnerability details Impact The protocol allows specifying several tokenIds to accept for a single offer. A merkle tree is created out of these tokenIds and the root is stored as the identifierOrCriteria for the item. The fulfiller then submits the actual tokenId and a proof that...

Malicious offerers can easily create lots of invalid offers

Lines of code Vulnerability details Impact Creating an offer is pretty convenient in Seaport. Offerers don’t have to give the offered items to Seaport. They just need to make sure that when someone tries to fulfill their order, they already set the sufficient approvals. However, this convenience...

Compromised Channel Can Compromise ALL NFTs and Tokens

Lines of code Vulnerability details Impact The contest IN SCOPE section clearly states that offer items can only be transferred by a conduit that only has Seaport set as a channel. However, this condition is not true. If a compromised channel is added to a conduit, then ALL the NFTs and tokens th...

DoS of an order without fully fulfilling it

Lines of code Vulnerability details Impact A malicious attacker can DoS an order by making its n and d invalid, without fully fulfilling the order. Proof of Concept In this example the attacker fulfills only 2/3 of the order, and makes the rest of it unfulfillable. 1. The attacker calls the...

Underflow unchecked

Lines of code Vulnerability details Impact There is no check for underflow even though there is chance to be on Proof of Concept in The call for function locateCurrentAmount they said that duration !=0. But, there is this call where there duration = advancedOrder.parameters.endTime -...

Restricted Trades Vulnerable to Stolen Items Being Traded

Lines of code Vulnerability details Impact The current contract does not check for stolen items. Traditionally, Opensea has frozen items that are stolen based on its stolen item policy. It was possible to do so on Opensea at the UI level. However, with Seaport, anyone can list a restricted trade...

A malicious zone operator can piggyback other transactions, when a caller tries to fulfill the restricted order

Lines of code Vulnerability details If an order has a restricted order type and, if the caller is other than the offerer or zone, then a staticcall to isValidOrder on the zone is made. This call outside the Seaport contract opens up a possible misuse by the zone contract implementation. The zone...

Integer Overflow in Nonce Possible Via EIP 1271 Compliant Contract

Lines of code Vulnerability details Impact The current NonceManager deployed version does not expect a nonce to go as high to actually trigger an integer overflow and is therefore, unchecked. However, it is completely possible to have the nonce go as high with EIP 1271 contracts that hold the NFT...

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Impact Usage of deprecated transfer Swap can revert. Proof of Concept The original transfer used to send eth uses a fixed stipend 2300 gas. This was used to prevent reentrancy. However this limit your protocol to interact with others contracts that need more th...