Reward Manager of the Convex Base Reward Pool Can DoS processYield()

Lines of code Vulnerability details Impact The ConvexCurveLPVault.sol contract allows users to earn a yield on curve token deposits. Rewards are paid out in native CRV and CVX tokens but the reward manager of the base pool may opt to add extra rewards. Because the reward manager has the ability t...

L10: Deposits don’t work with FoT tokens

78 comment Warden: hickuphh3 Line References Description FoT token deposits are not supported because amount is used for internal accounting, but the actual amount received will be less than it due to the fee. I gave a low severity rating because of the existence of a token whitelist. Referenced...

Unreachable require check in LidoVault.sol::_withdrawFromYieldPool()

Lines of code Vulnerability details Impact LidoVault.solL141 In case of ETH withdraw request from user. after exchanging stETH - ETH withdrawFromYieldPool send ETH to user but the require check is after the return of receivedETHAmount so this check won't happen. and in if call is going to fail it...

YieldManager's distributeYield can be subject to sandwich attacks

Lines of code Vulnerability details distributeYield uses Uniswap swaps via convertAssetToExchangeToken and Curve swaps via convertToStableCoin. UniswapAdapter and CurveswapAdapter do use Oracle for price estimation, but distributeYield calls use hard coded 5% SLIPPAGE, which is wide enough to mak...

Wrong order of return and require

Lines of code Vulnerability details Impact It should check require before return, but withdrawFromYieldPool function just return before require, resulting in not checking the result of the call, users may lose their collateral. Proof of Concept The withdrawFromYieldPool function in LidoVault.sol:...

Ether can be locked in the ConvexCurveLPVault contract without a way to retrieve it

Lines of code Vulnerability details Impact If a borrower deposits Curve LP tokens into the ConvexCurveLPVault contract via the payable function GeneralVault.depositCollateraladdress asset, uint256 amount and accidentally sends a non-zero Ether value with it, then the Ether value sent will be lock...

low-level call not validated in lidoVault

Lines of code Vulnerability details Impact In lines 140 and 141 a low-level transfer is performed and first it is reversed and then it is validated with the require if it was done correctly. This can generate many problems, since the transaction may not be carried out and a message may be returne...

hard-coded slippage may freeze user funds during market turbulence (resubmit to downgrade severity)

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

hard-coded slippage may freeze user funds during market turbulence

Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...

sendFundsToUser() function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer

78 comment Warden: hickuphh3 One area of concern is the sendFundsToUser function, where executors are fully trusted to provide the correct information to complete the cross-chain transfer. Any executor that becomes compromised will enable the attacker to fully drain the available liquidity of a...

Users Can Game Yield Distributions

Lines of code Vulnerability details Impact processYield restricts who can call this function to just the vault admin. Upon being processed, the treasury receives its fair share of the yield and the rest is transferred to the YieldManager.sol contract. To distribute yield, the manager calls...

Possible lost msg.value

Lines of code Vulnerability details Impact Possible lost value in depositCollateral function call Proof of Concept In call depositCollateral can will send value and the asset can be an ERC20!= address0, if LidoVault and ConvexCurveLPVault contract receive this call the fouds will lost Also in...

YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying

Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...

C4-004 : Centralization Risk

112 comment Warden: defsec Impact - LOW The system is heavily relies on the ExecutorManager. Therefore, It contains centralization risk If the execution manager is EOA and captured. Proof of Concept 1. Navigate to the following contract...

At LidoVault.sol, _withdrawFromYieldPool()function, ETH transfer return value is not checked

Lines of code Vulnerability details Impact At withdrawFromYieldPool ETH transfer return value is not checked as the return statement at line 141 breaks the return value checking. Proof of Concept function withdrawFromYieldPool address asset, uint256 amount, address to internal override returns...

procee yield can be sandwiched by whales

Lines of code Vulnerability details Impact YieldManager.solL142-L171 YieldManager distributes yield according to the current state. Big whales can deposit into the protocol before the process yield is called and left the project. Sandwich attacks are hard to mitigate and whales can always extract...

function exercise might fail sporadically due to UI & transaction delays.

Lines of code Vulnerability details Impact The function exercise is checking for an exact match of msg.value for it to be successful. // check correct ETH amount was sent to pay the strike requiremsg.value == vault.currentStrike, "Incorrect ETH sent for strike"; There can be a time delay between...

Rebasing tokens lock excess balance in contract

Lines of code Vulnerability details Rebasing tokens lock excess balance in contract If a vault is created with a rebasing ERC20 as its token, additional balance accrued through rebases while the token is owned by the vault may be locked in the contract. If the rebasing token balance decreases whi...

Cally does not support ERC20 tokens with built-in fee

Lines of code Vulnerability details Impact Contract Cally does not properly handle ERC20 tokens that charge fee on their transfers. Implementation of such a tokens does not transfer exact amount provided to transfer but part of it is charged as a fee, burned or used in some other way. This leads ...

TokenType mismatch with true type can be exploited to steal funds

Lines of code Vulnerability details A vault can be created for different TokenTypes, namely ERC20 and ERC721. These tokens have different logic, so a user needs to pass the type of the underlying token when creating a vault. At the end of createVault the user's tokens are pulled into the contract...

YieldManger swap highly vulnerable to sandwich attacks

Lines of code Vulnerability details Impact Swap slippage of 5% allows malicious parties sandwich attack distributeYield swaps Proof of Concept Swap slippage of 5% allows significant extraction of funds from swaps via sandwich attack. The worst offender of this is the stable-stable swaps which...

getDutchAuctionStrike () will return an unfavourable output for seller

Lines of code Vulnerability details Impact The protocol depends on the mentioned function decrementing to 0 or to the reserveStrikeif any is set by the seller of the option. After testing the efficiency of of getDutchAuctionStrike , it will return a value lower than the reserveStrike 2-3hrs prior...

Loss of asset due to improperly setting dutchAuctionReserveStriked

Lines of code Vulnerability details The Option writer Victim believes they will be writing a call option, but ends up selling their asset at a discount. Proof of Concept If dutchAuctionReserveStrike is improperly set, the writer is effectively writing a call option that is immediately in the mone...

Loss of funds due to premiums and proceeds accruing to address(0) by default

Lines of code Vulnerability details Premiums and proceeds earned will accrue to the zero address by default, instead of the vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is not set during createVault, so any call to getVaultBeneficiary will return...

Use ERC721.safertransferFrom instead of ERC721.transferFrom when you send out NFT

Lines of code Vulnerability details Impact Buyers can accidentally lose their NFT if they send to incorrect address. Proof of Concept When the buyer decide to call exercise the NFT is transfered using transferFrom. This is risky because if the destination msg.sender is a contract and it is unable...

Loss of funds due to beneficiary override to address(0) during transfer

Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...

Option buyers might loose funds due to vault owner's manipulation

Lines of code Vulnerability details Impact Option buyers might loose funds due to vault owner's manipulation Proof of Concept Alice creates a vault for her high valued NFT with a low price. Bob buys the option and sends premium. Alice buys the option from Bob by using an other EOA. Bob re-buys th...

Race condition in exercising the options

Lines of code Vulnerability details Impact Option buyers might never exercise their options with a bad actor vault owner, hence creating trust issues to the platform since the promised functionality causes only loss of funds. Proof of Concept Alice creates a vault for her high valued NFT. Bob buy...

Strike price curve of getDutchAuctionStrike is not what users expect

Lines of code Vulnerability details Note: This submission contains links to a private fork of the contest repo. User code423n4 has been added as a collaborator in order to view. Impact Function getDutchAuctionStrike does not implement the function that Option buyers would expect. They probably...

Fee can possibly be set maliciously

Lines of code Vulnerability details Fee is set by an admin and can be set maliciously to steal the funds that are entitled to go to the user. Impact Fee can be set to a maliciously high value to unfairly extract funds from protocol users. An owner can buy options, set fee to 100% and exercise...

???

Lines of code ??? Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- T...

[WP-H0] Fake balances can be created for not-yet-existing ERC20 tokens, which allows attackers to set traps to steal funds from future users

Lines of code Vulnerability details function createVault uint256 tokenIdOrAmount, address token, ... external returns uint256 vaultId ... Vault memory vault = Vault ... ; // vault index should always be odd vaultIndex += 2; vaultId = vaultIndex; vaultsvaultId = vault; // give msg.sender vault tok...

Setting a high feeRate can block exercise or cause negative flow of funds

Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...

Add max fee in setFee and emit event

Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...

Fee-on-transfer / rebasing ERC20 cannot be used as underlying

Lines of code Vulnerability details Some ERC20 tokens may have fee-on-transfer or change balance without owner intervention. If these tokens are used as underlying in the protocol they can be lost. Proof of concept Alice creates a vault with a token that has a 1% fee on transfer. She sends...

“No Revert on Failure“ tokens can be stolen from the contract by disguising them as NFTs.

Lines of code Vulnerability details Impact If a user creates a vault with an ERC20 token with the following two properties: 1. There’s a way to make transferFrom fail to transfer tokens without reverting e.g. some tokens like ZRX return false on failure instead of reverting. 2. fransferFromfrom,...

Fee on transfer tokens block exercises and withdrawals

Lines of code Vulnerability details Fee on transfer tokens block exercises and withdrawals If a vault is created with a fee-on-transfer ERC20 as its token, the underlying asset may be locked in the contract. Scenario: Setup: 1. Alice calls createVault with a fee-on-transfer token address and 1000...

UNISWAP_FEE is hardcoded which will lead to significant losses compared to optimal routing

Lines of code Vulnerability details Impact In YieldManager, UNISWAPFEE is hardcoded, which reduce significantly the possibilities and will lead to non optimal routes. In particular, all swaps using ETH path will use the wrong pool as it will use the ETH / USDC 1% one due to this line. Proof of...

lowerHasMinted() can be used by minters to bypass mintCeiling

Lines of code Vulnerability details Impact It is possible for any whitelisted used to reduce totalMinted for themselves. This value is used in mint to prevent a malicious minter from minting an infinite number of tokens. By allowing a minter to reduce their own totalMinted they are able to perfor...

call to harvest() can be manipulated to steal funds from the contract

Lines of code Vulnerability details Impact When calling harvest, attacker can device a cross-contract reentrancy to steal NFT owned by the contract Cally. Proof of Concept 1. While creating a vault, the owner of NFT transfers the NFT to the contract i.e. ownerOfnftID is Cally. 2. Attacker contrac...

Payble function allows for Eth transfer even when ERC20 tokens are being used

Lines of code Vulnerability details Impact The function depositCollateral in GeneralVault.sol is payable. This needs to be payable for the case in LidoVault where depositToYeild expects ETH to be transferred. However for the ConvexCurveLPVault.sol and the case when LidoVault is not using Eth as a...

Reentrancy in LidoVault

Lines of code Vulnerability details Impact The withdrawFromYieldPool method is vulnerable to a reentry problem, it depends on the caller implementation and CurveswapAdapter.swapExactTokensForTokens in order to exploit it. Proof of Concept Use call instead of transfer to send ether. Because the...

Inefficiency in the Dutch Auction due to lower duration

Lines of code Vulnerability details The vulnerability or bug is in the implementation of the function getDutchAuctionStrike The AUCTIONDURATION is defined as 24 hours, and consider that the dutchAuctionReserveStrike or reserveStrike will never be set to 0 by user. Now if a vault is created with...

No cap on fee parameters

143 comment Warden: gzeon Consider adding caps to fee parameters to reduce rug risk --- The text was updated successfully, but these errors were encountered: All reactions...

missing input validation for _liquidityPool

189 comment Warden: kenta missing input validation for liquidityPool. The owner can change always liquidityPool but this liquidityPool will be used to execute low-level calls. To avoid errors with an empty address this must be checked always. requireliquidityPool != address0, “liquidityPool canno...

no-revert-on-transfer ERC20 tokens can be drained

Lines of code Vulnerability details Impact Some ERC20 tokens don't throw but just return false when a transfer fails. This can be abused to trick the createVault function to initialize the vault without providing any tokens. A good example of such a token is ZRX: Etherscan code When such a vault ...

Protocol does not support fee-on-transfer tokens

62 comment Warden: cmichel Protocol does not support fee-on-transfer tokens, see addLiquidity and LiquidityPool.depositErc20. The amount value is stored and available to be withdrawn later but the contract receives amount - fees. Note that there are tokenCheckstokenAddress and the protocol would...

Executors need to be trusted

62 comment Warden: cmichel Executors need to be trusted, otherwise, they can just call sendFundsToUser to transfer out any funds as they please. Consider adding threshold signatures to prevent all funds from being lost when a single executor is compromised. --- The text was updated successfully,...

Consider remove setLiquidityProviders function

143 comment Warden: gzeon Owner can call setLpToken to change the value of lpToken in WhitelistPeriodManager, which will make all onlyLiquidityPool function revert function setLiquidityProvidersaddress liquidityProviders internal liquidityProviders = ILiquidityProvidersliquidityProviders; functio...

createVault() does not verify ERC20 token contract exists before transferring

Lines of code Vulnerability details Impact There are no checks to ensure the the vault.token contract exists when creating a vault. Token address are deterministic in the EVM and can be known ahead of time. As a result it is possible for a user to call createVault with token set to a ERC20 contra...