Both _mint and _safeMint are used to mint NFTs

Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...

Increasing the array size and DOS the entire system

Handle egjlmn1 Vulnerability details In allocateCredit an attacker can push into the indexList state variable and in applyCover and in resume there is a loop that goes over all the indexes. An attacker can't just add himself through calling allocateCredit because there is check that he is listed ...

Insurance funds are never unlocked

Handle p4st13r4 Vulnerability details Impact There is a typo in the unlock function, when setting the status of an insurance to false. function unlockuint256 id public require insurancesid.status == true && marketStatus == MarketStatus.Trading && insurancesid.endTime + parameters.getGracemsg.send...

Tokens can be burned with no access control

Handle sirhashalot Vulnerability details Impact The Vault.sol contract has two address state variables, the keeper variable and the controller variable, which are both permitted to be the zero address. If both variables are zero simultaneously, any address can burn the available funds available...

Reentrancy vulnerability allows attacker to gain more shares than deserved

Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...

No slippage tolerance set in NonUSTStrategy

Handle palina Vulnerability details Impact The exchange performed in NonUSTStrategy.sol via Curve is executed with "0" as the minimum amount received as the result of the operation, which is likely to be exploited by front-running and may lead to the loss of funds. Proof of Concept...

No slippage control on _swapUstToUnderlying of NonUSTStrategy.sol

Handle cccz Vulnerability details Impact There is no slippage control on swapUstToUnderlying of NonUSTStrategy.sol, which expose strategy to sandwich attack. And since finishRedeemStable lacks access control, anyone can do a sandwich attack by calling the swapUstToUnderlying function. function...

Possible griefing attack on vault setStrategy

Handle harleythedog Vulnerability details Impact In the function setStrategy within Vault.sol, there is a requirement that strategy.investedAssets == 0 so that no funds are left stuck in the strategy. A malicious user could strategically transfer 1 wei of underlying to the strategy or any other...

repayDebt in Vault.sol could DOS functionality for markets

Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...

Reentrancy vulnerability allows attacker to steal underlying tokens with withdraw

Handle harleythedog Vulnerability details Impact The withdrawDeposit function has the following code which runs before the underlying tokens are transferred to the to address: if isIntegrationclaim.beneficiary bytes4 ret = IIntegrationclaim.beneficiary.onDepositMinted tokenId, newShares, claim.da...

Possibility of insufficient funds in Vault

Handle palina Vulnerability details Impact In Vault.sol, totalUnderlying and, therefore, totalUnderlyingMinusSponsored include both funds available in the Vault as well as those invested in the Strategy. The calculation of amounts returned to depositors and sponsors in withdraw and unsponsor also...

strategy change can be prevented

Handle danb Vulnerability details strategy change requires the invested assets to be zero. anyone can make it fail by transferring aust to the strategy. --- The text was updated successfully, but these errors were encountered: All reactions...

No slippage control on _swapUnderlyingToUst of NonUSTStrategy.sol

Handle cccz Vulnerability details Impact There is no slippage control on swapUnderlyingToUst of NonUSTStrategy.sol, which expose strategy to sandwich attack. Due to the access control of doHardWork, the attacker can front run to do a sandwich attack. function doHardWork external...

MsNik

Handle AmitN Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The te...

When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.

Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...

TimeswapConvenience.sol#borrowGivenDebt() Attacker can increase state.y to an extremely large value with a dust amount of assetOut

Handle WatchPug Vulnerability details This issue is similar to the two previous issues related to state.y manipulation. Unlike the other two issues, this function is not on TimeswapPair.sol but on TimeswapConvenience.sol, therefore this can not be solved by adding onlyConvenience modifier...

Manipulation of the Y State Results in Interest Rate Manipulation

Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...

TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value

Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...

Changing a strategy can be bricked

Handle kenzo Vulnerability details A vault wouldn't let the strategy be changed unless the strategy holds no funds. Since anybody can send funds to the strategy, a griefing attack is possible. Impact Strategy couldn't be changed. Proof of Concept setStrategy requires strategy.investedAssets == 0...

Claimer can reenter contract on deposit withdrawal

Handle kenzo Vulnerability details Upon withdrawal of deposit, the claimer will be called with onDepositBurned. This happens after the claimer shares have been updated, but before the underlying has been sent away from the contract. Therefore the claimer can reenter the contract, at an intermedia...

TimeswapPair.sol#mint() Lack of input validation allows attacker to set pool.state.y to an arbitrary target value

Handle WatchPug Vulnerability details pool.state.y += yIncrease; TimeswapPair.solmint takes a user input value of yIncrease without proper validation, which means that it allows the state of pool.state.y to increase by the arbitrary value set by the caller. Impact When pool.state.y is extremely...

Fee-on transfer tokens not supported

Handle pmerkleplant Vulnerability details Impact There exist ERC20 tokens that charge a fee for every transfer. This kind of token does not work correctly with the PoolTemplate::deposit function. Proof of Concept The PoolTemplate::deposit function mints an amount of iTokens based on the function'...

investedAssets ignores fees and can cause insolvency

Handle danb Vulnerability details investedAssets doesn't substract the fees owed to the treasury, this makes the system think that it has more than it really has. Proof of Concept consider the following scenario: perfFeePct is 20%. the system generated 1M dollars yield in aust that it didn't rede...

Missing noreentrant check on mint function

Handle Fitraldys Vulnerability details Impact in there is no reentrant check, because when using safeMint, the function will make a call to the to address, through / checkOnERC721Received, that will call to the user to address, and the to address is controllable by the to address. Proof of Concep...

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

_transferAndCheckUnderlying doesn't work with fee-on-transfer tokens

Handle harleythedog Vulnerability details Impact There are several ERC20 tokens that take a small fee on transfers/transferFroms known as "fee-on-transfer" tokens. Most notably, USDT is an ERC20 token that has togglable transfer fees, but for now the fee is set to 0 see the contract here: . In th...

TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity

Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...

Claimer can reenter contract on claim creation

Handle kenzo Vulnerability details Upon deposit, the claimer will be called with onDepositMinted. This happens after the claimer shares have been updated, but before the underlying has been pulled to the contract. Therefore the claimer can reenter the contract, at an intermediary state where the...

Griefing attack can prevent almost all activity in a pool

Handle harleythedog Vulnerability details Impact Consider the mint function in TimeswapPair.sol. The caller of this function is able to freely specify xIncrease, yIncrease and zIncrease. In particular, it is possible to specify xIncrease and zIncrease to be extremely small values e.g. 1 wei, whil...

timeswap testnet

Handle 0x1f8b Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...

Debt created during mint is arbitragable

Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...

timeswap testnet

Handle 0x6672 Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...

XSS via SVG Construction contract

Handle thankyou Vulnerability details Impact SVG is a unique type of image file format that is often susceptible to Cross-site scripting. If a malicious user is able to inject malicious Javascript into a SVG file, then any user who views the SVG on a website will be susceptible to XSS. This can...

burn() doesn't call ERC721 _burn()

Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...

PoolTemplate.sol initialize() can be called by attacker during deployment

Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...

safeSymbol() can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeSymbol function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the symbol functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs...

safeDecimals can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeDecimals function, found in the SafeMetadata.sol contract and called in 3 different Timeswap Convenience contracts, can cause a revert. This is because the safeDecimals function attempts to use abi.decode to return a uint8 when data.length =...

safeName() can revert causing DoS

Handle sirhashalot Vulnerability details Impact The safeName function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,...

Unbounded loop on array can lead to DoS

Handle robee Vulnerability details The attacker can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit. This is an High Risk issue since thos...

Convenience contract fails to function if asset or collateral is an ERC20 token with fees

Handle Ruhum Vulnerability details Impact There are ERC20 tokens that collect fees with each transfer. If the asset or collateral used in a pair is of that type, the Convenience contract fails to function. It always sends the flat amount specified in the function's parameter. If the token collect...

Unbounded loop on array that can only grow can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Unbounded loop on array controlled by owner can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Owner can withdraw all ERC20 tokens using withdrawRedundant

Handle camden Vulnerability details Impact The owner could potentially instantly withdraw all tokens using the withdrawRedundant function, which is probably not intended. Proof of Concept The attack would be that the owner gets compromised. The value of balance would have to be equal to or greate...

Re-entracy leading to increasing points in undesired way

Handle hack3r-0m Vulnerability details Current state: the attacker has a few nfts minted already by locking position call lock function with very high duration and very high amount from a contract attacker has control of this contract It will pass the non-re-entrant check and call lock function...

Locks can be denied

Handle cmichel Vulnerability details The XDEFIDistribution.lock function mints a new token and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is...

NFT token id repeated

Handle MaCree Vulnerability details Impact 1. merge funtion may lead to create repeated NFT token id, so user can not lock XDEFI Proof of Concept run the test case below please beforeEachasync = god, account1, account2, account3 = await ethers.getSigners; XDEFI = await await await...

Rewards can be stolen by re-entering into updateDistribution

Handle cmichel Vulnerability details The XDEFIDistribution.updateDistribution function does not have re-entrancy locks and can be called from lock - lock - safeMint which gives control back to the msg.sender if it is a contract by performing msg.sender.onERC721Received.... As the...

updateDistribution() can unexpectedly revert

Handle sirhashalot Vulnerability details Impact The updateDistribution can revert unexpectedly, which results in the pointsPerUnit state variable not getting updated. Even more impactful is if the value of distributableXDEFI ever reaches a peak and never returns to this number, it will be...

merge can fail due to tokenId collisions

Handle cmichel Vulnerability details The XDEFIDistribution.merge function burns tokens, which decreases the ERC721Enumerable.totalSupply and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points interna...