Using deprecated Chainlink function latestAnswer() in PriceOracleImplementation.sol

Lines of code Vulnerability details Impact In the function getUnderlyingPrice, Chainlink's latestAnswer is used and this function is deprecated and should not be used as this function returns 0 when there is no data rather than giving out error. Precedent of this issue can be found in...

Admin can manipulate nft prices by _setNftPriceOracle

Lines of code Vulnerability details impact setNftPriceOracle is an admin-only function which can set a new nftOracle. But there is no restriction in this function. An admin can set any oracle unconditionally. It could be used to manipulate nft prices in liquidateCalculateSeizeNfts. Proof of Conce...

Loss of NFTs Via Malicious Oracle Injection

Lines of code Vulnerability details Issue: The admin account can arbitrarily update the oracle at any time. If the oracle is changed to a malicious or vulnerable oracle, the price may be manipulated to allow illegitimate siezure of the assets. Consequences: Any user-deposited NFT with outstanding...

Oracle Prices Could Be Stale Or Manipulated due to latestAnswer() call

Lines of code Vulnerability details Impact In calls to the Chainlink oracle, the deprecated API function latestAnswer is used. This approach is vulnerable to price manipulation and stale prices according to the Chainlink documentation. This vulnerability was marked as Medium severity in the...

Loss of Funds Via Malicious Oracle Injection

Lines of code Vulnerability details Issue: The admin account can arbitrarily update the oracle at any time. If the oracle is changed to a malicious or vulnerable oracle, the price may be manipulated to allow undercollateralized borrowing. Consequences: Total loss of protocol funds for an attacker...

amount requires to be updated to contract balance increase (2)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (17)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (9)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

using tx.origin does not guarantee EOA (2)

Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...

amount requires to be updated to contract balance increase (12)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (10)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (7)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (3)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (8)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (14)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (18)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (6)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (1)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (15)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (5)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

using tx.origin does not guarantee EOA (3)

Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use !isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...

amount requires to be updated to contract balance increase (11)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (4)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (13)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

NFT's can be bought to lowestprice even the final price is closed over the lowestprice

Lines of code Vulnerability details Impact NFT's can be bought to lowestprice even the final price is closed over the lowestprice Proof of Concept Say the 8000 NFT's are not sold at the bidSummon phase and optimistically the finalprice will be closed above the lowestprice of 0,6 ETH. A malicious...

All approved addresses can burn tokens

Lines of code Vulnerability details Impact The burn function calls isApprovedOrOwner to check if a caller is authorized to burn tokens. This means that any address that has been approved can burn a user's token. Reading the ERC721 documentation from OpenZeppelin makes it understood that the...

Unhandled return value of ERC20 transfer

Lines of code Vulnerability details Impact For reference, see similar Medium-severity finding from Consensys Diligence Audit of Aave Protocol V2: As stated in the above finding: “ERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return ‘false...

Lack of validation on many important setters can lead to unwanted results

Lines of code Included below Vulnerability details Impact There are several important setter functions that lack validation on either the value itself or the timing on which the function can be called. It seems that the developer intentionally wrote these contracts with flexibility in mind, so I ...

Missing validations in setter and setPhaseTimes() functions.

Lines of code Vulnerability details Impact Time variable validations daStartTime, mintlistStartTime, publicStartTime, claimsStartTime, selfRefundsStartTime are only done in setPhaseTimes and not even all validations. These validations should be performed: daStartTime block.timestamp...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details description When using Chainlink Price feeds it is important to ensure the price feed data was updated recently. While getting started with chainlink requires just one line of code, it is best to add additional checks for in production environments. findings...

A malicious actor can cause DoS with Block Gas Limit and destroy the sale flow also having advantage of buying cheaper price

Lines of code Vulnerability details Impact A malicious actor can cause DoS with Block Gas Limit and mint NFT's on cheaper price as the price drop is in action or destroy the sale flow. Proof of Concept Each block has an upper bound on the amount of gas that can be spent, and thus the amount...

The ownership context is too centralized leaving room for other attack surfaces

Lines of code Vulnerability details Impact The ownership context is too centralized leaving room for other attack surfaces and leaving impression of distrust for the participants. Proof of Concept Almost all of the functions have onlyOwner modifier which allows accessing all the vital points of t...

Limit not enforced on teamSummon function

Lines of code Vulnerability details Impact The docs say there is a cap on how many tokens the project team can mint, however there are no checks or tracking implemented in the teamSummon function to enforce that limit. An admin calling that function could accidentally or maliciously exceed the...

Total loss of funds on owner account compromise

Lines of code Vulnerability details Issue: The vault address may be arbitrarily updated by the owner using setVaultAddress. The owner can also call withdrawAll to move all funds to the vault. Consequence: A malicious owner or owner account compromise can siphon the entire contract's funds to an...

reentryattack with owner checks and effecst pattern not implemented

Lines of code Vulnerability details Impact reentryattack can happen because checks and effects pattern not implemented Proof of Concept a owner can be millousius and take advantage of effects after a call Recommended Mitigation Steps do the checks and effects pattern --- The text was updated...

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Vulnerability details The usage of address.send is considered a bad practice as it only uses 2300 gas and you create a high dependency of gas. It is true that this is only used in an emergency to transfer the funds to the vault, but it always a better practice ...

Using deprecated Chainlink function latestAnswer

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. Proof of Concept This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8...

Outdated Interface Implementation

Lines of code Vulnerability details Impact The Chainlink aggregator interface used by the project is outdated and does not permit the project to properly sanitize the price values it receives. Recommended Mitigation Steps The interface is to be updated according to the official Chainlink...

Deprecated oracle can return 0 as a price

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. Proof of Concept This function does not error if no answer has been reached but returns 0. Besides, the latestAnswer is reported with 18 decimals for crypto quotes but 8...

Chainlink latestAnswer has been deprecated

Lines of code PriceOracleImplementation.solL29-L31 Vulnerability details Impact latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns zero. There is no check for stale price and round completeness. Price can be stale and lead to wrong return...

Usage of deprecated Chainlink oracle function

Lines of code Vulnerability details Impact The Chainlink oracle latestAnswer function is deprecated. Instead, you're supposed to use latestRoundData. Using deprecated functions can result in the PriceOracleImplementation not returning the correct value anymore. It will affect the availability of...

Inexistent Chainlink Data Staleness Sanitization

Lines of code Vulnerability details Impact The IChainlinkAggregator implementation utilized by the codebase is outdated and as such is not properly sanitized. Recommended Mitigation Steps While the interface itself needs to be updated in its dedicated finding, the code utilizing it should also be...

Chainlink pricer is using a deprecated API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept Tools Used None Recommended...

Use of ChainlinkFeed latestAnswer in PriceOracleImplementation is deprecated and not sufficiently validated

Lines of code Vulnerability details Impact PriceOracleImplementation.sol uses the latestAnswer function on the mainnet deployed ChainlinkFeed for the USDC oracle price. However, this function is deprecated as outlined in the comments of the deployed Chainlink contract see POC below. Notably,...

Dutch Auction fails when maxDaSupply is not reached

Lines of code Vulnerability details Impact Dutch Auction fails when maxDaSupply is not reached Proof of Concept Dutch Auction should update finalPrice every time price decreases. However, currently fianlPrice is updated only when auction reaches full supply reserved for auction phase. 1. Alice bu...

Division by zero

I'm upgrading the following issue from a QA report issue 48 to Medium risk: Division by zero calculateDeviationThresholdBasisPoints was important enough to be in a separate library rather than being just a normal function of another contract so it should be generic enough for other contracts to u...

Impossible to liquidate small amounts

Lines of code Vulnerability details Impact It might not be possible to liqudate small positions depending on the liquidateCallerReward. Function liquidate in PARMinerV2 first transfers liquidateCallerReward to the liquidator and then expects that the remaining par balance is greater than it was...

ABDKMath64 performs multiplication on results of division

Lines of code Vulnerability details Impact Solidity could truncate the results, performing multiplication before division will prevent rounding/truncation in solidity math. Recommended Mitigation Steps Consider ordering multiplication first. --- The text was updated successfully, but these errors...

ERC20 tokens with no return value will fail to transfer

Lines of code Vulnerability details Although the ERC20 standard suggests that a transfer should return true on success, many tokens are non-compliant in this regard including high profile, like USDT . In that case, the .transfer call here will revert even if the transfer is successful, because...

Missing approve(0)

Lines of code Vulnerability details Impact Some tokens, like USDT see requirement line 199, require first reducing the address allowance to 0 by calling approvespender, 0 and then approve the actual allowance. When using one of these unsupported tokens, all transactions revert and the protocol...