[WP-H3] saleRecipient can rug buyers

Lines of code Vulnerability details In TokenSaleUpgradeable.solbuy, tokenIn will be transferred from the buyer directly to the saleRecipient without requiring/locking/releasing the correspoining amount of tokenOut. This allows the saleRecipient to rug the users simply by not transferring tokenOut...

TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens to sell.

Lines of code Vulnerability details Impact If totalTokenOutBought tokenOut.balanceOfaddressthis the finalize function will forever revert and no-one will be able to claim their bought tokens. Proof of Concept TokenInLimit can be set arbitrarily high even if the contract doesn't have enough tokens...

Sale recipient can be changed mid-sale

Lines of code Vulnerability details Impact The setSaleRecipient function can change the sale recipient while a sale is open. This function can be only called by the owner of the contract, however, since: 1. the saleRecipient is the address that receives all the input tokens deposited by users, an...

Sales end time can be postponed indefinitely

Lines of code Vulnerability details Impact Both setSaleStart and setSaleDuration allow owner to postpone the end time of a sale, which make it possible for a token sales be lengthened indefinitely. In such case buyer will never be able to claim. Since the README file specified "Rug Vectors" in th...

TokenIn can be swept if saleRecipient == tokenSale

Lines of code Vulnerability details The initialize and setSaleRecipient function allows setting the saleRecipient to the contract itself, which means the tokenIn will remain in the contract. It can then be transferred out by calling sweep. This condition described in sweep does not hold anymore...

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

A Malicious Treasury Manager Can Burn Treasury Tokens By Setting makerFee To The Amount The Maker Receives

Handle leastwood Vulnerability details Impact The treasury manager contract holds harvested assets/COMP from Notional which are used to perform NOTE buybacks or in other areas of the protocol. The manager account is allowed to sign off-chain orders used on 0x to exchange tokens to WETH which can...

sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall

Handle leastwood Vulnerability details Impact As sNOTE have governance voting rights equivalent to the token amount in NOTE, users who stake their NOTE are also able to vote on governance proposals. In the event a majority of NOTE is staked in the sNOTE contract, it doesn't seem likely that stake...

anti-flashloan mechanism may lead to protocol default

Handle gzeon Vulnerability details Impact There is a price check to avoid flash loan attacks which significantly moved the price. If current price is 5% lower than the stored twap price, the liquidation will fail. This design can be dangerous as it is to openleverage's benefit to close...

Use of deprecated Chainlink API

Handle defsec Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...

Flash loan price manipulation in purchasePyroFlan()

Handle sirhashalot Vulnerability details Impact The comment on line 54 of FlanBackstop.sol states "the opportunity for price manipulation through flash loans exists", and I agree that this is a serious risk. While the acceptableHighestPrice variable attempts to limit the maximum price change of t...

Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies

Handle Dravee Vulnerability details Impact Wrong fateBalance bookkeeping for a user. Wrong fateCreated value emitted. Proof of Concept Taking into account the FOT is done almost everywhere important in the solution already. That's a known practice in the solution. However, it's missing here see...

LP pricing formula is vulnerable to flashloan manipulation

Handle shw Vulnerability details Impact The LP pricing formula used in the burnAsset function of LimboDAO is vulnerable to flashloan manipulation. By swapping a large number of EYE into the underlying pool, an attacker can intentionally inflate the value of the LP tokens to get more fate than he ...

Use of deprecated Chainlink's latestAnswer API

Handle UncleGrandpa925 Vulnerability details Issue In EIP1271Wallet.sol, the function validateOrder uses the deprecated latestAnswer of Chainlink. This function might suddenly stop working if Chainlink stopped supporting it, and also will not error if no answer has been reached but returns 0...

Two pairs can have same tokens

Handle sirhashalot Vulnerability details Impact The createLPoolPair function in ControllerV1.sol tries to prevent a pair from being create if it already exists. It does this with the statement requirelpoolPairstoken0token1.lpool0 == address0 || lpoolPairstoken1token0.lpool0 == address0, 'pool pai...

sNOTE.sol#_mintFromAssets() Lack of slippage control

Handle WatchPug Vulnerability details ttps://github.com/code-423n4/2022-01-notional/blob/d171cad9e86e0d02e0909eb66d4c24ab6ea6b982/contracts/sNOTE.solL195-L209 BALANCERVAULT.joinPoolvalue: msgValue NOTEETHPOOLID, addressthis, addressthis, // sNOTE will receive the BPT IVault.JoinPoolRequest assets...

double transfer

Handle danb Vulnerability details on transferAndCall, the money is transferred twice. Recommended Mitigation Steps remove line 29. --- The text was updated successfully, but these errors were encountered: All reactions...

_validateOrder Does Not Allow Anyone To Be A Taker Of An Off-Chain Order

Handle leastwood Vulnerability details Impact The EIP1271Wallet contract intends to allow the treasury manager account to sign off-chain orders in 0x on behalf of the TreasuryManager contract, which holds harvested assets/COMP from Notional. While the EIP1271Wallet.validateOrder function mostly...

_mintFromAssets: no slippage check

Handle cmichel Vulnerability details The sNOTE.mintFromAssets function uses tokens to provide single-sided liquidity. In Balancer this is basically a combination of a swap to balanced amounts followed by providing balanced liquidity. Note that no slippage checks are used as mintOutputAmount is se...

Double transfer in the transferAndCall function of ERC677

Handle shw Vulnerability details Impact The implementation of the transferAndCall function in ERC677 is incorrect. It transfers the value amount of tokens twice instead of once. Since the Flan contract inherits ERC667, anyone calling the transferAndCall function on Flan is affected by this...

Use of deprecated Chainlink function latestAnswer

Handle WatchPug Vulnerability details According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns 0, causing an incorrect price fed to the EIP1271Wallet. See: code-423n4/2021-07-wildcredit-findings75 ---...

Unable to withdraw if block.number > 32-bit

Handle gzeon Vulnerability details Impact If block.number 32-bit, updateTotalSupplyCheckPoints would revert. updateTotalSupplyCheckPoints is called from mint and burn, which mean withdraw would also revert. Proof of Concept uint32 blockNumber = safe32block.number, "block number exceeds 32 bits";...

Lack of access control on assertGovernanceApproved can cause funds to be locked

Handle shw Vulnerability details Impact Lack of access control on the assertGovernanceApproved function of FlashGovernanceArbiter allows anyone to lock other users' funds in the contract as long as the users have approved the contract to transfer flashGovernanceConfig.amount of...

ControllerV1.sol initialization function callable multiple times

Handle sirhashalot Vulnerability details Impact The initialize function in ControllerV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call onc...

Lack of access control in the parameterize function of proposal contracts

Handle shw Vulnerability details Impact Most of the proposal contracts have a parameterize function for setting the proposal parameters, and these functions are protected only by the notCurrent modifier. When the proposal is proposed through a lodgeProposal transaction, an attacker can front-run...

Drain of funds by reentrancy in OpenLevV1.addMarket

Handle 0x1f8b Vulnerability details Impact It's possible to create a market, create trades, create a new market with different values, and preserve the previous trades pointing to the new tokens. Proof of Concept The method addMarket inside the contract OpenLevV1Lib increase the marketId numPairs...

Users Can Deny The Treasury Manager Contract From Claiming COMP Incentives

Handle leastwood Vulnerability details Impact The treasury manager is appointed by the Notional DAO and is tasked with harvesting rewards both COMP incentives and assets from Notional and performing NOTE buybacks using WETH. The TreasuryManager.harvestCOMPFromNotional function is only callable by...

OpenLevV1.sol initialization function callable multiple times

Handle sirhashalot Vulnerability details Impact The initialize function in OpenLevV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call once...

UniV2ClassDex.sol#uniClassSell() Tokens with fee on transfer are not fully supported

Handle WatchPug Vulnerability details function uniClassSellDexInfo memory dexInfo, address buyToken, address sellToken, uint sellAmount, uint minBuyAmount, address payer, address payee internal returns uint buyAmount address pair = getUniClassPairbuyToken, sellToken, dexInfo.factory;...

All the scxMinted is at risk of being burnt.(Limbo.sol)

Handle Hawkeye Vulnerability details Impact If one of the variables that calculate adjustedRectangle is a zero value,it will impair the calculation of excessSCX which would equal to all of the scxMinted on line 219.Nothing will be deducted from scxMinted on line 229 since adjustedRectangle =0...

Possible Sandwich attack on mintFromNOTE, mintFromETH & mintFromWETH in sNOTE.sol

Handle UncleGrandpa925 Vulnerability details Issue There are 3 ways for users to mint sNOTE: mintFromNOTE, mintFromWETH & mintFromETH, and all 3 of them use the mintFromAssets function. Looking at the mintFromAssets, it basically just forces add all the liquidity in the Balancer pool without any...

Lack of access control of generateFLNQuote can lead to potential DoS attacks

Handle shw Vulnerability details Impact The generateFLNQuote is permissionless, meaning that anyone can call this function to update the latestFlanQuotes variables. However, when a token migrates from Limbo to Beholder, Limbo calls the stabilizeFlan function on UniswapHelper, which ensures block...

Incorrect unlockTime can DOS withdrawGovernanceAsset

Handle csanuragjain Vulnerability details Impact unlockTime is set incorrectly Proof of Concept 1. Navigate to contract at 2. Observe the assertGovernanceApproved function function assertGovernanceApproved address sender, address target, bool emergency public...

extractTokensForCollateralShortfall can be called repeated to extract more than 50% of BPT

Handle gzeon Vulnerability details Impact During a collateral shortfall event, it is designed that the DAO can extract up to 50% of the BPT tokens. The 50% is set to limit the value the DAO can extract from the stakers. However, it is possible for the DAO to extract more than 50% by calling...

Safe transfers are vulnerable to EOA calls

Handle 0x1f8b Vulnerability details Impact Safe erc20 calls are prone to EOA calls and human errors. Proof of Concept Recently there was one of the biggest hacks in crypto, 80m$ was lost. One of the root causes of the vulnerability was the fact that tokenAddress.safeTransferFrom does not revert...

Usage of deprecated ChainLink API in EIP1271Wallet

Handle cmichel Vulnerability details The Chainlink API latestAnswer used in the EIP1271Wallet contract is deprecated: This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Docs This function does not error if no answer has been reached but returns 0. Besides, t...

Improper Validation Of Chainlink's latestAnswer Function

Handle leastwood Vulnerability details Impact The latestAnswer function does not allow EIP1271Wallet.validateOrder to validate the output of the Chainlink oracle query. As a result, it is possible for off-chain orders to use stale results, potentially allowing the taker of the order to extract mo...

getVotingPower Is Not Equipped To Handle On-Chain Voting

Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...

FarmingPools.sol Some users may not be able to get back their funds for tokens with tax on transfer

Handle WatchPug Vulnerability details Per the doc: Token with tax and rewards should accounted correctly and share with all holder accordingly. In the current implementation of FarmingPools.solstake, it assumes that the received amount is the same as the transfer amount, and recording it to...

UniswapHelper.buyFlanAndBurn is a subject to sandwich attacks

Handle hyh Vulnerability details Impact Trades can happen at a manipulated price and end up receiving fewer Flan to be bought than current market price dictates. For example, at the time a user decides to call buyFlanAndBurn Flan trades at 0.8 in the input token terms at the corresponding DEX poo...

Unauthorized assertGovernanceApproved

Handle pauliax Vulnerability details Impact function assertGovernanceApproved is public and unauthorized with an arbitrary "sender" parameter. Anyone can invoke it and transfer assets from an arbitrary user: function assertGovernanceApproved address sender, address target, bool emergency public...

wrong minting amount

Handle danb Vulnerability details uint256 proxy = baseBalance ONE / redeemRate; should be: uint256 proxy = amount ONE / redeemRate; --- The text was updated successfully, but these errors were encountered: All reactions...

MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced

Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...

generateFLNQuote() can be used to prevent migration()

Handle GeekyLumberjack Vulnerability details Impact generateFLNQuote can be used to always cause migrate to revert. Effectively ending one of Behodler's main function's operability. Migration is core to Behodler economics. Proof of Concept 1. Attacker would write a script to call generateFLNQuote...

makeProposal can be front run with an arbitrary proposal modifications, enabling griefing attack

Handle hyh Vulnerability details Impact Griefing attack is possible for makeProposal as proposal details can be modified by anyone. Proposal setters have no access controls, requiring only that proposal be not current, so when makeProposal is executed after the preparation phase an attacker can...

Checks missing while adding rewards

Handle csanuragjain Vulnerability details Impact Reward amount higher than contract reward balance can bring instability in the contract Proof of Concept 1. In FarmingPools.sol contract check notifyRewardAmounts function 2. Observe there is no check to see if added reward is higher than contract...

Owner can extend coolDownPeriod to indefinitely - Improper Upper Bound Definition on the coolDownPeriod

Handle defsec Vulnerability details Impact The setCoolDownTime function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. User funds will be locked forever. Proof of Concept 1. Navigate to the following contract. function...

Tolerance is not enforced during a flash governance decision

Handle shw Vulnerability details Impact Most of the functions with a governanceApproved modifier call flashGoverner.enforceTolerance to ensure the provided parameters are restricted to some range of their original values. However, in the governanceApproved modifier,...

latestAnswer doesn't check if the value is up to date

Handle pauliax Vulnerability details Impact EIP1271Wallet.sol is calling latestAnswer to get the last price: uint256 oraclePrice = toUint AggregatorV2V3InterfacepriceOracle.latestAnswer ; This method will return the last value, but you won’t be able to check if the data is fresh. On the other han...

Logic error in burnFlashGovernanceAsset can cause locked assets to be stolen

Handle shw Vulnerability details Impact A logic error in the burnFlashGovernanceAsset function that resets a user's pendingFlashDecision allows that user to steal other user's assets locked in future flash governance decisions. As a result, attackers can get their funds back even if they execute ...