10190 matches found
Owner can steal input tokens
Lines of code Vulnerability details Impact Owner is in full control over the saleRecipient address. When a buy transaction enters the mempool, an owner can frontrun the buy with a transaction that calls setTokenOutPrice and sets the price to a very high value, effectively making bought tokens clo...
Sale participants’ claims are uncollateralized until the sale finalization
Lines of code Vulnerability details Impact Sale participants have to bear the full risk of owner misbehavior or just a technical malfunction until the very end of the sale. For example, if owner's private key is somehow lost, all participants deposits to be gone if tokenOut isn't yet transferred ...
Zero tokenOut balance = rug pull
Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...
Owner never calls finalize() = rug pull
Lines of code Vulnerability details Impact In order for users to claim their promised tokenOut tokens, the contract owner must call the finalize function. If the owner never calls the finalize function, no user can call the claim function to get their tokens. The owner can call the sweep function...
TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens to sell.
Lines of code Vulnerability details Impact If totalTokenOutBought tokenOut.balanceOfaddressthis the finalize function will forever revert and no-one will be able to claim their bought tokens. Proof of Concept TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens...
Sale should be able to be automatically finalized
Lines of code Vulnerability details Impact The admins are the only ones that are able to finalize the sale. Throughout the token buying process, the admins are transferred tokenIn tokens, and the users are expecting to be able to get the corresponding tokenOut tokens once the sale is finalized. T...
sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall
Handle leastwood Vulnerability details Impact As sNOTE have governance voting rights equivalent to the token amount in NOTE, users who stake their NOTE are also able to vote on governance proposals. In the event a majority of NOTE is staked in the sNOTE contract, it doesn't seem likely that stake...
A Malicious Treasury Manager Can Burn Treasury Tokens By Setting makerFee To The Amount The Maker Receives
Handle leastwood Vulnerability details Impact The treasury manager contract holds harvested assets/COMP from Notional which are used to perform NOTE buybacks or in other areas of the protocol. The manager account is allowed to sign off-chain orders used on 0x to exchange tokens to WETH which can...
Unauthorized assertGovernanceApproved
Handle pauliax Vulnerability details Impact function assertGovernanceApproved is public and unauthorized with an arbitrary "sender" parameter. Anyone can invoke it and transfer assets from an arbitrary user: function assertGovernanceApproved address sender, address target, bool emergency public...
Owner can extend coolDownPeriod to indefinitely - Improper Upper Bound Definition on the coolDownPeriod
Handle defsec Vulnerability details Impact The setCoolDownTime function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. User funds will be locked forever. Proof of Concept 1. Navigate to the following contract. function...
extractTokensForCollateralShortfall can be called repeated to extract more than 50% of BPT
Handle gzeon Vulnerability details Impact During a collateral shortfall event, it is designed that the DAO can extract up to 50% of the BPT tokens. The 50% is set to limit the value the DAO can extract from the stakers. However, it is possible for the DAO to extract more than 50% by calling...
Safe transfers are vulnerable to EOA calls
Handle 0x1f8b Vulnerability details Impact Safe erc20 calls are prone to EOA calls and human errors. Proof of Concept Recently there was one of the biggest hacks in crypto, 80m$ was lost. One of the root causes of the vulnerability was the fact that tokenAddress.safeTransferFrom does not revert...
ControllerV1.sol initialization function callable multiple times
Handle sirhashalot Vulnerability details Impact The initialize function in ControllerV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call onc...
Treasury cannot claim COMP tokens & COMP tokens are stuck
Handle cmichel Vulnerability details The TreasuryAction.claimCOMPAndTransfer function uses pre- and post-balances of the COMP token to check which ones to transfer: function claimCOMPAndTransferaddress calldata cTokens external override onlyManagerContract nonReentrant returns uint256 // Take a...
Users Can Deny The Treasury Manager Contract From Claiming COMP Incentives
Handle leastwood Vulnerability details Impact The treasury manager is appointed by the Notional DAO and is tasked with harvesting rewards both COMP incentives and assets from Notional and performing NOTE buybacks using WETH. The TreasuryManager.harvestCOMPFromNotional function is only callable by...
MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced
Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...
Usage of deprecated ChainLink API in EIP1271Wallet
Handle cmichel Vulnerability details The Chainlink API latestAnswer used in the EIP1271Wallet contract is deprecated: This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Docs This function does not error if no answer has been reached but returns 0. Besides, t...
Use of deprecated Chainlink's latestAnswer API
Handle UncleGrandpa925 Vulnerability details Issue In EIP1271Wallet.sol, the function validateOrder uses the deprecated latestAnswer of Chainlink. This function might suddenly stop working if Chainlink stopped supporting it, and also will not error if no answer has been reached but returns 0...
Use of deprecated Chainlink function latestAnswer
Handle WatchPug Vulnerability details According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns 0, causing an incorrect price fed to the EIP1271Wallet. See: code-423n4/2021-07-wildcredit-findings75 ---...
Improper Validation Of Chainlink's latestAnswer Function
Handle leastwood Vulnerability details Impact The latestAnswer function does not allow EIP1271Wallet.validateOrder to validate the output of the Chainlink oracle query. As a result, it is possible for off-chain orders to use stale results, potentially allowing the taker of the order to extract mo...
_validateOrder Does Not Allow Anyone To Be A Taker Of An Off-Chain Order
Handle leastwood Vulnerability details Impact The EIP1271Wallet contract intends to allow the treasury manager account to sign off-chain orders in 0x on behalf of the TreasuryManager contract, which holds harvested assets/COMP from Notional. While the EIP1271Wallet.validateOrder function mostly...
double transfer
Handle danb Vulnerability details on transferAndCall, the money is transferred twice. Recommended Mitigation Steps remove line 29. --- The text was updated successfully, but these errors were encountered: All reactions...
latestAnswer doesn't check if the value is up to date
Handle pauliax Vulnerability details Impact EIP1271Wallet.sol is calling latestAnswer to get the last price: uint256 oraclePrice = toUint AggregatorV2V3InterfacepriceOracle.latestAnswer ; This method will return the last value, but you won’t be able to check if the data is fresh. On the other han...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies
Handle Dravee Vulnerability details Impact Wrong fateBalance bookkeeping for a user. Wrong fateCreated value emitted. Proof of Concept Taking into account the FOT is done almost everywhere important in the solution already. That's a known practice in the solution. However, it's missing here see...
Slippage protection
Handle pauliax Vulnerability details Impact Consider adding a configurable slippage parameter here to prevent users suffering from sandwitch bots: minAmountsOut0 = 0; minAmountsOut1 = 0; IVault.ExitPoolRequest ... minAmountsOut and used in both sNOTE and TreasuryManager contracts:...
anti-flashloan mechanism may lead to protocol default
Handle gzeon Vulnerability details Impact There is a price check to avoid flash loan attacks which significantly moved the price. If current price is 5% lower than the stored twap price, the liquidation will fail. This design can be dangerous as it is to openleverage's benefit to close...
Checks missing while adding rewards
Handle csanuragjain Vulnerability details Impact Reward amount higher than contract reward balance can bring instability in the contract Proof of Concept 1. In FarmingPools.sol contract check notifyRewardAmounts function 2. Observe there is no check to see if added reward is higher than contract...
Tolerance is not enforced during a flash governance decision
Handle shw Vulnerability details Impact Most of the functions with a governanceApproved modifier call flashGoverner.enforceTolerance to ensure the provided parameters are restricted to some range of their original values. However, in the governanceApproved modifier,...
Logic error in burnFlashGovernanceAsset can cause locked assets to be stolen
Handle shw Vulnerability details Impact A logic error in the burnFlashGovernanceAsset function that resets a user's pendingFlashDecision allows that user to steal other user's assets locked in future flash governance decisions. As a result, attackers can get their funds back even if they execute ...
getVotingPower Is Not Equipped To Handle On-Chain Voting
Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...
Incorrect unlockTime can DOS withdrawGovernanceAsset
Handle csanuragjain Vulnerability details Impact unlockTime is set incorrectly Proof of Concept 1. Navigate to contract at 2. Observe the assertGovernanceApproved function function assertGovernanceApproved address sender, address target, bool emergency public...
LP pricing formula is vulnerable to flashloan manipulation
Handle shw Vulnerability details Impact The LP pricing formula used in the burnAsset function of LimboDAO is vulnerable to flashloan manipulation. By swapping a large number of EYE into the underlying pool, an attacker can intentionally inflate the value of the LP tokens to get more fate than he ...
Possible Sandwich attack on mintFromNOTE, mintFromETH & mintFromWETH in sNOTE.sol
Handle UncleGrandpa925 Vulnerability details Issue There are 3 ways for users to mint sNOTE: mintFromNOTE, mintFromWETH & mintFromETH, and all 3 of them use the mintFromAssets function. Looking at the mintFromAssets, it basically just forces add all the liquidity in the Balancer pool without any...
FarmingPools.sol Some users may not be able to get back their funds for tokens with tax on transfer
Handle WatchPug Vulnerability details Per the doc: Token with tax and rewards should accounted correctly and share with all holder accordingly. In the current implementation of FarmingPools.solstake, it assumes that the received amount is the same as the transfer amount, and recording it to...
Unable to withdraw if block.number > 32-bit
Handle gzeon Vulnerability details Impact If block.number 32-bit, updateTotalSupplyCheckPoints would revert. updateTotalSupplyCheckPoints is called from mint and burn, which mean withdraw would also revert. Proof of Concept uint32 blockNumber = safe32block.number, "block number exceeds 32 bits";...
UniV2ClassDex.sol#uniClassSell() Tokens with fee on transfer are not fully supported
Handle WatchPug Vulnerability details function uniClassSellDexInfo memory dexInfo, address buyToken, address sellToken, uint sellAmount, uint minBuyAmount, address payer, address payee internal returns uint buyAmount address pair = getUniClassPairbuyToken, sellToken, dexInfo.factory;...
Drain of funds by reentrancy in OpenLevV1.addMarket
Handle 0x1f8b Vulnerability details Impact It's possible to create a market, create trades, create a new market with different values, and preserve the previous trades pointing to the new tokens. Proof of Concept The method addMarket inside the contract OpenLevV1Lib increase the marketId numPairs...
Two pairs can have same tokens
Handle sirhashalot Vulnerability details Impact The createLPoolPair function in ControllerV1.sol tries to prevent a pair from being create if it already exists. It does this with the statement requirelpoolPairstoken0token1.lpool0 == address0 || lpoolPairstoken1token0.lpool0 == address0, 'pool pai...
All the scxMinted is at risk of being burnt.(Limbo.sol)
Handle Hawkeye Vulnerability details Impact If one of the variables that calculate adjustedRectangle is a zero value,it will impair the calculation of excessSCX which would equal to all of the scxMinted on line 219.Nothing will be deducted from scxMinted on line 229 since adjustedRectangle =0...
sNOTE.sol#_mintFromAssets() Lack of slippage control
Handle WatchPug Vulnerability details ttps://github.com/code-423n4/2022-01-notional/blob/d171cad9e86e0d02e0909eb66d4c24ab6ea6b982/contracts/sNOTE.solL195-L209 BALANCERVAULT.joinPoolvalue: msgValue NOTEETHPOOLID, addressthis, addressthis, // sNOTE will receive the BPT IVault.JoinPoolRequest assets...
Flash loan price manipulation in purchasePyroFlan()
Handle sirhashalot Vulnerability details Impact The comment on line 54 of FlanBackstop.sol states "the opportunity for price manipulation through flash loans exists", and I agree that this is a serious risk. While the acceptableHighestPrice variable attempts to limit the maximum price change of t...
Use of deprecated Chainlink API
Handle defsec Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...
OpenLevV1.sol initialization function callable multiple times
Handle sirhashalot Vulnerability details Impact The initialize function in OpenLevV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call once...
makeProposal can be front run with an arbitrary proposal modifications, enabling griefing attack
Handle hyh Vulnerability details Impact Griefing attack is possible for makeProposal as proposal details can be modified by anyone. Proposal setters have no access controls, requiring only that proposal be not current, so when makeProposal is executed after the preparation phase an attacker can...
UniswapHelper.buyFlanAndBurn is a subject to sandwich attacks
Handle hyh Vulnerability details Impact Trades can happen at a manipulated price and end up receiving fewer Flan to be bought than current market price dictates. For example, at the time a user decides to call buyFlanAndBurn Flan trades at 0.8 in the input token terms at the corresponding DEX poo...
Lack of access control on assertGovernanceApproved can cause funds to be locked
Handle shw Vulnerability details Impact Lack of access control on the assertGovernanceApproved function of FlashGovernanceArbiter allows anyone to lock other users' funds in the contract as long as the users have approved the contract to transfer flashGovernanceConfig.amount of...
_mintFromAssets: no slippage check
Handle cmichel Vulnerability details The sNOTE.mintFromAssets function uses tokens to provide single-sided liquidity. In Balancer this is basically a combination of a swap to balanced amounts followed by providing balanced liquidity. Note that no slippage checks are used as mintOutputAmount is se...
Double transfer in the transferAndCall function of ERC677
Handle shw Vulnerability details Impact The implementation of the transferAndCall function in ERC677 is incorrect. It transfers the value amount of tokens twice instead of once. Since the Flan contract inherits ERC667, anyone calling the transferAndCall function on Flan is affected by this...
generateFLNQuote() can be used to prevent migration()
Handle GeekyLumberjack Vulnerability details Impact generateFLNQuote can be used to always cause migrate to revert. Effectively ending one of Behodler's main function's operability. Migration is core to Behodler economics. Proof of Concept 1. Attacker would write a script to call generateFLNQuote...
Lack of access control of generateFLNQuote can lead to potential DoS attacks
Handle shw Vulnerability details Impact The generateFLNQuote is permissionless, meaning that anyone can call this function to update the latestFlanQuotes variables. However, when a token migrates from Limbo to Beholder, Limbo calls the stabilizeFlan function on UniswapHelper, which ensures block...