Fee-on-transfer/rebalancing tokens are not supported

Lines of code Vulnerability details Impact Some ERC20 tokens make modifications to their ERC20's transfer or balanceOf functions. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Others are rebasing tokens that increase in value over ti...

NFT owner can change tokenURI

Lines of code Vulnerability details Impact In the ERC721OnChain implementation the token owner can set the token's URI using setTokenURI. Usually, this is token URI points to data defining the NFT attributes, images, etc.. It's usually set by the contract owner. A user that owns an NFT can just...

Can drain ETHERBASE

Lines of code Vulnerability details Impact The postIncomingMessages function tops up the contract with the gas token in topUpBalance. Note that the amount of gas tokens to be topped up from the ETHERBASE contract depends on msg.sender.balance, the caller's gas token balance. Attackers with a zero...

permitAndMulticall() May Be Used to Steal Funds Or as a Denial Of Service if _from Is Not The Message Sender

Lines of code Vulnerability details Impact When the from address is not the msg.sender multiCall will be made on behalf of the msg.sender. As a result each of the functions called by multiCall will be made on behalf of msg.sender and not from. If functions such as transfer or unstake are called...

Anyone can be _owner

Lines of code Vulnerability details Impact Anyone can be owner by calling initialize Proof of Concept initialize can called multiple times as the name 'initialize' should intended to be called one time when the contract deployed. Nothing prevent it to be called multiple times, and claim the...

revert can be bypassed by forcefully sending ETH using selfdestruct()

Lines of code Vulnerability details Impact In NFTMarket.sol there is a receive function that reverts if the msg.sender is not the feth address. This is an attempt to prevent other parties from sending ETH to the contract but this security check can easily be bypassed by an attacker forcefully...

TWABDelegator allows easy circumvention of whale protection

Lines of code Vulnerability details In a recent interview, PoolTogether co-founder Leighton Cusack said: “Someone who had $1,000 right now into the USDC prize pool would have a 0.01% chance of winning a prize every week. That’s a less than 1% chance of winning a prize a year,” Cusack said. “With...

Delegations staked with a _to parameter not equal to the _delegator lose out on rewards

Lines of code Vulnerability details Impact If an account wishes to stake with a delegator that it did not create with the account, the delegator is unable to use the staked tickets and the tickets will sit idle in the TWABDelegator until the staker realizes that he/she gets no rewards and can onl...

constructor function used with upgradeable contracts

Lines of code Vulnerability details Impact In FETH.sol it uses Open Zeppelin upgradeable contracts in the file while also including a constructor function. Upgradeable contracts should have an initialize function instead of a constructor in order not the clash with one another. Proof of Concept...

Users can unlock other users FETH tokens

Lines of code Vulnerability details Impact In FETH.sol the marketUnlockFor function which is called by the market contract does not ensure that funds can only be unlocked by the owner of the account. This opens the way for a user to unlock FETH tokens of arbitrary accounts. Proof of Concept Tools...

Foundation Treasury initialize() function can be called by an attacker first

Lines of code Vulnerability details Impact In FoundationTreasury.sol the initialize function can only be called once setting the admin and operator roles which are used in other contracts. The problem is that this initialize function is not called in any deployment script which means an attacker...

Using transfer instead of safeTransfer allows attacker to steal all staked tokens

Lines of code Vulnerability details Impact An attacker can drain all staked tickets. Proof of Concept In the withdrawDelegationToStake function the user can transfer from one of his delegations to the TWABDelegator contract and receive vault tokens he can then unstake to get his tickets back...

Front-Runnable Initializer on pre-determined address

Lines of code Vulnerability details Impact Traditionally, the risk-level from a front-runnable initializer issue is low. However, in this case, it's different. It is mentioned that Delegator.sol is instantiated via CREATE2, which is deterministic. The only protection that can be seen here is...

QA Report

LOW : 1. Title : permitAndMulticall can be frontrun, that will lead to the user must reasign the TX Impact : In the permitAndMulticall it takes from as a user input, since all tx in the blockchain is public, a malicious user might frontrun the permitAndMulticall and providing 0 data, which will...

[WP-M3] TurboRouter.sol#createSafeAndDeposit*() CreateSafeAndDeposit combo methods won't work as an allowance cannot be granted to a newly created Safe for deposit

Lines of code Vulnerability details The TurboRouter.soldeposit function can be used in a multicall together with approve and pullToken from PeripheryPayments to pull tokens from msg.sender and grant allowance for the ERC4626 Safe to call asset.safeTransferFrom with the msg.sender being the router...

ClearingHouse fail if too many amm whitelisted

Lines of code Vulnerability details Impact Governance can whitelist amm in ClearingHouse using the whitelistAmm function. Since a lot of function in the ClearingHouse contract will iterate each of the amm in amms and call various amm.function, if too many amm is whitelisted it is possible for tho...

Ownership of Swap.vy cannot be transferred

Lines of code Vulnerability details Impact Ownership transfer function of Swap.vy is commented out. Fund can be stuck if an AMM and governance change/upgrade is required. Proof of Concept --- The text was updated successfully, but these errors were encountered: All reactions...

[WP-M2] Wrong implementation of TurboSafe.sol#less() may cause boosted record value in TurboMaster bigger than actual lead to BoostCapForVault and BoostCapForCollateral to be permanently occupied

Lines of code Vulnerability details // Get out current amount of Fei debt in the Turbo Fuse Pool. uint256 feiDebt = feiTurboCToken.borrowBalanceCurrentaddressthis; // If our debt balance decreased, repay the minimum. // The surplus Fei will accrue as fees and can be sweeped. if feiAmount feiDebt...

VUSD.processWithdrawals() Can Be Filled With Empty Withdrawals

Lines of code Vulnerability details Impact The processWithdrawals function intends to allow for users to finalise their withdrawal in a canonical fashion. By enforcing the order of withdrawals, the protocol can ensure that users are paid out fairly. However, because the function only allows for...

ERC20 decimals can be different than 18

Lines of code Vulnerability details Impact setDefaultFeePercentage, setCustomFeePercentageForCollateral, setCustomFeePercentageForSafe functions assume that the underlying ERC20 token has 18 decimal digits. Whilst this is true most of the time, an ERC20 token can have a different decimals value...

settleFunding will exceed block gas with more markets and activity

Lines of code Vulnerability details Impact As the number of supported markets grow, settleFunding will reach a point were it exceeds the block gas limit on Avalanche C-Chain. This will prevent users from calling the function and cause a wide spread Denial of Service. Looking at transactions for t...

After debt seizure from InsuranceFund, user can dilute all past participants.

Lines of code Vulnerability details Impact A user can get a much larger portion of the pool as it recovers from a debt seizure. The intent of the insurance pool seems to be that it could recover from a bad debt event. Proof of Concept 1. Alice is the first LP to the insurance pool, and deposits...

ClearingHouse looping over dynamic array might result in a DOS because of the block gas limit

Lines of code Vulnerability details Impact Inside the ClearingHouse contract there are multiple instances where it loops over the dynamic amms array. There is no way looping over a subset of the array or continuing for you left off. Thus, if the array is large enough certain functions won't be...

All AMMs have to be past nextFundingTime to update

Lines of code Vulnerability details Impact settleFunding calls will revert until all AMMs are ready to be updated. Proof of Concept 1. AMM 1 has a nextFundingTime of now. AMM 2 has a nextFundingTime in 30 minutes. AMM 1 won't be able to be updated until after AMM 2's nextFundingTime elapses...

No check for stale chainlink oracle data in getUnderlyingPrice function

Lines of code Vulnerability details No check for stale chainlink oracle data in getUnderlyingPrice function Impact There is no check if the value of answer returned by chainlink latestRoundData is latest or stale. If stale price is returned, it may result in wrong calculation used in upstream...

QA Report

Lower max fee percentage Currently fees can be set as high as 100%, may consider a lower max fee to reduce rug risk src/modules/TurboClerk.sol:38: requirenewDefaultFeePercentage if customFeePercentageForSafe != 0 return customFeePercentageForSafe; --- The text was updated successfully, but these...

Missing Slippage Checks on ClearingHouse._liquidateMaker()

Lines of code Vulnerability details Impact The liquidateMaker function makes a call to AMM.removeLiquidity but does not provide suitable values for minQuote and minBase. As per the @todo, this call is prone to sandwich attacks, resulting in potentially fewer tokens for the maker. Proof of Concept...

QA Report

Low and non-critical bugs wrong implementation of ERC4626RouterBase's withdraw function In the interface we can see the function description: / @notice withdraw amount from an ERC4626 vault. @param vault The ERC4626 vault to withdraw assets from. @param to The destination of assets. @param amount...

Interest surplus is accumulated on Master accounting update in TurboSafe.less

Lines of code Vulnerability details Impact There will be an interest surplus accumulating in all the master accounting variables totalBoosted, getTotalBoostedForVault and getTotalBoostedAgainstCollateral. As getTotalBoostedForVault and getTotalBoostedAgainstCollateral are used in the checks again...

[WP-M6] Chainlink's latestRoundData might return stale results

Lines of code Vulnerability details function getUnderlyingPriceaddress underlying virtual external view returnsint256 answer if stablePriceunderlying != 0 return stablePriceunderlying; ,answer,,, = AggregatorV3InterfacechainLinkAggregatorMapunderlying.latestRoundData; answer /= 100; uint80 round,...

QA Report

LOW : 1. Title : Missing limit on how many AMMs can be added Impact : The governance can add an amm, by calling whitelistAmm function, however there is no limit on how many amm that the contract can be held, if the governance keep adding amm, then the clearing house will brick with out of gas,...

Chainlink latestRoundData validation

Lines of code Vulnerability details Impact Oracle returns Chainlink latestRoundData without proper validation, e.g.: function getUnderlyingPriceaddress underlying ... ,answer,,, = AggregatorV3InterfacechainLinkAggregatorMapunderlying.latestRoundData; answer /= 100; And other functions that call...

[WP-H4] The collateral assets impounded with settleBadDebt() will be frozen in the insuranceFund contract

Lines of code Vulnerability details In MarginAccount.solsettleBadDebt, the collateral assets will be seized and transferred to the insuranceFund contract. However, there is no way for the liquidity providers of the insuranceFund to get back the collateral assets. In the current implementation,...

liquidation is vulnerable to sandwich attacks

Lines of code Vulnerability details when an account is liquidated, there is no minimum amount of the swap, which makes it vulnerable for sandwich attacks. Proof of Concept Alice's long position can be liquidated, bob notices it and creates a short position, then liquidates her position, thus...

TurboSafe - should override maxWithdraw and maxRedeem

Lines of code Vulnerability details Impact Considering the EIP , as withdraw must revert if it is not possible to withdraw assets , it is important to have an accurate maxWithdraw function. However, here, maxWithdraw does not account for the current max withdrawal in the cToken contract. Liquidit...

denial fo service

Lines of code Vulnerability details processWithdrawals can process limited amount in each call. an attacker can push to withdrawals enormous amount of withdrawals with amount = 0. in order to stop the dos attack and process the withdrawal, the governance needs to spend as much gas as the attacker...

[WP-H7] InsuranceFund#syncDeps() may cause users' fund loss

Lines of code Vulnerability details function syncDepsIRegistry registry public onlyGovernance vusd = IERC20registry.vusd; marginAccount = registry.marginAccount; The Governance address can call InsuranceFund.solsyncDeps to change the contract address of vusd anytime. However, since the tx to set ...

USDC blacklisted accounts can DoS the withdrawal system

Lines of code Vulnerability details Impact DoS of USDC withdrawal system Proof of Concept Currently, withdrawals are queued in an array and processed sequentially in a for loop. However, a safeTransfer to USDC blacklisted user will fail. It will also brick the withdrawal system because the...

IERC4626RouterBase - withdraw - slippage does not work

Lines of code Vulnerability details Impact The router does not have the intended behavior: according to the EIP , withdraw burn shares to withdraw exactly assets, so the slippage protection should protect the user from burning too many shares. Furthermore, comments in the interface are incorrect ...

Attacker may DDOS Withdrawal by Making Multiple Small Requests to withdraw()

Lines of code Vulnerability details Impact 1. Attacker call function withdraw with lowest amount eg. 1 0.000001 VUSD 2. The withdrawal request will go into waiting list in variable "withdrawals" 3. Attacker can repeat Step 1 & 2 to make Making Multiple Small Requests to withdraw until pending...

Attacker can DOS VUSD withdrawal by spamming withdrawals of zero tokens

Lines of code Vulnerability details Impact By spamming withdrawal requests of 0, the user can clog the withdrawal queue. For anybody to withdraw their funds somebody has to first unclog it by running processWithdrawal. Depending on the number of spam withdrawals, potentially multiple times. Since...

Improper Validation Of Chainlink's latestRoundData() Function

Lines of code Vulnerability details Impact The calls to the latestRoundData function do not validate the output of the Chainlink oracle query. As a result, it is possible to use stale results when returning the TWAP price. latestRoundData is able to ensure the round is complete and has returned a...

Function getUnderlyingPrice in Oracle.sol does not check the price returned from chainlink aggregators

Lines of code Vulnerability details Impact The getUnderlyingPrice function in the contract Oracle.sol fetches the answer directly from a Chainlink aggregator using the latestRoundData function. There is no check if the return value is 0 or indicates stale data. This could lead to incorrect or sta...

MarginAccount.sol - Asset transfer to insuranceFund is lost.

Lines of code Vulnerability details Impact MarginAccount.sol - Line 377, token asset is transferred into insuranceFund but not found any function to transfer asset out of insuranceFund. Proof of Concept Add any ERC20 token to Collateral list Call settleBadDebt Recommended Mitigation Steps Add...

QA Report

1 Impact Light DoS of USDC withdrawal system Proof of Concept Currently, withdrawals are queued in an array and processed sequentially in a for loop. However, a user can post unlimited number of tiny 1 wei withdrawals. Clearing these withdrawals can be gas consuming and can delay users. It is gas...

Gibber can take any amount from safes

Lines of code Vulnerability details Impact Although Gibber is supposed to behind governance timelock, there are still significant "rug risk" when such privillaged user can remove all fund from a vault unconditionally. Proof of Concept function gibaddress to, uint256 assetAmount external...

Add a timelock to setDefaultFeePercentage(),setCustomFeePercentageForCollateral(), setCustomFeePercentageForSafe() and setMinDebtPercentageForSaving()

Lines of code Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate. Here, no...

first depositor of the insurance fund can drain the other depositors

Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd 10-6 dollar, therefore minting one...

getFeePercentageForSafe may send lower fees

Lines of code Vulnerability details Impact May cause lower fees to be calculated Proof of Concept 1. customFeePercentageForSafe = 100 2. customFeePercentageForCollateral = 200 3. slurp gets call which calls getFeePercentageForSafe as part of its interest calculation 4. getFeePercentageForSafe wil...

Functions getLatestRoundData and getRoundData do not check that the price returned from a chainlink aggregator is != 0 (Oracle.sol)

Lines of code Vulnerability details Impact The getLatestRoundData function in the contract Oracle.sol fetches the latestPrice directly from a Chainlink aggregator using the latestRoundData function. While latestPrice is checked for 0 and staleness, there is no check if the value is != 0. This cou...