Add a tme lock to VoterProxy.sol setter function

Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact More trust for user functions that are set key/critical variables should be behind a timelock. Proof of Concept%20external%20%7B,%7D,-function%20deposit Tools Used Manuel review Recommended Mitigation Steps Add a...

Unable to updateReward if there are too many rewardTokens

Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...

Revert if too many rewardTokens in VE3DLocker

Lines of code Vulnerability details Impact There are a couple logic that iterate rewardTokens, which may run exceed block gas limit if there are too many rewardTokens, potentially freezing reward. Proof of Concept function setApprovals external for uint256 i; i function claimableRewardsaddress...

Bad use of safeApprove

Lines of code Vulnerability details Impact Function deposit in booster could revert when stake option is true if the contract has an allowance of the token for rewarcontract 0. The same in many contracts but in VE3DRewardPool.sol a user can get his rewards blocked. Proof of Concept If the contrac...

Governance can arbitrarily burn VeToken from any address

Lines of code Vulnerability details Impact Governance can burn any amount of VeToken from any address. Unlike VE3Token which is minted when users deposit veAsset and burned when users withdraw, the burn function in the governance token VeToken.sol is unnecessary and open up the risk of...

VE3DRewardPool.getReward() overmints with fee-on-transfer reward tokens

Lines of code Vulnerability details Impact Fee-on-transfer rewardTokens will lead to over minting when calling VE3DRewardPool.getReward. Proof of Concept function getReward address account, bool claimExtras, bool stake public updateRewardaccount address rewardToken; for uint256 i = 0; i 0...

_aggregateValidFulfillmentConsiderationItems() can be tricked to accept invalid inputs

Lines of code Vulnerability details Impact The aggregateValidFulfillmentConsiderationItems function aims to revert on orders with zero value or where a total consideration amount overflows. Internally this is accomplished by having a temporary variable errorBuffer, accumulating issues found, and...

_aggregateValidFulfillmentOfferItems() can be tricked to accept invalid inputs

Lines of code Vulnerability details Impact The aggregateValidFulfillmentOfferItems function aims to revert on orders with zero value or where a total consideration amount overflows. Internally this is accomplished by having a temporary variable errorBuffer, accumulating issues found, and only...

Logic error in inversely traversed loops could lead to DoS

Lines of code Vulnerability details Impact Potential DoS in loops being inversely traversed Proof of Concept Let's take the example of VE3DLocker.totalSupply. The VE3DLocker.totalSupply function has been modified to save gas with an inversely traversed for-loop: File: VE3DLocker.sol 386: //traver...

Using ExtraRewardStashV2 In Angle Deployment Will Cause Gauge Rewards To Be Frozen

Lines of code Vulnerability details Note: This report aims to discuss the issue encountered when ExtraRewardStashV2 is used within Angle Deployment. There is also another issue when ExtraRewardStashV3 is used within Angle Deployment, but I will raise it in a separate report since ExtraRewardStash...

Gauge Rewards Stuck In VoterProxy Contract When ExtraRewardStashV3 Is Used Within Angle Deployment

Lines of code Vulnerability details Note: This report aims to discuss the issue encountered when ExtraRewardStashV3 is used within Angle Deployment. There is also another issue when ExtraRewardStashV2 is used within Angle Deployment, but I will raise it in a separate report since ExtraRewardStash...

attacker or user can take advantage of percsion error and effect staking

Lines of code Vulnerability details uint256 unlockAt = block.timestamp + maxTime; unlock uninweeks can have precision issues because no floating point variables in solidity so if unlockat is 10.32 is 10 /week 3 it will 3 3 =9 instead of almost 4 weeks so users can unlock before the time they...

In VeAssetDepositor constructor if deployer set wrong value for maxTime or if maxTime in veAsset project changes then funds can be locked in VeAssetDepositor and contract will be in broken state

Lines of code Vulnerability details Impact Contract VeAssetDepositor locks funds in veAsset Project for maxTime. veAsset project has his own maxTime and users can lock tokens bigger than that amount if they try to that the transaction will fail. in VeAssetDepositor's constructor the deployer set...

Missing inheritance makes fulfillBasicOrder() in Consideration.sol non-functional

Lines of code Vulnerability details Impact fulfillBasicOrder in Consideration.sol would not function properly since the call in line 83 - validateAndFulfillBasicOrder is not possible as there's no existing function for it due to a missing inheritance. Users will not be able to fulfill any Basic...

totalSupplyAtEpoch will revert

Lines of code Vulnerability details Impact The line for uint256 i = epoch; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function totalSupplyAtEpochuint256 epoch external view returns uint256 supply uint256 epochStart =...

pendingLockAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function pendingLockAtEpochOfuint256 epoch, address user external view returns uint256 amount...

totalSupply will revert

Lines of code Vulnerability details Impact The line for uint256 i = epochindex - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function totalSupply external view returns uint256 supply uint256 currentEpoch =...

In VoterProxy the address veAsset is not added to protectedTokens[] list so it's possible to call withdraw() with veAsset address by stash protocol and withdraw veAsset Balance of VoterProxy

Lines of code Vulnerability details Impact Stash contract can withdraw extra incentive reward tokens out of VoterProxy contract. and Stash calls withdraw function of VoterProxy for extra reward tokens of gauges. but veAsset was in gauges reward tokens then Stash will call withdraw with veAsset...

If a new extra reward is added later, existing stakes will not be able to withdraw

Lines of code Vulnerability details Impact When the user stakes token, it iterates over all the extraRewards and adds to the user stake: function stakeuint256 amount public updateRewardmsg.sender returns bool ... //also stake to linked rewards for uint256 i = 0; i extraRewards.length; i++...

Value Overflow in FulfillmentApplier.sol

Lines of code Vulnerability details Value Overflow in FulfillmentApplier.sol Repo commit referenced: 49799ce156d979132c9924a739ae45a38b39ecdd Impact In aggregateValidFulfillmentOfferItems Line 274 and aggregateValidFulfillmentConsiderationItems Line 571 a variable errorBuffer has been defined as ...

in VeAssetDepositor and Booster contract don't set safeApprove() to 0 first and that token uses OpenZeppelin’s ERC20 implementation

Lines of code Vulnerability details Impact OpenZeppelin’s implementation of safeApprove won't work if approved amount is not set to 0. so the logics will fail if code don't set it 0 first. Both VeToken and VE3Token use OpenZeppelin’s ERC20 implementation and VeAssetDepositor and Booster calls...

VoterProxy.claimVeAsset() and VeAssetDepositor._lockVeAsset() both spend veAsset.balanceOf(staker) for different purposes

Lines of code Vulnerability details Impact Each of the functions VeAssetDepositor.lockVeAsset and VoterProxy.claimVeAsset will use the entire balance of the VoterProxy for different purposes. In VeAssetDepositor.lockVeAsset the balance is locked into the VoterEscrow contract and cannot be...

Contracts are allowed to lock funds

Lines of code Vulnerability details Impact In current scenario, it is not checked whether the account locking the amount is a contract or a normal user. A malicious user can simply lock the amount in a contract and later transfer/sell this contract to another user who will then own the locked...

Users can lose funds due to mint logic

Lines of code Vulnerability details Impact User can lose most of his deposit when minting veToken if amount amtTillMax. Proof of Concept User calls Booster.deposit which transfers the given amount of lptoken to VoterProxy.sol. VeTokenMinter.mint is called in sequence. In this case if amount...

Lack of Access Restriction for Conduit Creation

Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...

Upgraded G -> M from 164 [1654114758938]

Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: File:Cally.sol224 requiremsg.value = premium, "Incorrect ETH amount sent"; Using == operator is 3 gas cheaper than =. This also keeps people from acedently overpaying when buying an option. Summary Implementing...

Upgraded Q -> M from 294 [1654058024144]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Beneficiary is credited additional ETH above premium The CallybuyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium: buyOptionL224 requiremsg.value =...

deposit function of VeAssetDepositor.sol will be failed if stakeAddress is set.

Lines of code Vulnerability details Impact Wrong contract variable is used, so transaction cannot be executed. Proof of Concept This line is trying to call ERC20 function from minter contract. The minter is not ERC20 token, and does not have safeApprove function. So this will revert transaction...

Lack of Verification of conduitKey, offererConduitKey, and fulfillerConduitKey Could Cause Offerers or Fulfillers to Lose Their Assets to Malicious Fulfillers or Offerers

Lines of code https://github.com/c...

Cancelled orders cannot be valid again

Lines of code Vulnerability details Impact The validate function will call the verifyOrderStatus function. When orderStatus.isCancelled == true, the canceled order cannot be set as valid. function verifyOrderStatus bytes32 orderHash, OrderStatus memory orderStatus, bool onlyAllowUnused, bool...

ERC777 getReward Reentrancy

Lines of code Vulnerability details Impact Attacker can drain BaseRewardPool.sol if rewardToken is an ERC777 token. Proof of Concept Attacker calls getReward. rewardToken.safeTransfer triggers ERC777 callback and attacker take control of execution flow. Attacker reenters getReward. Attacker repea...

Lack of minting validation could lead users to lose funds

Lines of code Vulnerability details Impact Depositors will lose funds if cliff totalCliffs. Proof of Concept Depositor calls Booster.deposit which transfers the given amount of lptoken to VoterProxy.sol. VeTokenMinter.mint is called in sequence. In this case totalSupply == maxSupply and therefore...

No way to close multiple channels - Under attack scenario

Lines of code Vulnerability details Impact = Currently contract has no functionality to close multiple channels = In case multiple open channels are performing maliciously, owner has to individually call updateChannel to close those channel = Closing channels one by one will be time consuming and...

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code Vulnerability details Impact execute and executeWithBatch1155 are external functions. Both functions run for loops, boundary of which are determined by the function arguments. Anytime there's a loop where the input comes from an external source there's the possibility of unbounded...

DoS in FeeBurner due to address not matching interface.

Lines of code Vulnerability details Impact The if found in L60 addresstoken == address0 will never be executed, since when one goes through the tokens in the for and this line is executed: IERC20 token = IERC20tokensi; address0 does not comply with the IERC20 interface, so it will always revert...

Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to the wrong order. This will greatly increase the chances of the...

_cancel function should check order status

Lines of code Vulnerability details Impact In the cancel function of the OrderValidator contract, orderStatusorderHash.isValidated is not checked. This is to allow users to cancel unverified private orders. This is not a good solution. For unverified private orders, the user can verify and cancel...

Non standard token transfers will fail in the protocol

Lines of code Vulnerability details Impact In TokenTransferrer.sol the performERC20Transfer function handles the transfer of ERC20 tokens in the protocol. It uses the ERC20transferFromsignature constant inherited from TokenTransferrerConstants.sol. The problem is that tokens that don’t correctly...

Prevent Out of Gas error

Lines of code Vulnerability details Impact = User can use getChannels function if user wants to evaluate all his open channels for approvals = But getChannels function will revert with out-of-gas error for a conduit with many channels. = Using getChanneladdress conduit, uint256 channelIndex is ev...

Owner's delegates should be decreased in _burn()

Lines of code Vulnerability details function burnuint tokenId internal requireisApprovedOrOwnermsg.sender, tokenId, "caller is not owner nor approved"; address owner = ownerOftokenId; // Clear approval approveaddress0, tokenId; // TODO add delegates // Remove token removeTokenFrommsg.sender,...

Malicious user can populate rewards array with tokens of their interest reaching limits of MAX_REWARD_TOKENS

Lines of code Vulnerability details Impact Malicious user can populate rewards array with different tokens early reaching limit of MAXREWARDTOKENS sending very small amount of different tokens. It will restrict any other tokens to be used as rewards in Bribe.solnotifyRewardAmount Proof of Concept...

Bribe.sol Tokens with fee on transfer are not supported

Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, Bribe.solnotifyRewardAmount assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in...

funds related to one cycle will be locked and lost if update_period() of Minter contract has not been called in a cycle

Lines of code Vulnerability details Impact updateperiod calculates emissions of current cycle and transfer them. but if in one cycle this function is not called then for that cycle emissions wouldn't get calculated and distributed because updateperiod can only do this logic for current cycle not...

Once-off setter functions can be set multiple times

Lines of code Vulnerability details Impact The once-off setter functions don't use require to limit, resulting in multiple calls. Proof of Concept RewardsDistributor.sol // Once off event on contract initialize function setDepositoraddress depositor external requiremsg.sender == depositor;...

Anyone can add Gauge reward tokens and cause DoS

Lines of code Vulnerability details Impact The Gauge.notifyRewardAmount function does not have any access restriction. Anyone an attacker can frontrun and call this function to add arbitrary even malicious gauge reward tokens up to MAXREWARDTOKENS = 16. An attacker is able to frontrun and add 16...

_writeCheckpoint() in Gauge use wrong index to get prevVoteStatus

Lines of code Vulnerability details Impact All the Voting values calculated by writeCheckpoint when it's not first checkpoint is going to set to False instead of account's last vote and because vote has been used in earned and reward calculation so reward distribution is going to be wrong too...

Wrong calculation for the new rewardRate[token] can cause some of the late users can not get their rewards

Lines of code Vulnerability details uint bribeStart = block.timestamp - block.timestamp % 7 days + BRIBELAG; uint adjustedTstamp = block.timestamp = periodFinishtoken safeTransferFromtoken, msg.sender, addressthis, amount; rewardRatetoken = amount / DURATION; else uint remaining = periodFinishtok...

Voting overwrites checkpoint.voted in last checkpoint, so users can just vote right before claiming rewards

Lines of code Vulnerability details Impact if cp0.voted reward += cp0.balanceOf rewardPerTokenStored1 - rewardPerTokenStored0 / PRECISION; this line in gauge.earned function looks like the intention here is to incentivize users to keep their escrow.balanceOfNft voted for this gauge. However, it's...

In gauge, checkpoint.voted is incorrectly copied from previous checkpoint (always false in new checkpoint)

Lines of code Vulnerability details Impact When a user interacts with a gauge and a new balance checkpoint is created in storage of this gauge, then checkpoint.voted for this new checkpoint is always false. Unless users are aware of this bug and call voter.poke after each interaction with the gau...

Bribe Rewards Not Claimable By Voters

Lines of code Vulnerability details Background Based on the code of Gauge contract, there are two types of rewards that can be claimed from the Gauge contract by its users. 1. Gauge Rewards - For users Liquidity providers who deposit their LP tokens a.k.a LP Token Staker into the liquidity gauge...