DoS when depositing collateral

Handle cmichel Vulnerability details The Pool.depositCollateral and Pool.addCollateralInMarginCall functions require the caller to have a pool token balance of zero. function depositCollateraluint256 amount, bool transferFromSavingsAccount external payable override requireamount != 0, 'DC1'; //...

Missing approve(0)

Handle sirhashalot Vulnerability details Impact There are 3 instances where the IERC20.approve function is called only once without setting the allowance to zero. Some tokens, like USDT, require first reducing the address' allowance to zero by calling approvespender, 0. Transactions will revert...

NoYield.sol Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, NoYield.sollockTokens assumes that the received amount is the same as the transfer amount, and uses it to calculate sharesReceived amounts. As a result, ...

Missing payable

Handle robee Vulnerability details The following functions are not payable but uses msg.value - therefore the function must be payable. This can lead to undesired behavior. CreditLine.sol, depositCollateral is payable but doesn't use msg.value CreditLine.sol, repay is payable but doesn't use...

No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation

Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...

Wrong returns of SavingsAccountUtil.depositFromSavingsAccount() can cause fund loss

Handle WatchPug Vulnerability details The function SavingsAccountUtil.depositFromSavingsAccount is expected to return the number of equivalent shares for given asset. / @notice internal function used to get amount of collateral deposited to the pool @param fromSavingsAccount if true, collateral i...

Extension voting threshold check needs to rerun on each transfer

Handle cmichel Vulnerability details The Extension contract correctly reduces votes from the from address of a transfer and adds it to the to address of the transfer in case both of them voted on it before, but it does not rerun the voting logic in voteOnExtension that actually grants the...

denial of service

Handle certora Vulnerability details if the borrow token is address0 ether, and someone calls withdrawLiquidity, it calls SavingsAccountUtil.transferTokens which will transfer to msg.sender, msg.value of withdrawLiquidity, because it's an internal function. In other words, the liquidity provided...

Failed transfer with low level call could be overlooked

Handle harleythedog Vulnerability details Impact There are several places where low level call is used within the contract. In particular, in SavingsAccount.sol, the external withdraw function has the to argument, which is eventually used in this code in transfer: bool success, = to.callvalue:...

Yearn token <> shares conversion decimal issue

Handle cmichel Vulnerability details The yearn strategy YearnYield converts shares to tokens by doing pricePerFullShare shares / 1e18: function getTokensForSharesuint256 shares, address asset public view override returns uint256 amount if shares == 0 return 0; // @audit should divided by...

Collateral can be deposited in a finished pool

Handle pedroais Vulnerability details Proof of Concept The depositCollateral function doesn't check the status of the pool so collateral can be deposited in a finished loan. This can happen by mistake and all funds will be lost. Recommended Mitigation Steps Require loan status to be collection or...

withdrawTo Does Not Sync Before Checking A Position's Margin Requirements

Handle leastwood Vulnerability details Impact The maintenanceInvariant modifier in Collateral aims to check if a user meets the margin requirements to withdraw collateral by checking its current and next maintenance. maintenanceInvariant inevitably calls AccountPosition.maintenance which uses the...

Wrong implementation of NoYield.sol#emergencyWithdraw()

Handle WatchPug Vulnerability details function emergencyWithdrawaddress asset, address payable wallet external onlyOwner returns uint256 received requirewallet != address0, 'cant burn'; uint256 amount = IERC20asset.balanceOfaddressthis; IERC20asset.safeTransferwallet, received; received = amount;...

Ether can be locked in the PoolFactory contract without a way to retrieve it

Handle broccolirob Vulnerability details If a borrower calls the createPool function with a non-zero value, but also includes an ERC20 token address for collateralToken, then the Ether value sent will be locked in the PoolFactory contract forever. createPool L260-317 In the createPool function, a...

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkOracle.sync if the oracle return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a chainlink...

no protection from sandwich attacks

Handle certora Vulnerability details the function joinTokenSingle has no protection from slippage and sandwich attacks. the balance after the swaps is not checked to have a minimum and the min amount in the swaps is set to zero: Impact malicious actors can front-run joinTokenSingle and perform a...

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...

JoinTokenSingle() function does not validate against evil struct inputs

Handle jayjonah8 Vulnerability details Impact In SingleTokenJoin.sol, the joinTokenSingle function allows a user to add any token address as an inputToken and any address as the outputBasket address without validating the struct data to guard against malicious input Proof of Concept An attacker...

Chainlink's latestRoundData might return stale or incorrect results

Handle WatchPug Vulnerability details function sync public , int256 feedPrice, , uint256 timestamp, = feed.latestRoundData; Fixed18 price = Fixed18Lib.ratiofeedPrice, SafeCast.toInt256decimalOffset; if priceAtVersion.length == 0 || timestamp timestampAtVersioncurrentVersion + minDelay...

CreditLine.liquidate doesn't transfer borrowed ETH to a lender

Handle hyh Vulnerability details Impact Funds that are acquired from a liquidator and should be sent to a lender are left with the contract instead. The funds aren't lost, but after the fact mitigation will require manual accounting and fund transfer for each CreditLine.liquidate usage. Proof of...

In SingleTokenJoinV2.sol, a user can provide malicious input

Handle jayjonah8 Vulnerability details Impact In SingleTokenJoinV2.sol, a user can provide malicious input to the joinTokenSingle function providing an attacker controlled inputToken and an attacker controlled outputBasket. This fake outputBasket can return anything it wants from a fake joinPool...

outputBasket address not checked in EthSingleTokenJoin.sol

Handle jayjonah8 Vulnerability details Impact In the joinToKenEth function in EthSingleTokenJoin.sol, the outputBasket within the passed in data is not checked and could be an attacker controlled address returning any thing it wants in fake versions of calcTokensForAmount and joinPool functions...

Approved by zero first

Handle Jujic Vulnerability details Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved. Impact When using one of these unsupported tokens, all transactions rever...

transfer return value is ignored

Handle robee Vulnerability details Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer return value has to be checked as there are some other tokens that returns false instead revert, that...

Function sync in ChainlinkOracle.sol does not check the price returned from chainlink aggregators

Handle ye0lde Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the feedPrice' from a Chainlink aggregator using the latestRoundDatafunction. There are checks on thetimeStampversus previous versions of the feed protecting against stale prices. But there is...

Unable To Call emergencyWithdraw ETH in NoYield Contract

Handle leastwood Vulnerability details Impact The emergencyWithdraw function is implemented in all yield sources to allow the onlyOwner role to drain the contract's balance in case of emergency. The contract considers ETH as a zero address asset. However, there is a call made on asset which will...

Wrong shortfall calculation

Handle kenzo Vulnerability details Every time an account is settled, if shortfall is created, due to a wrong calculation shortfall will double in size and add the new shortfall. Impact Loss of funds: users won't be able to withdraw the correct amount of funds. Somebody would have to donate funds ...

PriceOracle Does Not Filter Price Feed Outliers

Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...

Incorrect maintenance invariant check

Handle kenzo Vulnerability details In Collateral, maintenanceInvariant is used to check whether after withdrawal the user will have enough funds to cover the maintenance for his current position and for his next position. However, the modifier is wrongly checking this via a max function: if...

Unlinked address can link immediately again

Handle gpersoon Vulnerability details Impact After a master calls unlinkAddress to unlink an address, the address that has just been unlinked can directly link again without permission. The address that is just unlinked can call linkAddressmasterAddress which will execute because...

setLock() function has no validation on the _lock number

Handle jayjonah8 Vulnerability details Impact In BasketFacet.sol, the setLock function allows the privileged caller to change the lockBlock number in storage without validating the lock arg number passed into it. This number is extremely important since if getLock returns true, it means the pool ...

claimRewards Does Not Prevent Users From Claiming Rewards After A Promotion's End Epoch

Handle leastwood Vulnerability details Impact claimRewards allows a user to collect their TWAB calculated rewards for a provided set of epochIds. The contract utilises a claimedEpochs mapping which tracks claimed rewards per user. Each claimed epoch is represented by a single bit within a uint256...

Malicious Promotion Creators Can Drain Token Balances

Handle leastwood Vulnerability details Impact The createPromotion allows any user to create and fund promotions for a specific number of epochs. Ticket holders are entitled to a percentage of the rewards based on their TWAB. createPromotion references a ticket address which can be controlled by t...

Missing Validation Of createPromotion Parameters

Handle leastwood Vulnerability details Impact The createPromotion function is called by a creator account denoted as msg.sender to fund a promotion with tokens allocated on a per epoch basis across a set epochs. However, the function does not perform the necessary checks on function inputs to...

Reward stuck if promotion cancel before all past reward claimed

Handle gzeon Vulnerability details Impact When owner call cancelPromotion, the contract 1. Delete the promotion struct L132 2. Return all token reserved for future epochs L133 If there are token left for previous epochs, they will be stuck in the contract as the promotion struct is gone. Proof of...

Non compatile with all tokens

Handle 0x1f8b Vulnerability details Impact It could not work with all tokens. Proof of Concept The method fromTokenAmount inside the contract Token18 can't work with tokens with 0 decimals, the result of UFixed18Lib.ratio will throw and error because it will divide by zero. It's mandatory to chec...

Missing Check When Transferring Tokens Out For A Given Promotion

Handle leastwood Vulnerability details Impact The claimRewards function is called upon by ticket holders who parse a set of epochIds they wish to claim rewards on. An internal call is made to calculateRewardAmount to calculate the correct reward amount owed to the user. Subsequently, the...

unsafe cast can lead to theft

Handle certora Vulnerability details claimRewards gets epochs ids as uint256. However, it should be uint8. If a user provides an epoch Id that's larger than 256, isClaimedEpoch will return false: function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return...

Allowing more than 256 epochs leads to loss of funds

Handle cmichel Vulnerability details The TwabRewards contract has an implicit restriction of 256 epochs per promotion as it uses a bitmask in a uint256 to mark claimed epochs 0-255, see isClaimedEpoch. "/// @dev We pack epochs claimed by a user into a uint256. So we can't store more than 255...

createPromotion() Lack of input validation for _epochDuration can potentially freeze promotion creator's funds

Handle WatchPug Vulnerability details function createPromotion address ticket, IERC20 token, uint216 tokensPerEpoch, uint32 startTimestamp, uint32 epochDuration, uint8 numberOfEpochs external override returns uint256 requireTicketticket; uint256 nextPromotionId = latestPromotionId + 1;...

Attacker can empty all the funds by creating fake promotions

Handle WatchPug Vulnerability details The current implementation of calculateRewardAmount allows a arbitrary epochId, which can even be a epochId numberOfEpochs. A malicious user can call claimRewards with epochIds larger than numberOfEpochs and claim other users' rewards. Furthermore, since...

Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, createPromotion assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in claimReward...

Possibility to drain TwabRewards smart contract tokens (even with valid ticket)

Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing uint256 overflow in updateClaimedEpoch Proof of Concept The vulnerability arises because of uint256 overflow in updateClaimedEpoch return userClaimedEpochs | uint2561 The attacker needs to have in...

Can claim epoch > 255 repeatedly due to bitshift truncation

Handle gzeon Vulnerability details Can claim epoch 255 repeatedly due to bitshift truncation Impact TwabRewards contract store user claimed reward in a claimedEpochs bitmap. function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return userClaimedEpochs epoch...

TwabRewards: fee on transfer token as promotion token will block at least one epoch reward claim

Handle GiveMeTestEther Vulnerability details Impact If the promotion token applies transfer fees, the total amount to claim will be less than "tokensPerEpoch numberOfEpochs" bcs a part of this amount is the fee = funds + fee, but only the "funds" can be withdrawn but the calculation in...

Rewards not worth to claim will accumulate in the contract

Handle 0x0x0x Vulnerability details Let's say there is a Ticket called A. Ticket A has many users and assume there are some whales and they control most of the supplies. In this case most users rewards can be less than gas cost to claim rewards. Therefore, users with rewards less than gas cost...

TwabRewards: fee on transfer token as promotion token can make claimRewards() & cancelPromotion() fail

Handle GiveMeTestEther Vulnerability details Vulnerability details Impact If the rewards creator sets a token that applies transfer fees for the promotion token, users won't be able to claim some of their rewards because the claimRewards uses calculateRewardAmount that assumes for each epoch ther...

If a promoter cancels a promotion, unclaimed rewards of ticket holders are lost

Handle hubble Vulnerability details Impact Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch. Proof of Concept contract : TwabRewards function : cancelPromotion line 132 delete...

TwabRewards: fee on transfer token as promotion token can make claimRewards() fail

Handle GiveMeTestEther Vulnerability details Impact If the rewards creator sets a token that applies transfer fees for the promotion token, users won't be able to claim some of their rewards because the claimRewards uses calculateRewardAmount that assumes for each epoch there are...