VaultCore's withdrawETH uses transfer function, which can be unusable for some smart contracts

Lines of code Vulnerability details Impact When a user wishes to withdraw their collateral from a WETH vault, the funds are returned to the user with msg.sender.transfer. Using transfer is not recommended anymore, especially for critical operations like withdrawing collateral from a vault as it...

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

GUniLPOracle can provide stale prices

Lines of code Vulnerability details As stale price is determined by assetUpdatedAt, which is the time since last timestamp, the price that is most recent, but wasn't updated for more than threshold, will be rejected, which makes system unavailable in such a case. In the same time real stale price...

Fund loss or theft by attacker with creating a flash loan and setting SuperVault as receiver so executeOperation() will be get called by lendingPool but with attackers specified params

Lines of code Vulnerability details Impact According to Aave documentation, when requesting flash-loan, it's possible to specify a receiver, so function executeOperation of that receiver will be called by lendingPool. In the SuperVault there is no check to prevent this attack so attacker can use...

ABDKMath64 performs multiplication on results of division

Lines of code Vulnerability details Impact Solidity could truncate the results, performing multiplication before division will prevent rounding/truncation in solidity math. Recommended Mitigation Steps Consider ordering multiplication first. --- The text was updated successfully, but these errors...

Missing Validations In Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact Here, latestRoundData is missing an additional validation to ensure that the round is complete. Proof of Concept core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol:74: , int256 eurAnswer, , uint256 eurUpdatedAt, = eurOracle.latestRoundDat...

Users can use updateBoost function to claim unfairly large rewards from liquidity mining contracts for themselves at cost of other users.

Lines of code Vulnerability details Impact Users aware of this vulnerability could effectively steal a portion of liquidity mining rewards from honest users. Affected contracts are: SupplyMinerV2, DemandMinerV2, PARMinerV2 VotingMinerV2 is less affected because locking veMIMO in votingEscrow...

Non-standard ERC20 Tokens are Not Supported

Lines of code Vulnerability details When trying to call SuperVault.executeOperation the transaction reverts. This is because the call to asset.approve in line97 doesn't match the expected function signature of approve on the target contract like in the case of USDT. This issue exists in any call ...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: Proof of Concept...

Unchecked low level calls

Lines of code Vulnerability details Impact The contracts use low level Solidity .call without checking the success value. While these calls should never fail when the contract addresses are correct, we still recommend checking the success return value of these low-level calls. Note: All MIMO and...

withdrawETH might fail if msg.sender is a smart contract.

Lines of code VaultsCore.solL230 Vulnerability details Impact Vault owner might not be able to successfully call withdrawETH and withdraw collateral if said owner is a smart contract. Proof of Concept Native transfer used in withdrawEth has a hard coded 2300 gas limit that can fail if the vault...

Fund theft In PARMinerV2 with depositing in VotingEscrow and calling updateBoost() to update user.stakeWithBoost without updating accAmountPerShare and accParAmountPerShare. and then collecting more rewards

Lines of code Vulnerability details Impact Attacker can generate more PAR and MIMO reward for himself and steal others rewards by staking in VotingEscrow then calling updateBoost which updates user.stakeWithBoost based on user boost multiplier which is based on user VotingEscrow balance without...

In GenericMinerV2 get more reward by staking in votingEscrow and calling syncStake()

Lines of code Vulnerability details Impact User can withdraw & deposit in votingEscrow contract and then call syncStake function of VotingMinerV2 to update his stake and stakeWithBoost with his new balance, and then he can call releaseRewards to get more reward than he spoused to. Proof of Concep...

Missing approve(0)

Lines of code Vulnerability details Impact Some tokens, like USDT see requirement line 199, require first reducing the address allowance to 0 by calling approvespender, 0 and then approve the actual allowance. When using one of these unsupported tokens, all transactions revert and the protocol...

PARMinerV2's liquidate can become stuck

Lines of code Vulnerability details PARMinerV2's liquidate can be run repeatedly for the same collateralToken with different arguments. For example, different Vaults can have the same token, so there can be unrelated runs with different vaultId / DEX data, but the same collateralToken and proxy. ...

Missing Validations In Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact Here, latestRoundData is missing an additional validation to ensure that the round is complete. Proof of Concept Affected code: core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol:74: , int256 eurAnswer, , uint256 eurUpdatedAt, =...

SuperVault's leverageSwap and emptyVaultOperation can become stuck

Lines of code Vulnerability details leverageSwap and emptyVaultOperation can be run repeatedly for the same tokens. If these tokens happen to be an ERC20 that do not allow for approval of positive amount when allowance already positive, both functions can become stuck. In both cases logic doesn't...

Missing 0 approval

Lines of code Vulnerability details Impact When changing the allowance value from an existing non-zero value, certain tokens e.g., USDT must first be approved by zero before approving the actual allowance. Otherwise the token will not work. Proof of Concept There are two instances of missing zero...

ChainlinkInceptionPriceFeed can report stale price

Lines of code Vulnerability details As stale price is determined by time since last timestamp, the price that is most recent, but wasn't updated for more than PRICEORACLESTALETHRESHOLD say there were no trades on the market will be rejected, which makes system unavailable in such a case. This can...

SuperVault's aggregatorSwap doesn't check router call success, proceeding anyway

Lines of code Vulnerability details aggregatorSwap will not revert if router.call wasn't successful, leading to malfunctions of the emptyVaultOperation, rebalanceOperation and leverageSwap where it is used. Call failure can freeze the funds and make allowances unused which can make future approva...

Impossible to liquidate small amounts

Lines of code Vulnerability details Impact It might not be possible to liqudate small positions depending on the liquidateCallerReward. Function liquidate in PARMinerV2 first transfers liquidateCallerReward to the liquidator and then expects that the remaining par balance is greater than it was...

ERC20 tokens with no return value will fail to transfer

Lines of code Vulnerability details Although the ERC20 standard suggests that a transfer should return true on success, many tokens are non-compliant in this regard including high profile, like USDT . In that case, the .transfer call here will revert even if the transfer is successful, because...

Initial supplyTokenTo() with _depositAmount=1 wei causes expensive share price

Lines of code Vulnerability details Impact The first depositor into the yield source is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the token balance. Following depositors will have to supply a larger amount of...

Borrower can frontrun lender's call to lend to increase ltvBPS and avoid liquidation

Lines of code Vulnerability details Impact In NFTPairWithOracle.lend, the loan ltvBPS can be higher than the lender's accepted ltvBPS. This allow a borrower to watch the mempool and front-run the lender's call and change ltvBPS to some very large value using updateLoanParams to avoid liquidation...

Calculation without check may result in tiny loss of user funds

Lines of code Vulnerability details Impact Calculation without the bigger than zero check may result in loss of user funds, albeit in tiny amounts as of now. Proof of Concept In this line of redeemToken shares to burn is calculated through tokenToShares method . As there is no check that checks i...

Blocking of Legitimate Liquidation

Lines of code Vulnerability details Issue: removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. An arbitrarily high ltvBPS will effectively bypass the oracle price and block liquidation. Consequences: A malicious...

Loss Of Collateral Via Illegitimate Liquidation

Lines of code Vulnerability details Issue: updateLoanParams allows the lender to change the terms of an in-progress loan to lower ltvBPS. removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. A low or 0 ltvBPS...

Contract Can Be Bricked by Transferring a Large Amount of aTokens

Lines of code Vulnerability details Impact The supplyTokenTo function is executed when a yield source prize pool deposits tokens into Aave to generate yield. This contract uses an internal function called tokenToShares to calculate how many shares to mint on behalf of the to account. Because this...

claimRewards() may have a rug risk.

Lines of code Vulnerability details Impact Although claimRewards is supposed to be called by the owner or managers to claim the rewards, it still could be a "rug risk". The owner or managers can take all the rewards unconditionally. Proof of Concept function claimRewardsaddress to external...

Unchecked oracle return value

Lines of code Vulnerability details Impact The return value bool success of oracle.get calls is ignored. This could lead to stale data or incorrect prices due to oracle issues. Proof of Concept NFTPairWithOracle.solL287 Change to bool success, uint256 rate = loanParams.oracle.getaddressthis,...

Inconsistent balance when supplying fee-on transfer tokens

Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of Concept AaveV3YieldSource.solL237 Tools Used Manu...

Loss of Collateral Via Malicious Oracle

Lines of code Vulnerability details Issue: The oracle can be arbitrarily updated at any point in time by the lender. Consequences: A lender can inject a malicious oracle at any time and steal the collateral NFT at the cost of his loaned tokens. Proof of Concept Borrower requests loan with an hone...

RewardsController Emission Manager Can Authorize Users to Claim on Behalf of the AaveV3YieldSource Contract and Siphon Yield

Lines of code Vulnerability details Impact The AaveV3YieldSource contract allows the manager or owner of the contract to claim rewards from Aave's rewards controller. However, there is an external dependency on this periphery Aave contract such that the emission manager of the RewardsController...

Pool has free access to all funds without using the redeem method

Lines of code Vulnerability details Impact Pool has access to all funds even if they weren't deposited by the pool Proof of Concept The AAVE yield source contract allows anyone to deposit and withdraw funds that are deposited or withdrawn from AAVE. In the constructor of the contract, max approva...

updateLoanParams can update to any malicious oracle address

Lines of code Vulnerability details Impact A lender attacker can modify the oracle address of tokenLoanParams to get collateral directly before expiration. Proof of Concept 1. First a lender attacker lends for a loan, the attacker can use updateLoanParams function and update to a malicious oracle...

Borrower can frontrun lender's call to lend to change the price oracle

Lines of code Vulnerability details Impact In NFTPairWithOracle.lend, params.oracle is not checked. This allow a borrower to watch the mempool and front-run the lender's call and change oracle to avoid liquidation. Proof of Concept function lend address lender, uint256 tokenId, TokenLoanParams...

An attacker can make users' funds get "locked" in the contract (the owner can get them out and transfer them back to the users)

Lines of code Vulnerability details Impact If a user manages to be the first user to deposit into the contract, he will be minted shares and he can steal all the other users' deposits. Proof of Concept 1. The attacker deposits 1 token into the contract and 1 share is minted to him totalSupply and...

Frontrun attack to steal first depositor money

Lines of code Vulnerability details Impact Frontrun attack to steal first depositor money Proof of Concept The flow is as following: 1. The first depositor wants to deposit X. 2. We detect it and frontrun 2 operations: 1. We deposit 1 of the underlying to the system. In exchange we receive 1 shar...

[WP-H1] A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details This is a well-known attack vector for new contracts that utilize pricePerShare for accounting. / @notice Calculates the number of shares that should be minted or burnt when a user deposit or withdraw. @param tokens Amount of asset tokens @return Number of...

Owner or Managers can rug Aave rewards

Lines of code Vulnerability details Impact A malicious owner or manager can steal all Aave rewards that are meant for PoolTogether users Even if the user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Proof of Concept File:...

Yield source cannot deposit fee-on-transfer tokens

Lines of code Vulnerability details Some ERC20 tokens, such as USDT, allow for charging a fee any time transfer or transferFrom is called. If a contract does not allow for amounts to change after transfers, subsequent transfer operations based on the original amount will revert due to the contrac...

Missing support for ERC20 with fee

Lines of code Vulnerability details Impact Contract AaveV3YieldSource allows depositing tokens via supplyTokenTo function. Amount of tokens to transfer is based on passed argument depositAmount and is missing support for tokens with built-in fees. One of the popular tokens that implements such a...

Fee-on-transfer tokens will mess up the internal accounting of the contract

Lines of code Vulnerability details Impact If the underlying token is a fee-on-transfer token, the amount of tokens that will be transferred to the contract isn't equal to the amount the supplyTokenTo tries to supply to the aave protocol, so the function will revert because the contract won't hav...

[WP-M1] supplyTokenTo() may fail when Aave Pool address changed

Lines of code Vulnerability details function supplyTokenTouint256 depositAmount, address to external override nonReentrant uint256 shares = tokenToSharesdepositAmount; requireshares 0, "AaveV3YS/shares-gt-zero"; address underlyingAssetAddress = tokenAddress;...

Lower LVT is treated as less restrictive, while it's vice versa

Lines of code Vulnerability details Impact Lender can accept overly restrictive LTV the lowest possible at the moment, with high enough probability being able to seize the collateral after a short time. Lender can set ltvBPS to zero with and immediately liquidate with removeCollateral any loan no...

NFTPairWithOracle's _lend ignores accepted.oracle and allows to start loan with empty params.oracle

Lines of code Vulnerability details Impact As lend doesn't require params.oracle to be valid, while removeCollateral does, the loan initiation with an empty oracle can lead to ignoring collateral valuation. As the deals are OTC this can be seen as lender decision. However, lend ignores...

No success required for Oracle market rate queries

Lines of code Vulnerability details Impact The system can use stale or even plainly incorrect due to any technical malfunction price for decision making. For example, a malicious lender can setup a bot that tracks incorrect readings i.e. track the state of the Oracle used and act on observing...

NFT oracle price request successful or not is not checked

Lines of code Vulnerability details Impact Loan can be destroyed because of no price reported by oracle. or any other reason that makes oracle "work as expected" in bad situations when the get function return success=false Proof of Concept According to the interface of INFTOracle, the first...

Params.oracle can be changed to a fake one by front running NFTPairWithOracle's lend function

Lines of code Vulnerability details Impact As neither lend, nor updateLoanParams functions verify params.oracle, the lend call can be front run by a malicious borrower with changing params.oracle to a non-market one. The front run will be an updateLoanParams call where borrower introduces fake...

Malicious lender can change price oracle for outstanding loan

Lines of code Vulnerability details The updateLoanParams function in NFTPairWithOracle.sol allows the lender to update parameters for an outstanding loan duration, valuation, annual interest, and collateralization ratio as long as they are the same or better for the borrower. These params are...