Users can get unlimited votes

Lines of code Vulnerability details Impact Users can get unlimited votes which leads to them: 1. gaining control over governance 2. getting undeserved rewards 3. having their pools favored due to gauge values Proof of Concept mint calls moveTokenDelegates to set up delegation... File:...

Upon burn, token is not removed from delegate token list

Lines of code Vulnerability details VotingEscrew burn function does not remove the token from the token's delegate token list. Impact Wrong voting results. Delegate's votes will be inflated. Proof of Concept When minting a token, it is added to the owner's delegate using moveTokenDelegates:...

Bribe.sol is not meant to handle fee-on-transfer tokens

Lines of code Vulnerability details Impact Should a fee-on-transfer token be added as a reward token and deposited, the tokens will be locked in the Bribe contract. Voters will be unable to withdraw their rewards. Proof of Concept Tokens are deposited into the Bribe contract using...

Voting tokens may be lost when given to non-EOA accounts

Lines of code Vulnerability details Impact veNFTs may be sent to contracts that cannot handle them, and therefore all rewards and voting power, as well as the underlying are locked forever Proof of Concept The original code had the following warning: @dev Safely transfers tokenId token from from ...

Must approve 0 first

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value.They must first be approved by zero and then the actual allowance must be approved. Proof of Concept Tools Used Manual Review Recommended Mitigation...

External contract calls inside loops may result in DoS.

Lines of code Vulnerability details Impact Calls to external contracts inside a loop are dangerous especially if the loop index can be user-controlled because it could lead to DoS if one of the calls reverts or execution runs out of gas. Reference Proof of Concept for uint i = 0; i 0...

Griefing Attack By Extending The Reward Duration

Lines of code Vulnerability details Proof-Of-Concept The Gauge.notifyRewardAmount notifies the contract of a newly received rewards. This updates the local accounting and streams the reward over a preset period Five days. It was observed that this function is callable by anyone regardless of...

Rewards can be locked in Bribe contract because distributing them is depend of base token reward amount and Gauge.deliverBribes() is not get called always by Voter.distribute()

Lines of code Vulnerability details Impact Voter.distribute calls Gauge.deliverBribes if claimablegauge / DURATION 0 was True and claimablegauge shows base token rewards for gauge. Gauge.deliverBribes calls Bribe.deliverReward which transfers the rewards to Gauge. so for Bribe rewards to been...

Repeated calls to deliverBribes() risks draining bribe of assets into Gauge

Lines of code Vulnerability details Impact Funds drain from Bribe prematurely with repeated calls to deliverBribes Proof of Concept Calling deliverBribes calls deliverRewards which transfers the amount specified as the rewards due and sends to gauge. Repeated calls to deliverBribes makes repeated...

functions deposit() and notifyRewardAmount() in Bribe and Gauge contract don't consider deflationary tokens when transferring

Lines of code Vulnerability details Impact The actual amount that has been transferred can be different than requested amount in deflationary tokens and this is not been addressed in transferring logic in the code. This can cause wrong calculation and rewards distribution for users. Proof of...

Wrong reward distribution in Bribe because deliverReward() won't set tokenRewardsPerEpoch[token][epochStart] to 0

Lines of code Vulnerability details Impact Function deliverReward in Bribe contract won't set tokenRewardsPerEpochtokenepochStart to 0 after transferring rewards. Gauge.getReward calls Voter.distribute which calls Gauge.deliverBribes which calls Bribe.deliverReward. so if Gauge.getReward or...

Bribe Rewards Not Collected In Current Period Will Be Lost Forever

Lines of code Vulnerability details High Bribe Rewards Not Collected In Current Period Will Be Lost Forever Vulnerability Details It was observed that if the bribe rewards are not collected in the current period, they will not be accrued to future epoch, and they will be lost forever...

If extra reward token is "protected token" it the rewards will be taken by other protocols

Lines of code Vulnerability details Impact Misallocation of extra reward tokens Proof of Concept Let's think of a scenario where CRV is being used as an extra incentive for a pickle finance gauge. The extra rewards will be sent to voterProxy but when the extra rewards stash tries to claim them, t...

Anyone can add Bribe reward tokens and cause DoS

Lines of code Vulnerability details Impact The Bribe.notifyRewardAmount function does not have any access restriction. Anyone an attacker can frontrun and call this function to add arbitrary even malicious reward tokens up to MAXREWARDTOKENS = 16. An attacker is able to frontrun and add 16 fake...

Not calling _safeApprove(0) before setting a new approval causes the call to revert when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens like the very popular USDT do not work when changing the allowance from an existing non-zero allowance value it will revert if the current approval is not zero to protect against front-running changes of approvals. These tokens must first be...

Unauthorized notifyRewardAmount

Lines of code Vulnerability details Impact Anyone can trick Bribe and Gauge contracts by calling notifyRewardAmount with arbitrary tokens until MAXREWARDTOKENS is reached. However, later team can replace these fake tokens by calling swapOutRewardToken. However, still, a malicious actor can force...

Missing events/timelock for function updateChannel only functions that change critical parameters

Lines of code Vulnerability details Impact functions that change critical parameters should emit events and have timelocks. Events allow capturing changed parameters so interfaces can register changes with timelock. It allow users to evaluate them and consider if they would like to engage or exit...

notifyRewardAmount() griefing attack by adding MAX_REWARD_TOKENS

Lines of code Vulnerability details function notifyRewardAmountaddress token, uint amount external lock requireamount 0; if !isRewardtoken requirerewards.length Recommendation Consid...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code: contracts/contracts/Bribe.sol:...

Approved spender can not withdraw or merge

Lines of code Vulnerability details In the current implementation, withdraw and merge veNFT can be called by approved spender or token owner. function withdrawuint tokenId external nonreentrant assertisApprovedOrOwnermsg.sender, tokenId; function mergeuint from, uint to external...

The VotingEscrow steals depositor's rebasing tokens' rewards

Lines of code Vulnerability details Rebasing tokens are tokens that have each holder's balanceof increase over time. This ability of user's balances to grow is a way that some tokens provide rewards to the current holders. Aave aTokens are an example of such tokens. Impact Because the VotingEscro...

Gauge Rewards Not Claimable By LP Token Stakers

Lines of code Vulnerability details Background Based on the code of Gauge contract, there are two types of rewards that can be claimed from the Gauge contract by its users. 1. Gauge Rewards - For users Liquidity providers who deposit their LP tokens a.k.a LP Token Staker into the liquidity gauge...

In Bribe, tokenRewardsPerEpoch isn't decreased after transferring the rewards

Lines of code Vulnerability details Impact DoS issues when users try to claim rewards. Proof of Concept tokenRewardsPerEpochtokenadjustedTstamp for a given epoch only increases when bribe.notifyRewardAmount is called and never decreases. Before it's called first time in a given epoch, this value...

Gauge Functionalities Still Accessible After Being "Killed"

Lines of code Vulnerability details Proof-of-Concept The Voter contract contains a killGauge function that allow the emergency council to kill a gauge. The killGauge function will set the isAlive mapping to false. Thus, calling Voter's functions e.g. Voter.updateGauge, Voter.distributegauge again...

Bribe Rewards Struck In Contract If Deposited During First Epoch

Lines of code Vulnerability details Vulnerability Details Bribe rewards added to the Bribe contract in the first epoch will not be claimable by any voters, and the rewards will struck in the Bribe contract. Proof-of-Concept Assume that the current epoch is epoch 0, and start date of epoch 0 is Da...

Voting Escrow System could be wrapped and made useless without contract whitelisting

Lines of code Vulnerability details Impact Anyone could create a contract or a contract factory, say “Velo Locker" with a fonction to deposit VELO tokens through a contract, lock them and delegate the voting power to the contract owner. Then, the ownership of this contract could be sold, or the...

Wrong parameter in _removeTokenFrom call from _burn internal function

Lines of code Vulnerability details Impact Break the posibility of third party callapprove or approvalForAll authorization to withdraw and merge functions what use the burn internal function Proof of Concept If somebody use the withdraw or merge functions as third party "operator" with approve or...

withdraw() and merge() functions of VotingEscrow won't work when an approved user(not owner) calls because _burn() function fails.

Lines of code Vulnerability details Impact withdraw and merge functions of VotingEscrow won't work when an approved usernot owner calls. Proof of Concept withdraw and merge functions call burn function inside and burn function calls removeTokenFrom using msg.sender. But removeTokenFrom requires...

DOS by creating large amount of SupplyCheckpoint

Lines of code Vulnerability details Impact An attacker can repeatedly call withdrawToken to create a large amount of SupplyCheckpoint. When there is a large amount of pending SupplyCheckpoint, updateRewardPerToken might revert due to out-of-gas when trying to processing all the checkpoints, rewar...

Attacker can block LayerZero channel

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the src and dst app is blocked. Before any new transactions can be executed, the failed transaction has to be retri...

GettersAndDerivers: Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash in the deriveOrderHash function of the GettersAndDerivers contract, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to t...

Upgraded Q -> M from 94 [1653831846680]

Judge has assessed an item in Issue 94 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 26 [1653831187876]

Judge has assessed an item in Issue 26 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

User will get free funds

Lines of code Vulnerability details Impact If contract has an existing balance of WETH, ETH or targetUnderlying then user will get extra funds. Proof of Concept 1. Assume contract has existing amount 10 of targetUnderlying token 2. User calls burnToTarget function which converts all his passed...

Incorrect msg.value usage could lead to fund loss

Lines of code Vulnerability details Impact The burnToTarget function is using msg.value in a loop which is passed to swapAll function of swapperRouter. Since msg.value amount will not change within loop, contract will end up using its own ETH Proof of Concept 1. User calls burnToTarget function...

OrderValidator: The _cancel function does not validate the order status, the order will be cancelled even if the order does not exist.

Lines of code Vulnerability details Impact In the cancel function of the OrderValidator contract, orderStatusorderHash.isValidated is not checked. If the user's input is incorrect, the non-existing order will be cancelled without any message, causing the user to think that the correct order has...

First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept In BathToken.sol:569-571, the...

Wrong fee calculation between Router & Market

Lines of code Vulnerability details Impact The wrong fee calculation can cause a loss to users' fund and this loss will be stuck in RubiconRouter Proof of Concept We have the default $feeBPS = 20, BPS = 10000$ Let's assume that alice call RubiconRouter.swappayamt=1000000 Through router, alice wil...

BathToken.sol#_deposit() attacker can mint more shares with re-entrancy from hookable tokens

Lines of code Vulnerability details BathToken.soldeposit calculates the actual transferred amount by comparing the before and after balance, however, since there is no reentrancy guard on this function, there is a risk of re-entrancy attack to mint more shares. Some token standards, such as ERC77...

First pool depositor can break minting of shares

Lines of code Vulnerability details Impact First depositor of the pool can break minting of the Bath Token shares Proof of Concept An attacker -who is the first one to deposit- sends 1 wei and bypasses totalSupply == 0 condition. Later a very large amount of donation to the pool and inflates the...

Calculation error

Lines of code Vulnerability details Impact function swap uint256 payamt, uint256 buyamtmin, maxAmount is a payamt denominated in token route0 =paygem buyamtmin is a buyamt denominated in token routelast =buygem buyamtmin expectedMarketFeeBPS / 1000 is the fee denominated in token routelast --...

rewardsVestingWallet is never initialized

Lines of code Vulnerability details Impact rewardsVestingWallet in BathToken is never initialized thus release will never happen: /// @notice Address of the OZ Vesting Wallet which acts as means to vest bonusToken incentives to pool HODLers IBathBuddy public rewardsVestingWallet; When calling...

There is no way to set the rewardsVestingWallet (IBathBuddy) in BathToken contract

Lines of code Vulnerability details rewardsVestingWallet IBathBuddy helps in releasing or distributing vested bonus tokens during withdrawals. There is currently no function to set it in BathToken contract. rewardsVestingWallet IBathBuddy remains as address0 and is unusable. Impact Admin can not...

Reentrancy attack

Lines of code Vulnerability details Impact High impact. Reentrancy Attack may lead in lost of funds. Proof of Concept Reentrancy in RubiconMarket.matchouint256,ERC20,uint256,ERC20,uint256,bool c ontracts/RubiconMarket.sol1049-1108: External calls: - buybestmakerid,minmpayamt,t...

QA Report

Impact RubiconRouter.swapEntireBalance is supposed to buy at least buyamtmin of Y output tokens by using the caller's entire X input token balance. The problem is that instead of passing the buyamtmin minus the fee to swap, the code uses the caller's X token balance, maxAmount. This means the cal...

BathToken with initial liquidity of 1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The creator of a new BathToken is able to maliciously manipulate the share price by providing lowest possible amount 1 wei of liquidity initialLiquidityNew and then artificially blowing up the BathToken token balance. Following depositors will loose thei...

Anyone can cancel orders from the router and get the tokens

Lines of code Vulnerability details Impact Anyone can cancel orders from the router and get the tokens Proof of concept -A user makes a WETH order from the router -Any attacker can call the cancel function with the order ID and get all the unfilled funds from the order Basically orders in the...

Orders sent with RubiconRouter Will get fulfilled in the router and tokens will be Lost

Lines of code Vulnerability details impact Users of the router will lose their funds proof of concept -Users can send orders from the router using offerForEth or offerWithEth -In order creation msg.sender will be the router since the router calls the market If the order doesn't get instantaneousl...

Reserve ratio isn't enforced after a trade execution

Lines of code Vulnerability details impact Users could get exposed to higher risk than desired and funds to withdraw from the vault could not be available Proof of Concept The reserve ratio is the parameter that ensures a percentage of the tokens is always available to be withdrawn from a pool by...

Casting overflow when updating the status of partially fulfilled orders

Lines of code Vulnerability details Impact In the validateOrderAndUpdateStatus function of OrderValidator, the numerator and denominator of the order status are cast from type uint256 to uint120. However, since the explicit cast does not ensure the value fits the uint120 data type i.e., not...