10190 matches found
No slippage control on _swapUnderlyingToUst of NonUSTStrategy.sol
Handle cccz Vulnerability details Impact There is no slippage control on swapUnderlyingToUst of NonUSTStrategy.sol, which expose strategy to sandwich attack. Due to the access control of doHardWork, the attacker can front run to do a sandwich attack. function doHardWork external...
Insurance funds are never unlocked
Handle p4st13r4 Vulnerability details Impact There is a typo in the unlock function, when setting the status of an insurance to false. function unlockuint256 id public require insurancesid.status == true && marketStatus == MarketStatus.Trading && insurancesid.endTime + parameters.getGracemsg.send...
repayDebt in Vault.sol could DOS functionality for markets
Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...
No slippage tolerance set in NonUSTStrategy
Handle palina Vulnerability details Impact The exchange performed in NonUSTStrategy.sol via Curve is executed with "0" as the minimum amount received as the result of the operation, which is likely to be exploited by front-running and may lead to the loss of funds. Proof of Concept...
Reentrancy vulnerability allows attacker to gain more shares than deserved
Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...
No slippage control on _swapUstToUnderlying of NonUSTStrategy.sol
Handle cccz Vulnerability details Impact There is no slippage control on swapUstToUnderlying of NonUSTStrategy.sol, which expose strategy to sandwich attack. And since finishRedeemStable lacks access control, anyone can do a sandwich attack by calling the swapUstToUnderlying function. function...
Possibility of insufficient funds in Vault
Handle palina Vulnerability details Impact In Vault.sol, totalUnderlying and, therefore, totalUnderlyingMinusSponsored include both funds available in the Vault as well as those invested in the Strategy. The calculation of amounts returned to depositors and sponsors in withdraw and unsponsor also...
Possible griefing attack on vault setStrategy
Handle harleythedog Vulnerability details Impact In the function setStrategy within Vault.sol, there is a requirement that strategy.investedAssets == 0 so that no funds are left stuck in the strategy. A malicious user could strategically transfer 1 wei of underlying to the strategy or any other...
strategy change can be prevented
Handle danb Vulnerability details strategy change requires the invested assets to be zero. anyone can make it fail by transferring aust to the strategy. --- The text was updated successfully, but these errors were encountered: All reactions...
Lack of slippage checks during swap
Handle ye0lde Vulnerability details Impact Since the code does not use a minimum return value for swaps it is susceptible to sandwich attacks. More information here: Proof of Concept Here the code Calls Curve to convert the existing underlying balance into UST: / Calls Curve to convert the existi...
Both _mint and _safeMint are used to mint NFTs
Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...
Increasing the array size and DOS the entire system
Handle egjlmn1 Vulnerability details In allocateCredit an attacker can push into the indexList state variable and in applyCover and in resume there is a loop that goes over all the indexes. An attacker can't just add himself through calling allocateCredit because there is check that he is listed ...
Tokens can be burned with no access control
Handle sirhashalot Vulnerability details Impact The Vault.sol contract has two address state variables, the keeper variable and the controller variable, which are both permitted to be the zero address. If both variables are zero simultaneously, any address can burn the available funds available...
TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value
Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...
Manipulation of the Y State Results in Interest Rate Manipulation
Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...
investedAssets ignores fees and can cause insolvency
Handle danb Vulnerability details investedAssets doesn't substract the fees owed to the treasury, this makes the system think that it has more than it really has. Proof of Concept consider the following scenario: perfFeePct is 20%. the system generated 1M dollars yield in aust that it didn't rede...
Missing noreentrant check on mint function
Handle Fitraldys Vulnerability details Impact in there is no reentrant check, because when using safeMint, the function will make a call to the to address, through / checkOnERC721Received, that will call to the user to address, and the to address is controllable by the to address. Proof of Concep...
MsNik
Handle AmitN Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The te...
Griefing attack can prevent almost all activity in a pool
Handle harleythedog Vulnerability details Impact Consider the mint function in TimeswapPair.sol. The caller of this function is able to freely specify xIncrease, yIncrease and zIncrease. In particular, it is possible to specify xIncrease and zIncrease to be extremely small values e.g. 1 wei, whil...
When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.
Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...
TimeswapConvenience.sol#borrowGivenDebt() Attacker can increase state.y to an extremely large value with a dust amount of assetOut
Handle WatchPug Vulnerability details This issue is similar to the two previous issues related to state.y manipulation. Unlike the other two issues, this function is not on TimeswapPair.sol but on TimeswapConvenience.sol, therefore this can not be solved by adding onlyConvenience modifier...
Changing a strategy can be bricked
Handle kenzo Vulnerability details A vault wouldn't let the strategy be changed unless the strategy holds no funds. Since anybody can send funds to the strategy, a griefing attack is possible. Impact Strategy couldn't be changed. Proof of Concept setStrategy requires strategy.investedAssets == 0...
Claimer can reenter contract on deposit withdrawal
Handle kenzo Vulnerability details Upon withdrawal of deposit, the claimer will be called with onDepositBurned. This happens after the claimer shares have been updated, but before the underlying has been sent away from the contract. Therefore the claimer can reenter the contract, at an intermedia...
Depositor can reenter contract on claim creation
Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...
_transferAndCheckUnderlying doesn't work with fee-on-transfer tokens
Handle harleythedog Vulnerability details Impact There are several ERC20 tokens that take a small fee on transfers/transferFroms known as "fee-on-transfer" tokens. Most notably, USDT is an ERC20 token that has togglable transfer fees, but for now the fee is set to 0 see the contract here: . In th...
Claimer can reenter contract on claim creation
Handle kenzo Vulnerability details Upon deposit, the claimer will be called with onDepositMinted. This happens after the claimer shares have been updated, but before the underlying has been pulled to the contract. Therefore the claimer can reenter the contract, at an intermediary state where the...
TimeswapPair.sol#mint() Lack of input validation allows attacker to set pool.state.y to an arbitrary target value
Handle WatchPug Vulnerability details pool.state.y += yIncrease; TimeswapPair.solmint takes a user input value of yIncrease without proper validation, which means that it allows the state of pool.state.y to increase by the arbitrary value set by the caller. Impact When pool.state.y is extremely...
TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity
Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...
TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value
Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...
Fee-on transfer tokens not supported
Handle pmerkleplant Vulnerability details Impact There exist ERC20 tokens that charge a fee for every transfer. This kind of token does not work correctly with the PoolTemplate::deposit function. Proof of Concept The PoolTemplate::deposit function mints an amount of iTokens based on the function'...
XSS via SVG Construction contract
Handle thankyou Vulnerability details Impact SVG is a unique type of image file format that is often susceptible to Cross-site scripting. If a malicious user is able to inject malicious Javascript into a SVG file, then any user who views the SVG on a website will be susceptible to XSS. This can...
Debt created during mint is arbitragable
Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...
timeswap testnet
Handle 0x1f8b Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...
timeswap testnet
Handle 0x6672 Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...
burn() doesn't call ERC721 _burn()
Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...
safeName() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeName function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,...
safeDecimals can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeDecimals function, found in the SafeMetadata.sol contract and called in 3 different Timeswap Convenience contracts, can cause a revert. This is because the safeDecimals function attempts to use abi.decode to return a uint8 when data.length =...
safeSymbol() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeSymbol function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the symbol functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs...
PoolTemplate.sol initialize() can be called by attacker during deployment
Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...
Unbounded loop on array can lead to DoS
Handle robee Vulnerability details The attacker can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit. This is an High Risk issue since thos...
Unbounded loop on array controlled by owner can lead to DoS
Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...
Unbounded loop on array that can only grow can lead to DoS
Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...
Owner can withdraw all ERC20 tokens using withdrawRedundant
Handle camden Vulnerability details Impact The owner could potentially instantly withdraw all tokens using the withdrawRedundant function, which is probably not intended. Proof of Concept The attack would be that the owner gets compromised. The value of balance would have to be equal to or greate...
Convenience contract fails to function if asset or collateral is an ERC20 token with fees
Handle Ruhum Vulnerability details Impact There are ERC20 tokens that collect fees with each transfer. If the asset or collateral used in a pair is of that type, the Convenience contract fails to function. It always sends the flat amount specified in the function's parameter. If the token collect...
NFT is not burned during unlock
Handle sirhashalot Vulnerability details Impact When the lock function is called, an ERC721 token is minted. The unlock function should perform the opposite operation as lock and burn the corresponding NFT. The unlock function modifies the positionOf mapping, but does NOT call the burn function t...
Re-entracy leading to increasing points in undesired way
Handle hack3r-0m Vulnerability details Current state: the attacker has a few nfts minted already by locking position call lock function with very high duration and very high amount from a contract attacker has control of this contract It will pass the non-re-entrant check and call lock function...
_generateNewTokenId can create collisions
Handle sirhashalot Vulnerability details Impact The ERC721 standard requires that "for any ERC-721 Contract, the pair contract address, uint256 tokenId must be globally unique" quoted from . However, the generateNewTokenId function can produce tokenId values that are not globally unique. This wou...
Its possible to have different bonusMultiplier for same lock duration
Handle hubble Vulnerability details Impact The owner has previledge to change the bonusMultipler for a duration anytime, using the setLockPeriods function. So, its possible to have different bonusMultiplier for different users for same lock duration, which may not be desirable from the protocol...
merge can fail due to tokenId collisions
Handle cmichel Vulnerability details The XDEFIDistribution.merge function burns tokens, which decreases the ERC721Enumerable.totalSupply and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points interna...
Locks can be denied
Handle cmichel Vulnerability details The XDEFIDistribution.lock function mints a new token and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is...