Re-entry in BaseRewardPool.sol

Lines of code Vulnerability details Impact An actor who calls withdraw function for an arbitrary amount in his balance, can re-enter this flow again. As a result, he would get at least double rewards than the designed one. Proof of Concept Say an actor has his contract and has staked funds throug...

balanceAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function balanceAtEpochOfuint256 epoch, address user public view returns uint256 amount...

pendingLockAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function pendingLockAtEpochOfuint256 epoch, address user external view returns uint256 amount...

Using ExtraRewardStashV2 In Angle Deployment Will Cause Gauge Rewards To Be Frozen

Lines of code Vulnerability details Note: This report aims to discuss the issue encountered when ExtraRewardStashV2 is used within Angle Deployment. There is also another issue when ExtraRewardStashV3 is used within Angle Deployment, but I will raise it in a separate report since ExtraRewardStash...

Governance can arbitrarily burn VeToken from any address

Lines of code Vulnerability details Impact Governance can burn any amount of VeToken from any address. Unlike VE3Token which is minted when users deposit veAsset and burned when users withdraw, the burn function in the governance token VeToken.sol is unnecessary and open up the risk of...

you should always approve zero amount because some contracts need it to interact with it (ust)

Lines of code Vulnerability details :make sure approval is zero first because there are contract that need to approve 0 becaues otherwise alot of contract will fail if approve is not zero first not a user then you can have a problem with ust contract which needs to approved 0 :mitigation:approve ...

Since calling _lockVeAsset() incentiveVeAsset is always set to 0

Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact The if statement of the deposit function will never add incentive tokens because you calling lockVeAsset which will always set incentiveVeAsset is set to 0. Proof of Concept%3B-,incentiveVeAsset%20%3D%200%3B,-%7D...

totalSupplyAtEpoch will revert

Lines of code Vulnerability details Impact The line for uint256 i = epoch; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function totalSupplyAtEpochuint256 epoch external view returns uint256 supply uint256 epochStart =...

Revert if too many rewardTokens in VE3DLocker

Lines of code Vulnerability details Impact There are a couple logic that iterate rewardTokens, which may run exceed block gas limit if there are too many rewardTokens, potentially freezing reward. Proof of Concept function setApprovals external for uint256 i; i function claimableRewardsaddress...

Truncation in OrderValidator can lead to resetting the fill and selling more tokens

Lines of code Vulnerability details Impact A partial order's fractions numerator and denominator can be reset to 0 due to a truncation. This can be used to craft malicious orders: 1. Consider user Alice, who has 100 ERC1155 tokens, who approved all of their tokens to the marketplaceContract. 2...

Pickle Investor Unable To Receive Rewards

Lines of code Vulnerability details Proof-of-Concept Pickle Investor people who locked their PICKLE or deposit their pToken will not be able to collect their rewards. Whenever, Pickle Investor called the Booster.earmarkRewards function to claim their veAsset and extra rewards and disperse them to...

UpdateReward Modifier is brickable

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The private variable RewardTokens is an unbounded list of addresses that the modifier updateReward loops over and updates the state variable rewardTokenInfo. The gas consumption can become increasingly...

If a new extra reward is added later, existing stakes will not be able to withdraw

Lines of code Vulnerability details Impact When the user stakes token, it iterates over all the extraRewards and adds to the user stake: function stakeuint256 amount public updateRewardmsg.sender returns bool ... //also stake to linked rewards for uint256 i = 0; i extraRewards.length; i++...

Value Overflow in FulfillmentApplier.sol

Lines of code Vulnerability details Value Overflow in FulfillmentApplier.sol Repo commit referenced: 49799ce156d979132c9924a739ae45a38b39ecdd Impact In aggregateValidFulfillmentOfferItems Line 274 and aggregateValidFulfillmentConsiderationItems Line 571 a variable errorBuffer has been defined as ...

In VoterProxy the address veAsset is not added to protectedTokens[] list so it's possible to call withdraw() with veAsset address by stash protocol and withdraw veAsset Balance of VoterProxy

Lines of code Vulnerability details Impact Stash contract can withdraw extra incentive reward tokens out of VoterProxy contract. and Stash calls withdraw function of VoterProxy for extra reward tokens of gauges. but veAsset was in gauges reward tokens then Stash will call withdraw with veAsset...

Unable to updateReward if there are too many rewardTokens

Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...

In VeAssetDepositor constructor if deployer set wrong value for maxTime or if maxTime in veAsset project changes then funds can be locked in VeAssetDepositor and contract will be in broken state

Lines of code Vulnerability details Impact Contract VeAssetDepositor locks funds in veAsset Project for maxTime. veAsset project has his own maxTime and users can lock tokens bigger than that amount if they try to that the transaction will fail. in VeAssetDepositor's constructor the deployer set...

Logic error in inversely traversed loops could lead to DoS

Lines of code Vulnerability details Impact Potential DoS in loops being inversely traversed Proof of Concept Let's take the example of VE3DLocker.totalSupply. The VE3DLocker.totalSupply function has been modified to save gas with an inversely traversed for-loop: File: VE3DLocker.sol 386: //traver...

in VeAssetDepositor and Booster contract don't set safeApprove() to 0 first and that token uses OpenZeppelin’s ERC20 implementation

Lines of code Vulnerability details Impact OpenZeppelin’s implementation of safeApprove won't work if approved amount is not set to 0. so the logics will fail if code don't set it 0 first. Both VeToken and VE3Token use OpenZeppelin’s ERC20 implementation and VeAssetDepositor and Booster calls...

Add a tme lock to VoterProxy.sol setter function

Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact More trust for user functions that are set key/critical variables should be behind a timelock. Proof of Concept%20external%20%7B,%7D,-function%20deposit Tools Used Manuel review Recommended Mitigation Steps Add a...

veAsset are locked forever if users are periodically deposit new veAsset or calling lockVeAsset

Lines of code Vulnerability details Impact veAsset are locked forever if users are periodically deposit new veAsset or calling lockVeAsset. VeAssetDepositor also doesn't have mechanism to prevent new user from depositing or calling lockVeAsset. Which mean it will get called forever. As a result,...

Users can lose funds due to mint logic

Lines of code Vulnerability details Impact User can lose most of his deposit when minting veToken if amount amtTillMax. Proof of Concept User calls Booster.deposit which transfers the given amount of lptoken to VoterProxy.sol. VeTokenMinter.mint is called in sequence. In this case if amount...

Upgraded Q -> M from 294 [1654058024144]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Beneficiary is credited additional ETH above premium The CallybuyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium: buyOptionL224 requiremsg.value =...

Upgraded G -> M from 164 [1654114758938]

Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: File:Cally.sol224 requiremsg.value = premium, "Incorrect ETH amount sent"; Using == operator is 3 gas cheaper than =. This also keeps people from acedently overpaying when buying an option. Summary Implementing...

deposit function of VeAssetDepositor.sol will be failed if stakeAddress is set.

Lines of code Vulnerability details Impact Wrong contract variable is used, so transaction cannot be executed. Proof of Concept This line is trying to call ERC20 function from minter contract. The minter is not ERC20 token, and does not have safeApprove function. So this will revert transaction...

Lack of Access Restriction for Conduit Creation

Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...

Lack of Verification of conduitKey, offererConduitKey, and fulfillerConduitKey Could Cause Offerers or Fulfillers to Lose Their Assets to Malicious Fulfillers or Offerers

Lines of code https://github.com/c...

Contracts are allowed to lock funds

Lines of code Vulnerability details Impact In current scenario, it is not checked whether the account locking the amount is a contract or a normal user. A malicious user can simply lock the amount in a contract and later transfer/sell this contract to another user who will then own the locked...

VoterProxy.claimVeAsset() and VeAssetDepositor._lockVeAsset() both spend veAsset.balanceOf(staker) for different purposes

Lines of code Vulnerability details Impact Each of the functions VeAssetDepositor.lockVeAsset and VoterProxy.claimVeAsset will use the entire balance of the VoterProxy for different purposes. In VeAssetDepositor.lockVeAsset the balance is locked into the VoterEscrow contract and cannot be...

No way to close multiple channels - Under attack scenario

Lines of code Vulnerability details Impact = Currently contract has no functionality to close multiple channels = In case multiple open channels are performing maliciously, owner has to individually call updateChannel to close those channel = Closing channels one by one will be time consuming and...

Cancelled orders cannot be valid again

Lines of code Vulnerability details Impact The validate function will call the verifyOrderStatus function. When orderStatus.isCancelled == true, the canceled order cannot be set as valid. function verifyOrderStatus bytes32 orderHash, OrderStatus memory orderStatus, bool onlyAllowUnused, bool...

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code Vulnerability details Impact execute and executeWithBatch1155 are external functions. Both functions run for loops, boundary of which are determined by the function arguments. Anytime there's a loop where the input comes from an external source there's the possibility of unbounded...

_cancel function should check order status

Lines of code Vulnerability details Impact In the cancel function of the OrderValidator contract, orderStatusorderHash.isValidated is not checked. This is to allow users to cancel unverified private orders. This is not a good solution. For unverified private orders, the user can verify and cancel...

Lack of minting validation could lead users to lose funds

Lines of code Vulnerability details Impact Depositors will lose funds if cliff totalCliffs. Proof of Concept Depositor calls Booster.deposit which transfers the given amount of lptoken to VoterProxy.sol. VeTokenMinter.mint is called in sequence. In this case totalSupply == maxSupply and therefore...

Non standard token transfers will fail in the protocol

Lines of code Vulnerability details Impact In TokenTransferrer.sol the performERC20Transfer function handles the transfer of ERC20 tokens in the protocol. It uses the ERC20transferFromsignature constant inherited from TokenTransferrerConstants.sol. The problem is that tokens that don’t correctly...

DoS in FeeBurner due to address not matching interface.

Lines of code Vulnerability details Impact The if found in L60 addresstoken == address0 will never be executed, since when one goes through the tokens in the for and this line is executed: IERC20 token = IERC20tokensi; address0 does not comply with the IERC20 interface, so it will always revert...

Prevent Out of Gas error

Lines of code Vulnerability details Impact = User can use getChannels function if user wants to evaluate all his open channels for approvals = But getChannels function will revert with out-of-gas error for a conduit with many channels. = Using getChanneladdress conduit, uint256 channelIndex is ev...

Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to the wrong order. This will greatly increase the chances of the...

ERC777 getReward Reentrancy

Lines of code Vulnerability details Impact Attacker can drain BaseRewardPool.sol if rewardToken is an ERC777 token. Proof of Concept Attacker calls getReward. rewardToken.safeTransfer triggers ERC777 callback and attacker take control of execution flow. Attacker reenters getReward. Attacker repea...

In Bribe, tokenRewardsPerEpoch isn't decreased after transferring the rewards

Lines of code Vulnerability details Impact DoS issues when users try to claim rewards. Proof of Concept tokenRewardsPerEpochtokenadjustedTstamp for a given epoch only increases when bribe.notifyRewardAmount is called and never decreases. Before it's called first time in a given epoch, this value...

Unauthorized notifyRewardAmount

Lines of code Vulnerability details Impact Anyone can trick Bribe and Gauge contracts by calling notifyRewardAmount with arbitrary tokens until MAXREWARDTOKENS is reached. However, later team can replace these fake tokens by calling swapOutRewardToken. However, still, a malicious actor can force...

Bribe.sol Tokens with fee on transfer are not supported

Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, Bribe.solnotifyRewardAmount assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in...

Voting tokens may be lost when given to non-EOA accounts

Lines of code Vulnerability details Impact veNFTs may be sent to contracts that cannot handle them, and therefore all rewards and voting power, as well as the underlying are locked forever Proof of Concept The original code had the following warning: @dev Safely transfers tokenId token from from ...

Missing events/timelock for function updateChannel only functions that change critical parameters

Lines of code Vulnerability details Impact functions that change critical parameters should emit events and have timelocks. Events allow capturing changed parameters so interfaces can register changes with timelock. It allow users to evaluate them and consider if they would like to engage or exit...

Approved spender can not withdraw or merge

Lines of code Vulnerability details In the current implementation, withdraw and merge veNFT can be called by approved spender or token owner. function withdrawuint tokenId external nonreentrant assertisApprovedOrOwnermsg.sender, tokenId; function mergeuint from, uint to external...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code: contracts/contracts/Bribe.sol:...

Gauge Rewards Not Claimable By LP Token Stakers

Lines of code Vulnerability details Background Based on the code of Gauge contract, there are two types of rewards that can be claimed from the Gauge contract by its users. 1. Gauge Rewards - For users Liquidity providers who deposit their LP tokens a.k.a LP Token Staker into the liquidity gauge...

Owner's delegates should be decreased in _burn()

Lines of code Vulnerability details function burnuint tokenId internal requireisApprovedOrOwnermsg.sender, tokenId, "caller is not owner nor approved"; address owner = ownerOftokenId; // Clear approval approveaddress0, tokenId; // TODO add delegates // Remove token removeTokenFrommsg.sender,...

Not calling _safeApprove(0) before setting a new approval causes the call to revert when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens like the very popular USDT do not work when changing the allowance from an existing non-zero allowance value it will revert if the current approval is not zero to protect against front-running changes of approvals. These tokens must first be...

Bribe Rewards Not Claimable By Voters

Lines of code Vulnerability details Background Based on the code of Gauge contract, there are two types of rewards that can be claimed from the Gauge contract by its users. 1. Gauge Rewards - For users Liquidity providers who deposit their LP tokens a.k.a LP Token Staker into the liquidity gauge...