10190 matches found
In CreditLine#_borrowTokensToLiquidate, oracle is used wrong way
Handle 0x0x0x Vulnerability details Current implementation to get the price is as follows: uint256 ratioOfPrices, uint256 decimals = IPriceOraclepriceOracle.getLatestPriceborrowAsset, collateralAsset; But it should not consult borrowToken / collateralToken, rather it should consult the inverse of...
denial of service
Handle certora Vulnerability details if the borrow token is address0 ether, and someone calls withdrawLiquidity, it calls SavingsAccountUtil.transferTokens which will transfer to msg.sender, msg.value of withdrawLiquidity, because it's an internal function. In other words, the liquidity provided...
Wrong implementation of NoYield.sol#emergencyWithdraw()
Handle WatchPug Vulnerability details function emergencyWithdrawaddress asset, address payable wallet external onlyOwner returns uint256 received requirewallet != address0, 'cant burn'; uint256 amount = IERC20asset.balanceOfaddressthis; IERC20asset.safeTransferwallet, received; received = amount;...
Collateral can be deposited in a finished pool
Handle pedroais Vulnerability details Proof of Concept The depositCollateral function doesn't check the status of the pool so collateral can be deposited in a finished loan. This can happen by mistake and all funds will be lost. Recommended Mitigation Steps Require loan status to be collection or...
Missing approve(0)
Handle sirhashalot Vulnerability details Impact There are 3 instances where the IERC20.approve function is called only once without setting the allowance to zero. Some tokens, like USDT, require first reducing the address' allowance to zero by calling approvespender, 0. Transactions will revert...
It is possible to liquidate not existing account
Handle 0x0x0x Vulnerability details It is possible to liquidate an address for any product when collateral = maintenance = 0. So in other words, if a user have never used a product and deposited collateral, the user can get liquidated blacklisted from the product by anyone, since a liquidated...
Anyone can liquidate credit line when autoLiquidation is false without supplying borrow tokens
Handle harleythedog Vulnerability details Impact It is intended that if a credit line has autoLiquidation as false, then only the lender can be the liquidator see docs here: . However, this is not correctly implemented, and anyone can liquidate a position that has autoLiquidation set to false. Ev...
Ether can be locked in the PoolFactory contract without a way to retrieve it
Handle broccolirob Vulnerability details If a borrower calls the createPool function with a non-zero value, but also includes an ERC20 token address for collateralToken, then the Ether value sent will be locked in the PoolFactory contract forever. createPool L260-317 In the createPool function, a...
Incentivizer rewards are unclear and can be more than allotted?
Handle cmichel Vulnerability details Note that the Incentivizer.create allocates programInfo.amount.sum tokens to be rewarded. It's unclear how the rewards that are actually paid out see Program.unsettled over the duration relate to this value. The ProgramInfo.amountPerShare returns the...
NoYield.sol Tokens with fee on transfer are not supported
Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, NoYield.sollockTokens assumes that the received amount is the same as the transfer amount, and uses it to calculate sharesReceived amounts. As a result, ...
Wrong implementation of AaveYield.sol causing users to lose yields
Handle WatchPug Vulnerability details The current implementation of AaveYield.sol is taking AAVE aToken as a share token eg, cToken and yToken. However, AAVE's aTokens are quite different from cToken and yToken as it's always 1:1 to the underlying token, and the holder's balance will keep changin...
Wrong returns of SavingsAccountUtil.depositFromSavingsAccount() can cause fund loss
Handle WatchPug Vulnerability details The function SavingsAccountUtil.depositFromSavingsAccount is expected to return the number of equivalent shares for given asset. / @notice internal function used to get amount of collateral deposited to the pool @param fromSavingsAccount if true, collateral i...
Extension voting threshold check needs to rerun on each transfer
Handle cmichel Vulnerability details The Extension contract correctly reduces votes from the from address of a transfer and adds it to the to address of the transfer in case both of them voted on it before, but it does not rerun the voting logic in voteOnExtension that actually grants the...
Borrow should increase principal by withdrawn amount
Handle cmichel Vulnerability details The CreditLine.borrow function increases the principal by the amount parameter, but the borrower only receives tokenDiffBalance. // @audit increases by amount instead of tokenDiffBalance creditLineVariablesid.principal =...
In CreditLine#liquidate, lender doesn't receive _borrowTokens, when it is ETH
Handle 0x0x0x Vulnerability details When borrowAsset == address0, the liquidator sends ethereum via transaction value msg.value, but borrowTokens amount is not sent to the lender. Therefore, lender losses funds. As seen in: Mitigation step: Add bool success, = lender.callvalue: borrowTokens''; at...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a chainlink...
Chainlink's latestRoundData might return stale or incorrect results
Handle WatchPug Vulnerability details function sync public , int256 feedPrice, , uint256 timestamp, = feed.latestRoundData; Fixed18 price = Fixed18Lib.ratiofeedPrice, SafeCast.toInt256decimalOffset; if priceAtVersion.length == 0 || timestamp timestampAtVersioncurrentVersion + minDelay...
SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues
Handle hyh Vulnerability details Impact Full withdrawal and moving funds between strategies can lead to wrong accounting if the corresponding market has tight liquidity, which can be the case at least for AaveYield. That is, as the whole amount is required to be moved at once from Aave, both...
CreditLine.liquidate doesn't transfer borrowed ETH to a lender
Handle hyh Vulnerability details Impact Funds that are acquired from a liquidator and should be sent to a lender are left with the contract instead. The funds aren't lost, but after the fact mitigation will require manual accounting and fund transfer for each CreditLine.liquidate usage. Proof of...
Approved by zero first
Handle Jujic Vulnerability details Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved. Impact When using one of these unsupported tokens, all transactions rever...
outputBasket address not checked in EthSingleTokenJoin.sol
Handle jayjonah8 Vulnerability details Impact In the joinToKenEth function in EthSingleTokenJoin.sol, the outputBasket within the passed in data is not checked and could be an attacker controlled address returning any thing it wants in fake versions of calcTokensForAmount and joinPool functions...
In SingleTokenJoinV2.sol, a user can provide malicious input
Handle jayjonah8 Vulnerability details Impact In SingleTokenJoinV2.sol, a user can provide malicious input to the joinTokenSingle function providing an attacker controlled inputToken and an attacker controlled outputBasket. This fake outputBasket can return anything it wants from a fake joinPool...
transfer return value is ignored
Handle robee Vulnerability details Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer return value has to be checked as there are some other tokens that returns false instead revert, that...
JoinTokenSingle() function does not validate against evil struct inputs
Handle jayjonah8 Vulnerability details Impact In SingleTokenJoin.sol, the joinTokenSingle function allows a user to add any token address as an inputToken and any address as the outputBasket address without validating the struct data to guard against malicious input Proof of Concept An attacker...
no protection from sandwich attacks
Handle certora Vulnerability details the function joinTokenSingle has no protection from slippage and sandwich attacks. the balance after the swaps is not checked to have a minimum and the min amount in the swaps is set to zero: Impact malicious actors can front-run joinTokenSingle and perform a...
Function sync in ChainlinkOracle.sol does not check the price returned from chainlink aggregators
Handle ye0lde Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the feedPrice' from a Chainlink aggregator using the latestRoundDatafunction. There are checks on thetimeStampversus previous versions of the feed protecting against stale prices. But there is...
Incorrect maintenance invariant check
Handle kenzo Vulnerability details In Collateral, maintenanceInvariant is used to check whether after withdrawal the user will have enough funds to cover the maintenance for his current position and for his next position. However, the modifier is wrongly checking this via a max function: if...
setLock() function has no validation on the _lock number
Handle jayjonah8 Vulnerability details Impact In BasketFacet.sol, the setLock function allows the privileged caller to change the lockBlock number in storage without validating the lock arg number passed into it. This number is extremely important since if getLock returns true, it means the pool ...
PriceOracle Does Not Filter Price Feed Outliers
Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...
Unlinked address can link immediately again
Handle gpersoon Vulnerability details Impact After a master calls unlinkAddress to unlink an address, the address that has just been unlinked can directly link again without permission. The address that is just unlinked can call linkAddressmasterAddress which will execute because...
Unable To Call emergencyWithdraw ETH in NoYield Contract
Handle leastwood Vulnerability details Impact The emergencyWithdraw function is implemented in all yield sources to allow the onlyOwner role to drain the contract's balance in case of emergency. The contract considers ETH as a zero address asset. However, there is a call made on asset which will...
Wrong shortfall calculation
Handle kenzo Vulnerability details Every time an account is settled, if shortfall is created, due to a wrong calculation shortfall will double in size and add the new shortfall. Impact Loss of funds: users won't be able to withdraw the correct amount of funds. Somebody would have to donate funds ...
TwabRewards: cancelPromotion() can revert if a promotion tokens applies fee on transfer
Handle GiveMeTestEther Vulnerability details Impact If the promotion token applies transfer fees, the total amount the contract holds will be less than "tokensPerEpoch numberOfEpochs" bcs a part of this amount is the fee = funds + fee, but only the "funds" can be withdrawn. If after each epoch al...
A malicious ticket can drain the tokens
Handle pauliax Vulnerability details Impact Anyone can createPromotion with any arbitrary ticket supposed it follows the proposed interface. Thus, it is possible to create a promotion with a malicious ticket that returns arbitrary values for getAverageBalanceBetween and...
cancelPromotion() Unable to cancel unstarted promotions
Handle WatchPug Vulnerability details For unstarted promotions, cancelPromotion will revert at block.timestamp - promotion.startTimestamp in getCurrentEpochId. Call stack: cancelPromotion - getRemainingRewards - getCurrentEpochId. function getRemainingRewardsPromotion memory promotion internal vi...
unsafe cast can lead to theft
Handle certora Vulnerability details claimRewards gets epochs ids as uint256. However, it should be uint8. If a user provides an epoch Id that's larger than 256, isClaimedEpoch will return false: function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return...
getRemainingRewards() Malfunction for unstarted promotions
Handle WatchPug Vulnerability details For unstarted promotions, cancelPromotion will revert at block.timestamp - promotion.startTimestamp in getCurrentEpochId. Call stack: getRemainingRewards - getRemainingRewards - getCurrentEpochId. function getCurrentEpochIdPromotion memory promotion internal...
Support of deflationary / rebasing tokens
Handle pauliax Vulnerability details Impact Deflationary fee on transfer / rebasing tokens are not supported. Because anyone can createPromotion with an arbitrary token, such tokens may be lost forever. Recommended Mitigation Steps Consider checking the actual amounts transferred balance...
Possibility to drain TwabRewards smart contract tokens
Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing rogue ticket contract Proof of Concept The vulnerability arises because of inconsistent check of requireTicket in createPromotion requireTicketticket; function requireTicketaddress ticket internal vi...
claimRewards Does Not Prevent Users From Claiming Rewards After A Promotion's End Epoch
Handle leastwood Vulnerability details Impact claimRewards allows a user to collect their TWAB calculated rewards for a provided set of epochIds. The contract utilises a claimedEpochs mapping which tracks claimed rewards per user. Each claimed epoch is represented by a single bit within a uint256...
Possibility to drain TwabRewards smart contract tokens (even with valid ticket)
Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing uint256 overflow in updateClaimedEpoch Proof of Concept The vulnerability arises because of uint256 overflow in updateClaimedEpoch return userClaimedEpochs | uint2561 The attacker needs to have in...
Drain the award pool by feeding outrange epoch into function claimRewards
Handle 0xabc Vulnerability details Impact in function claimRewards, there is no checking on value in epochIds. Exploiter can claim more than the promotion award by calling the function with outrange epochs. Proof of Concept Consider a promotion with promitionid X and numberOfEpochs =Y. Exploiter...
Allowing more than 256 epochs leads to loss of funds
Handle cmichel Vulnerability details The TwabRewards contract has an implicit restriction of 256 epochs per promotion as it uses a bitmask in a uint256 to mark claimed epochs 0-255, see isClaimedEpoch. "/// @dev We pack epochs claimed by a user into a uint256. So we can't store more than 255...
createPromotion() Lack of input validation for _epochDuration can potentially freeze promotion creator's funds
Handle WatchPug Vulnerability details function createPromotion address ticket, IERC20 token, uint216 tokensPerEpoch, uint32 startTimestamp, uint32 epochDuration, uint8 numberOfEpochs external override returns uint256 requireTicketticket; uint256 nextPromotionId = latestPromotionId + 1;...
Attacker can empty all the funds by creating fake promotions
Handle WatchPug Vulnerability details The current implementation of calculateRewardAmount allows a arbitrary epochId, which can even be a epochId numberOfEpochs. A malicious user can call claimRewards with epochIds larger than numberOfEpochs and claim other users' rewards. Furthermore, since...
Suggestion : To add explicit check for no of epochs to be 255 in createPromotion and extendPromotion
Handle 0x421f Vulnerability details So we are using uint256 to store 1/0 if that epoch is being claimed or not uint2561 is our base, so 255 is max limit we have now if someone creates a promotion with 255 epochs in epochs 255 , it will revert with "TypeError : Invalid Rational Number" Copied from...
Malicious Promotion Creators Can Drain Token Balances
Handle leastwood Vulnerability details Impact The createPromotion allows any user to create and fund promotions for a specific number of epochs. Ticket holders are entitled to a percentage of the rewards based on their TWAB. createPromotion references a ticket address which can be controlled by t...
Can drain any promotion rewards with a evil ticket
Handle gzeon Vulnerability details Impact TwabRewards check legitimacy of ticket by checking if the ticket have a controller method. function requireTicketaddress ticket internal view requireticket != address0, "TwabRewards/ticket-not-zero-address"; bool succeeded, bytes memory data =...
Unsafe uint64 casting may overflow
Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...
Dust Token Balances Cannot Be Claimed By An admin Account
Handle leastwood Vulnerability details Impact Users who have a small claim on rewards for various promotions, may not feasibly be able to claim these rewards as gas costs could outweigh the sum they receive in return. Hence, it is likely that a dust balance accrues overtime for tokens allocated f...