Fund loss or theft by attacker with creating a flash loan and setting SuperVault as receiver so executeOperation() will be get called by lendingPool but with attackers specified params

Lines of code Vulnerability details Impact According to Aave documentation, when requesting flash-loan, it's possible to specify a receiver, so function executeOperation of that receiver will be called by lendingPool. In the SuperVault there is no check to prevent this attack so attacker can use...

SuperVault's leverageSwap and emptyVaultOperation can become stuck

Lines of code Vulnerability details leverageSwap and emptyVaultOperation can be run repeatedly for the same tokens. If these tokens happen to be an ERC20 that do not allow for approval of positive amount when allowance already positive, both functions can become stuck. In both cases logic doesn't...

Missing 0 approval

Lines of code Vulnerability details Impact When changing the allowance value from an existing non-zero value, certain tokens e.g., USDT must first be approved by zero before approving the actual allowance. Otherwise the token will not work. Proof of Concept There are two instances of missing zero...

GUniLPOracle can provide stale prices

Lines of code Vulnerability details As stale price is determined by assetUpdatedAt, which is the time since last timestamp, the price that is most recent, but wasn't updated for more than threshold, will be rejected, which makes system unavailable in such a case. In the same time real stale price...

Reentrancy Bugs in GenericMinerV2

Lines of code Vulnerability details Impact No ETH reentrancy decreaseStake: makes external call releaseRewards and updates the state variables afterwards totalStake, updateBoost increaseStake: makes call to releaseRewards and updates state variables afterwards totalStake, updateBoost Recommended...

Unbound loop can brick contract and freeze miner payments

Lines of code Vulnerability details Impact The payees array in the MinerPayer.sol contract can grow to an unbounded size. That means it could grow so large that the MinerPayer.release function can't loop through them all without triggering an out of gas error. Updating the payees array in the...

VaultCore's withdrawETH uses transfer function, which can be unusable for some smart contracts

Lines of code Vulnerability details Impact When a user wishes to withdraw their collateral from a WETH vault, the funds are returned to the user with msg.sender.transfer. Using transfer is not recommended anymore, especially for critical operations like withdrawing collateral from a vault as it...

withdrawETH might fail if msg.sender is a smart contract.

Lines of code VaultsCore.solL230 Vulnerability details Impact Vault owner might not be able to successfully call withdrawETH and withdraw collateral if said owner is a smart contract. Proof of Concept Native transfer used in withdrawEth has a hard coded 2300 gas limit that can fail if the vault...

Users can use updateBoost function to claim unfairly large rewards from liquidity mining contracts for themselves at cost of other users.

Lines of code Vulnerability details Impact Users aware of this vulnerability could effectively steal a portion of liquidity mining rewards from honest users. Affected contracts are: SupplyMinerV2, DemandMinerV2, PARMinerV2 VotingMinerV2 is less affected because locking veMIMO in votingEscrow...

Non-standard ERC20 Tokens are Not Supported

Lines of code Vulnerability details When trying to call SuperVault.executeOperation the transaction reverts. This is because the call to asset.approve in line97 doesn't match the expected function signature of approve on the target contract like in the case of USDT. This issue exists in any call ...

PARMinerV2's liquidate can become stuck

Lines of code Vulnerability details PARMinerV2's liquidate can be run repeatedly for the same collateralToken with different arguments. For example, different Vaults can have the same token, so there can be unrelated runs with different vaultId / DEX data, but the same collateralToken and proxy. ...

SuperVault's aggregatorSwap doesn't check router call success, proceeding anyway

Lines of code Vulnerability details aggregatorSwap will not revert if router.call wasn't successful, leading to malfunctions of the emptyVaultOperation, rebalanceOperation and leverageSwap where it is used. Call failure can freeze the funds and make allowances unused which can make future approva...

ChainlinkInceptionPriceFeed can report stale price

Lines of code Vulnerability details As stale price is determined by time since last timestamp, the price that is most recent, but wasn't updated for more than PRICEORACLESTALETHRESHOLD say there were no trades on the market will be rejected, which makes system unavailable in such a case. This can...

Fund theft In PARMinerV2 with depositing in VotingEscrow and calling updateBoost() to update user.stakeWithBoost without updating accAmountPerShare and accParAmountPerShare. and then collecting more rewards

Lines of code Vulnerability details Impact Attacker can generate more PAR and MIMO reward for himself and steal others rewards by staking in VotingEscrow then calling updateBoost which updates user.stakeWithBoost based on user boost multiplier which is based on user VotingEscrow balance without...

In GenericMinerV2 get more reward by staking in votingEscrow and calling syncStake()

Lines of code Vulnerability details Impact User can withdraw & deposit in votingEscrow contract and then call syncStake function of VotingMinerV2 to update his stake and stakeWithBoost with his new balance, and then he can call releaseRewards to get more reward than he spoused to. Proof of Concep...

Missing Validations In Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact Here, latestRoundData is missing an additional validation to ensure that the round is complete. Proof of Concept Affected code: core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol:74: , int256 eurAnswer, , uint256 eurUpdatedAt, =...

Unchecked low level calls

Lines of code Vulnerability details Impact The contracts use low level Solidity .call without checking the success value. While these calls should never fail when the contract addresses are correct, we still recommend checking the success return value of these low-level calls. Note: All MIMO and...

Missing Validations In Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact Here, latestRoundData is missing an additional validation to ensure that the round is complete. Proof of Concept core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol:74: , int256 eurAnswer, , uint256 eurUpdatedAt, = eurOracle.latestRoundDat...

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

Usage of deprecated transfer to send ETH in VaultsCore.sol

Lines of code Vulnerability details Impact Smart contract is not robust as it depends on gas cost so it can fail in some circumstances. PoC The usage of transfer to send ETH is widely considered a bad practice as it limits the gas usage to 2300. msg.sender.transferamount; @Audit deprecated transf...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: Proof of Concept...

Anyone can rebalance vaults on behalf of owner and eventually extract funds

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept - rebalance When using Aave's flashLoan, a recipient can be specified. Therefore the access control of executeOperation in SuperVault is useless as anyone could take a flashloan to call...

Oracle failure allows NFT to be stolen

Lines of code Vulnerability details Impact Any temporary failure in an oracle relaying a price allows the NFT collateral to be removed by the lender, even if the value of the NFT is still far above the agreed-upon liquidation value. Considering that oracle price retrieval failure is accounted for...

Reentrancy attack in collateral.transferFrom that borrowers can trick lenders to lend but the lenders will never get the collateral

Lines of code Vulnerability details Impact A borrower attacker can use reentrancy attack to request a loan successfully and the collateral is still owned by the attacker. If a lender victim tries to call lend on the malicious loan which seems normal, the lender will lose money and never get the...

[WP-M1] supplyTokenTo() may fail when Aave Pool address changed

Lines of code Vulnerability details function supplyTokenTouint256 depositAmount, address to external override nonReentrant uint256 shares = tokenToSharesdepositAmount; requireshares 0, "AaveV3YS/shares-gt-zero"; address underlyingAssetAddress = tokenAddress;...

Use Victims Collateral by Frontrunning

Lines of code Vulnerability details Issue: the require statement in requestLoan doesn't check if the one that provides the collateral is the same address that requests the loan Consequences: If an NFT is transferred to the contract by itself, either on accident or preparing to call requestLoan wi...

No success required for Oracle market rate queries

Lines of code Vulnerability details Impact The system can use stale or even plainly incorrect due to any technical malfunction price for decision making. For example, a malicious lender can setup a bot that tracks incorrect readings i.e. track the state of the Oracle used and act on observing...

Lender can unconditionally liquidate borrower by changing oracle

Lines of code Vulnerability details Impact In NFTPairWithOracle.updateLoanParams, a lender is allowed change the oracle. If the lender set it some oracle that return invalid price, he can call removeCollateral immediately to liquidate the borrower. Proof of Concept function updateLoanParamsuint25...

NFT oracle price request successful or not is not checked

Lines of code Vulnerability details Impact Loan can be destroyed because of no price reported by oracle. or any other reason that makes oracle "work as expected" in bad situations when the get function return success=false Proof of Concept According to the interface of INFTOracle, the first...

Lender can immediately liquidate valued Collateral in NFTPairWithOracle contract

Lines of code Vulnerability details Impact A lender can liquidate a borrower's collateral immediately by calling updateLoanParams in the NFTPairWithOracle contract where the ltvBPS for the params struct is set to 0. This bypasses the checks to make sure that the terms are favourable to the...

Loss Of Collateral Via Illegitimate Liquidation

Lines of code Vulnerability details Issue: updateLoanParams allows the lender to change the terms of an in-progress loan to lower ltvBPS. removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. A low or 0 ltvBPS...

Malicious lender can change price oracle for outstanding loan

Lines of code Vulnerability details The updateLoanParams function in NFTPairWithOracle.sol allows the lender to update parameters for an outstanding loan duration, valuation, annual interest, and collateralization ratio as long as they are the same or better for the borrower. These params are...

Inconsistent balance when supplying fee-on transfer tokens

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of Concept AaveV3YieldSource.solL237 Tools Used Manu...

Borrower can update loan parameters and force lender into accepting near-unliquidatable loan

Lines of code Vulnerability details Impact While loan is in LOANREQUESTED phase, the updateLoanParameters function can be called by the borrower to adjust TokenLoanParams.ltvBPS to a value that is very unfavorable for a prospective lender. Usually, this results in the loan not being accepted by a...

[WP-H8] Special ERC721 compatible implementation may allow an attacker to requestLoan without transferring in the NFT collateral

Lines of code Vulnerability details NFT is a fragmented standard, for certain non-standard ERC721 implementations, they may have built-in hooks that can be used to re-enter the contract. Just like ERC777 to ERC20. For example, if the collateral NFT got a pre-transfer hook to the receiver of the...

Pool has free access to all funds without using the redeem method

Lines of code Vulnerability details Impact Pool has access to all funds even if they weren't deposited by the pool Proof of Concept The AAVE yield source contract allows anyone to deposit and withdraw funds that are deposited or withdrawn from AAVE. In the constructor of the contract, max approva...

An attacker can make users' funds get "locked" in the contract (the owner can get them out and transfer them back to the users)

Lines of code Vulnerability details Impact If a user manages to be the first user to deposit into the contract, he will be minted shares and he can steal all the other users' deposits. Proof of Concept 1. The attacker deposits 1 token into the contract and 1 share is minted to him totalSupply and...

An attacker can make users' funds get "locked" in the contract (the owner can get them out and transfer them back to the users)

Lines of code Vulnerability details Impact If a user manages to be the first user to deposit into the contract, he will be minted shares and he can steal all the other users' deposits. Proof of Concept 1. The attacker deposits 1 token into the contract and 1 share is minted to him totalSupply and...

Blocking of Legitimate Liquidation

Lines of code Vulnerability details Issue: removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. An arbitrarily high ltvBPS will effectively bypass the oracle price and block liquidation. Consequences: A malicious...

Owner can steal rewards

Lines of code Vulnerability details Impact Users may not get their AAVE rewards Proof of Concept The claimRewards function allows the owner to send any rewards distributed by AAVE to any address. The rewards are being earned using user's funds but they aren't returned back to users and the owner...

Users Who approve() ERC20 Tokens for NFTPair of NFTPairWithOracle Contracts May Have Their Allowances Stole By Any User

Lines of code Vulnerability details Impact User's who approve ERC20 or any other token type excluding the collateral token may have their balances stolen by any user. The ACTIONCALL allows users to call any function on any smart contract excluding this, collateral and bentoBox. Thus, if any user...

Protocol fees during origination are based on another fee rather than on the loan amount

Lines of code Vulnerability details Impact Protocol fee revenue will be much lower than expected. If the average NFT loaned on the platform is worth $900, openFeeShare will be $9, and protocolFeeShare will be only $0.90. There would have to be more than 50,000 such loans to cover the cost of this...

Outstanding loan Oracle can be arbitrary changed by a lender

Lines of code Vulnerability details Impact As updateLoanParams function do not verify params.oracle, a lender for an already outstanding loan can change params.oracle to a non-market one. For example, the lender can set oracle to a pre-cooked INFTOracle contract reporting 0 price of the asset and...

[WP-H1] A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details This is a well-known attack vector for new contracts that utilize pricePerShare for accounting. / @notice Calculates the number of shares that should be minted or burnt when a user deposit or withdraw. @param tokens Amount of asset tokens @return Number of...

Lender can adjust ltvBPS and instantly sieze collateral

Lines of code Vulnerability details Impact After the loan is accepted and is in the LOANOUTSTANDING phase, updateLoanParams allows the lender to update the TokenLoanParams.ltvBPS parameter. The require check allows for the parameters to change as long as they are favorable for the borrower, but...

Yield source does not correctly calculate share conversions

Lines of code Vulnerability details The aTokens’ value is pegged to the value of the corresponding supplied asset at a 1:1 ratio and can be safely stored, transferred or traded. All yield collected by the aTokens' reserves are distributed to aToken holders directly by continuously increasing thei...

Contract Can Be Bricked by Transferring a Large Amount of aTokens

Lines of code Vulnerability details Impact The supplyTokenTo function is executed when a yield source prize pool deposits tokens into Aave to generate yield. This contract uses an internal function called tokenToShares to calculate how many shares to mint on behalf of the to account. Because this...

Owner of the PoolAddressesProviderRegistry Contract Can Update the Pool Address and Effectively Lock Deposited Funds by Preventing All Withdrawals

Lines of code Vulnerability details Impact The owner of the PoolAddressesProviderRegistry contract is able to register and unregister providers as they see fit. Because AaveV3YieldSource.sol dynamically queries the Aave pool through this contract, it is possible for the owner of this Aave contrac...

Params.oracle can be changed to a fake one by front running NFTPairWithOracle's lend function

Lines of code Vulnerability details Impact As neither lend, nor updateLoanParams functions verify params.oracle, the lend call can be front run by a malicious borrower with changing params.oracle to a non-market one. The front run will be an updateLoanParams call where borrower introduces fake...

claimRewards() may have a rug risk.

Lines of code Vulnerability details Impact Although claimRewards is supposed to be called by the owner or managers to claim the rewards, it still could be a "rug risk". The owner or managers can take all the rewards unconditionally. Proof of Concept function claimRewardsaddress to external...