mintSynth and mintFungible function are not verified from==msg.sender

Handle cccz Vulnerability details Impact The mintSynth function and the mintFungible function are not verified from==msg.sender, causing anyone to use other people’s tokens to mint Synth or LP tokens for themselves Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Add the...

Anyone Can Frontrun VaderPoolV2.mintFungible() To Steal Fungible Tokens

Handle leastwood Vulnerability details Impact The mintFungible function is callable by any user that wishes to mint liquidity pool fungible tokens. The protocol expects a user to first approve the contract as a spender before calling mintFungible. However, any arbitrary user could monitor the...

previousPrices Is Never Updated Upon Syncing Token Price

Handle leastwood Vulnerability details Impact The LiquidityBasedTWAP contract attempts to accurately track the price of VADER and USDV while still being resistant to flash loan manipulation and short-term volatility. The previousPrices array is meant to track the last queried price for the two...

Insufficient access control on VaderPoolV2.mintSynth allows theft of user funds

Handle TomFrenchBlockchain Vulnerability details Impact Loss of all USDV approved onto VaderPoolV2. Proof of Concept VaderPoolV2 allows minting of synth tokens with the mintSynth function This allows anyone to take USDV from the from address and mint synths to be sent to the to address. There is ...

Unbounded number of Collateral

Handle gzeon Vulnerability details Impact Each additional collateral will increase gas required for many operations, e.g. Liquidation. If there are too many collateral it may exceed the block gas limit. Proof of Concept Recommended Mitigation Steps Define a max number of collateral asset --- The...

Staking Zap add liquidity can be denied

Handle cmichel Vulnerability details The NFTXStakingZap.addLiquidity721WETH function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE by checking: function addLiquidity721WETH uint256 vaultId, uint256 memory ids, uint256 minWethIn, uint256 wethI...

Liquidation can be escaped by depositing a WJLP with _rewardOwner != _borrower

Handle WatchPug Vulnerability details updateWAssetsRewardOwnercollsToUpdate, borrower, yetiFinanceTreasury; In liquidateNormalMode, WAsset rewards for collToRedistribute will accrue to Yeti Finance Treasury, However, if a borrower wrap WJLP and set rewardOwner to other address,...

mintSynth is vulnerable to price manipulation.

Handle certora Vulnerability details mintSynth is vulnerable to price manipulation. amountSynth is calculated based on the current price, which can be manipulated. Impact Pool funds can be stolen. Proof of Concept pool funds can be stolen in the following steps: take a flashloan of foreignAsset...

validCollateral[0] can be added multiple times

Handle gzeon Vulnerability details Impact In addCollateral of Whitelist.sol, whatever in index 0 of validCollateral can be added multiple times. if validCollateral.length != 0 && validCollateral0 != collateral requirecollateralParamscollateral.index == 0, "collateral already exists"; Proof of...

Marketplace Zap mints can be denied

Handle cmichel Vulnerability details The NFTXMarketPlaceZap.mint721 function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE - count INFTXVaultvault.mintFee by checking: function mint721 uint256 vaultId, uint256 memory ids internal returns...

Reserve does not properly apply prices of VADER and USDV tokens

Handle TomFrenchBlockchain Vulnerability details Impact Reserve pays out vastly higher or lower IL protection than it should Proof of Concept Consider the lines 98 and 102 as shown on the link below: Here we multiply the IL experienced by the LP by a price for USDV or VADER as returned by the LBT...

_sendForReceiver returns false when receiver is EOA

Handle pauliax Vulnerability details Impact sendForReceiver always returns false when the receiver is not a contract: if receiver.isContract ... return success && IERC20Upgradeablevault.allowanceaddressthis, receiver.receiver == 0; else IERC20Upgradeablevault.safeTransferreceiver.receiver,...

Bypass zap timelock

Handle gzeon Vulnerability details Impact The default value of inventoryLockTime in NFTXStakingZap is 7 days while DEFAULTLOCKTIME in NFTXInventoryStaking is 2 ms. These timelock value are used in NFTXInventoryStaking to eventually call timelockMint in XTokenUpgradeable. function...

Lack of access control allows attacker to call wrap() and steal other user's wallet balance

Handle WatchPug Vulnerability details function wrapuint amount, address from, address to, address rewardOwner external override JLP.transferFromfrom, addressthis, amount; JLP.approveaddressMasterChefJoe, amount; // stake LP tokens in Trader Joe's. // In process of depositing, all this contract's ...

Cannot use most piecewise linear functions with current implementation

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.adjustParams function uses three functions f1, f2, f3 where yi = fixi. It computes the y-axis intersect b2 = f20, b3 = f30 for each of these but uses unsigned integers for this, which means these values cannot become negative...

mintSynth can be frontrun to steal money

Handle danb Vulnerability details nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; mintSynth has a from parameter, this is where they take the money for the transaction. If an address has allowance for the contract, anyone can use it and take it using mintSynth. Impact If a user sets...

NFTXVaultFactoryUpgradeable implementation can be replaced in production breaking the system

Handle hyh Vulnerability details Impact NFTXVaultFactory contract holds information regarding vaults, assets and permissions vaults, vaultsForAsset and excludedFromFees mappings. As there is no mechanics present that transfers this information to another implementation, the switch of...

Unsafe transfer in XTokenUpgradeable

Handle 0x1f8b Vulnerability details Impact Unsafe transfer was done. Proof of Concept In the method XTokenUpgradeable.burnXTokens it's made a transfer without checking the boolean result, ERC20 standard specify that the token can return false if the transfer was not made, so it's mandatory to che...

Chainlink's latestRoundData might return stale results

Handle WatchPug Vulnerability details function badChainlinkResponseChainlinkResponse memory response internal view returns bool // Check for response call reverted if !response.success return true; // Check for an invalid roundId that is 0 if response.roundId == 0 return true; // Check for an...

Griefing attack is possible as NFTXStakingZap, PalmNFTXStakingZap, NFTXMarketplaceZap rely on zero vault token balance for LP and minting

Handle hyh Vulnerability details Impact NFTXStakingZap and PalmNFTXStakingZap liquidity provision and NFTXMarketplaceZap minting will be blocked as addLiquidity and mint functions will revert all the time. An attacker can transfer a tiny amount of vault tokens to NFTXStakingZap/PalmNFTXStakingZap...

'wrap' tokens that you are not entitled to

Handle pauliax Vulnerability details Impact function wrap can be called by anyone. It accepts arbitrary from and to, and transfers 'from', and mints 'to'. A malicious actor can transfer from other users that have approved the contract before, e.g. an EOA user will need to execute 2 txs: first,...

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Handle defsec Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silen...

Oracle returns an improperly scaled USDV/VADER price

Handle TomFrenchBlockchain Vulnerability details Impact Invalid values returned from oracle in vast majority of situations Proof of Concept The LBT oracle does not properly scale values when calculating prices for VADER or USDV. To show this we consider the simplest case where we expect USDV to...

NFTXStakingZap and NFTXMarketplaceZap's transferFromERC721 transfer Cryptokitties to the wrong address

Handle hyh Vulnerability details Impact transferFromERC721address assetAddr, uint256 tokenId, address to should transfer from msg.sender to to. It transfers to addressthis instead when ERC721 is Cryptokitties. As there is no additional logic for this case it seems to be a mistake that leads to...

ActivePool unwraps but does not update user state in WJLP

Handle cmichel Vulnerability details Calling WJLP.unwrap burns WJLP, withdraws the amount from the master chef and returns the same amount of JLP back to the to address. However, it does not update the internal accounting in WJLP with a userUpdate call. This needs to be done on the caller side...

Incorrect logic of _userUpdate in WJLP.sol

Handle UncleGrandpa925 Vulnerability details Impact Users' rewards in Wrapped JLP will be miscalculated & lost. Every interaction with WJLP wrap, unwrapFor... will trigger the bug. Location Function userUpdate in WJLP.sol Explanation of the bug So the nature of this WJLP is simply a wrap of the...

Fee not decayed if past decayTime

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.calculateDecayedFee function is supposed to decay the lastFeePercent over time. This is correctly done in the decay 0 && decay decayTime case it does not decay at all but should set it to 0 instead.. if decay 0 && decay...

NFTXStakingZap: Balance check can result in griefing

Handle GreyArt Vulnerability details Impact The addLiquidity721WETH and addLiquidity1155WETH functions check that the correct number of vault tokens have been minted prior to liquidity provision. uint256 balance = count BASE; // We should not be experiencing fees. requirebalance ==...

denial of service

Handle danb Vulnerability details on the first deposit, the total liquidity is set to nativeDeposit. this might be a very low number compared to foreignDeposit. It can cause a denial of service of the pair. Impact A pair can enter a denial of service state. Proof of Concept consider the following...

Pool Manager can frontrun fees to 100% and use it to steal the value from users

Handle pedroais Vulnerability details Impact Pool Manager can front-run entry fee to 100% and users could lose all their deposits Proof of Concept Considering : The pool manager is the creator of the pool Anyone can create a pool Manager is not a trusted actor Anyone can create a pool and get...

NFTXMarketplaceZap.sol#buyAnd***() should return unused weth/eth back to msg.sender instead of to

Handle WatchPug Vulnerability details function buyAndSwap721WETH uint256 vaultId, uint256 memory idsIn, uint256 memory specificIds, uint256 maxWethIn, address calldata path, address to public nonReentrant requireto != address0; requireidsIn.length != 0;...

Unsafe transfers in NFTXFlashSwipe

Handle 0x1f8b Vulnerability details Impact Unsafe transfers. Proof of Concept In the methods NFTXFlashSwipe.flashSwipe and NFTXFlashSwipe.onFlashLoan there are some transfers, transferFroms and approve made without checking the boolean result, ERC20 standard specify that the token can return fals...

Missing of _userUpdate in unwrapFor in WJLP.sol

Handle UncleGrandpa925 Vulnerability details Impact Users' rewards in Wrapped JLP will be miscalculated. Hackers can exploit this to steal users' rewards. All WJLP's unwrapFor transactions will trigger the bug. Location Function unwrapFor in WJLP.sol Explanation of the bug So the nature of this...

Wrapped JLP can be stolen

Handle cmichel Vulnerability details The WJLP.wrap function accepts a from parameter and a to parameter. The tokens are transferred from the from account to the to account: function wrapuint amount, address from, address to, address rewardOwner external override // @audit can frontrun and steal =...

Reliance on exact balance

Handle pauliax Vulnerability details Impact functions addLiquidity721WETH and addLiquidity1155WETH rely on the exact balance of tokens: uint256 balance = count BASE; // We should not be experiencing fees. requirebalance == IERC20Upgradeablevault.balanceOfaddressthis, "Did not receive expected...

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer, ERC20.transferFrom, ERC20.approve functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Examples:...

NFTXMarketplaceZap: Balance check can result in DOS

Handle GreyArt Vulnerability details Impact The mint721 and mint1155 functions check that the correct number of vault tokens have been minted, after accounting for mint fees. uint256 balance = count BASE - INFTXVaultvault.mintFeecount; requirebalance == IERC20Upgradeablevault.balanceOfaddressthis...

VaderPoolV2 owner can steal all user assets which are approved VaderPoolV2

Handle TomFrenchBlockchain Vulnerability details Impact Possible theft of all user assets with an ERC20 approval on VaderPoolV2 Proof of Concept The owner of VaderPoolV2 can call the setTokenSupport function which allows the caller to supply any address from which to take the assets to provide th...

Wrong lastBuyBackPrice

Handle cmichel Vulnerability details The sYETIToken.lastBuyBackPrice is set in buyBack and hardcoded as: function buyBackaddress routerAddress, uint256 YUSDToSell, uint256 YETIOutMin, address memory path external onlyOwner requireYUSDToSell 0, "Zero amount"; requirelastBuybackTime + 69 hours...

ERC20 return values not checked (2)

Handle cmichel Vulnerability details The ERC20.transfer, ERC20.transferFrom, ERC20.approve functions return a boolean value indicating success. This parameter needs to be checked for success. Also, some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom...

Low-level call return value not checked

Handle cmichel Vulnerability details The NFTXStakingZap.addLiquidity721ETHTo function performs a low-level .call in payableto.callvalue: msg.value-amountEth but does not check the return value if the call succeeded. Impact If the call fails, the refunds did not succeed and the caller will lose al...

Reentrancy in contracts/BorrowerOperations.sol

Handle heiho1 Vulnerability details Impact There are several potential re-entrant functions in contracts/BorrowerOperations.sol: = Function addColl on line 346 is potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes adjustTrove which potentially...

Collateral parameters can be overwritten

Handle cmichel Vulnerability details It's possible to repeatedly add the first collateral token in validCollateral through the Whitelist.addCollateral function. The validCollateral0 != collateral check will return false and skip further checks. POC Owner calls...

Users can lock themselves out of being able to convert VETH, becoming stuck with the deprecated asset

Handle TomFrenchBlockchain Vulnerability details I've put this as a medium issue as we're leaking value as users are stuck with assets which are likely to be worth much less as they are deprecated. It could also be low as it's not exploitable by outside parties and the loss isn't taken by the...

NFTXSimpleFeeDistributor#addReceiver: Failure to check for existing receiver

Handle GreyArt Vulnerability details Impact The addReceiver function fails to check if the receiver already exists. This could lead to the same receiver being added multiple times, which results in erroneous fee distributions. The receiver would receive more than expected until the duplicate entr...

StabilityPool.receiveCollateral function doesn't have access control

Handle dalgarim Vulnerability details Impact The comment on the "StabilityPool.receiveCollateral" function states that this function should be called by ActivePool. However this function doesn't implement access control which checks whether the caller is actually ActivePool or not. As this functi...

rong comment in getFee

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.getFee comment states that the total + the input must be less than the cap: If dollarCap == 0, then it is not capped. Otherwise, then the total + the total input must be less than the cap. The code only checks if the input is...

Rewards can be stolen

Handle cmichel Vulnerability details The NFTXInventoryStaking contract distributes new rewards to all previous stakers when the owner calls the receiveRewards function. This allows an attacker to frontrun this receiveRewards transaction when they see it in the mem pool with a deposit function. Th...

Missing access restriction on StabilityPool's receiveCollateral

Handle kenzo Vulnerability details StabilityPool's receiveCollateral should only be called by ActivePool, but that check is missing. Anybody can call it and update StabilityPool's total collateral variable. Impact Wrong amounts of total collateral in StabilityPool totalColl. As far as I can see,...

Oracle doesn't calculate USDV/VADER price correctly

Handle TomFrenchBlockchain Vulnerability details Impact Invalid values returned from oracle for USDV and VADER prices in situations where the oracle uses more than one foreign asset. Proof of Concept The USDV price is calculated as so for simplicity we'll consider a two pairs: totalUSD =...