Inconsistent balance when supplying transfer-on-fee or deflationary tokens

Handle Reigada Vulnerability details Impact In the contract StakingRewards, the stake function assume that the amount of stakingToken is transferred to the smart contract after calling the safeTransferFrom function and thus it updates the balances mapping. However, this may not be true if the...

ERC20ConvictionScore._writeCheckpoint` does not write to storage on same block

Handle cmichel Vulnerability details In ERC20ConvictionScore.writeCheckpoint, when the checkpoint is overwritten checkpoint.fromBlock == blockNumber, the new value is set to the memory checkpoint structure and never written to storage. // @audit this is MEMORY, setting new convictionScore doesn't...

Funds in FSDVesting.sol can be frozen by the attacker

Handle WatchPug Vulnerability details In the current implementation, anyone can call function updateVestedTokens to add an arbitrary amount to the beneficiary's vesting amount without sending any of it. This allows the attacker to make the amount typeuint256.max and call to claimVestedTokens will...

Users Can Frontrun revoke() By Calling vest()

Handle leastwood Vulnerability details Impact The onlyOwner role typically calls revoke if a member leaves the BootFinance team, resulting in vested tokens being transferred to the multisig account. Each vesting account has a revocable state variable that is set to either true or false. As any us...

Vested NFT not always minted

Handle cmichel Vulnerability details The FSDVesting.claimVestedTokens function tokenizes the conviction only if the current claimed amount tokenClaim equals the total vested amount amount. // tokenClaim is vestedAmount - totalClaimed uint256 tokenClaim = calculateVestingClaim; if amount ==...

Users Can DOS Vesting Distributions

Handle leastwood Vulnerability details Impact The Vesting.vest function is called by airdrop/investor distributions to lock 70% of their token allocations for a period of one year. Vestings are defined on a linear schedule and can be claimed as often as the user likes. However, the claimableAmoun...

user.creation is updated incorrectly when the user tries to extend membership

Handle WatchPug Vulnerability details if user.creation == 0 user.creation = block.timestamp; user.gracePeriod = membershipmsg.sender.creation + MEMBERSHIPDURATION + 60 days; else uint256 elapsedDurationPercentage = block.timestamp - user.creation 1 ether / MEMBERSHIPDURATION; if...

Get virtual price is not monotonically increasing

Handle jonah1005 Vulnerability details Impact There's a feature of virtualPrice that is monotonically increasing regardless of the market. This function is heavily used in multiple protocols. e.g.curve metapool, mim, ... This is not held in the current implementation of customSwap since...

Vesting.sol#vest() Anyone can make other users' vestings revokable

Handle WatchPug Vulnerability details vest can be called by anyone with an arbitrary beneficiary address to add a Timelock vesting to the beneficiary. At L83-88, it changes the global storage of revokable settings for the beneficiary. This allows anyone to change the revokable settings for other...

Insufficient check on updateVestedTokens function

Handle rfa Vulnerability details Impact This function can be used by the beneficiary to update their vested token, however the function is callable by anyone, there is no check if the msg.sender/caller is the correct beneficiary, the only check is , but this check is user controllable, therefore...

FSDVesting: Restrict updateVestedTokens() calls to only FSD token contract

Handle hickuphh3 Vulnerability details Impact The updateVestedTokens increases the amount of tokens to be vested for a beneficiary. There is no access restriction to the function. The intended total vesting duration is 30 months with a 12-month cliff where 5% is immediately unlocked, and the...

Main Swap.sol does not implement transfer-accept ownership pattern

Handle elprofesor Vulnerability details Impact Swap.sol inherits ownerpausable which inherits from Open Zep Ownable. This ownable contract allows for the transfer of ownership without validating that own address is a valid address in control of some expected recipient. If this function is used...

User can validate and claim the airdrop multiple times

Handle pauliax Vulnerability details Impact When checking if a user is already validated, it relies on the amount to be 0. However, this check can be bypassed by claiming all your airdrop to reduce your amount to 0 and then validating yourself again to refill your allocation. function claim...

_vestLock contract is not approved to transfer mainToken from PublicSale.sol contract

Handle WatchPug Vulnerability details At L225 in processWithdrawal, it calls vestLock.vest to vest 70% of the tokens bought. However, PublicSale.sol contract never approve mainToken to the vestLock contract, making processWithdrawal to revet at L225. As a result, all the withdrawals will fail and...

Stop ramp target price would create huge arbitrage space.

Handle jonah1005 Vulnerability details Stop ramp target price would create huge arbitrage space. Impact stopRampTargetPrice would set the tokenPrecisionMultipliers to originalPrecisionMultipliers0.mulcurrentTargetPrice.divWEIUNIT; Once the tokenPrecisionMultipliers is changed, the price in the AM...

_isRevocable is tied to the address and can be set by anyone

Handle pauliax Vulnerability details Impact function vest has a parameter isRevocable that is tied to the account address of beneficiary. because anyone can call vest, it allows overriding benRevocable as many times as you want. I see several potential problems with this: 1. isRevocable sets glob...

Wrong implementation of SwapUtils.sol#rampTargetPrice() makes it impossible to change the target price

Handle WatchPug Vulnerability details uint256 initialTargetPricePrecise = getTargetPricePreciseself; uint256 futureTargetPricePrecise = futureTargetPrice.mulTARGETPRICEPRECISION; if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require...

Swaps are not split when trade crosses target price

Handle cmichel Vulnerability details The protocol uses two amplifier values A1 and A2 for the swap, depending on the target price, see SwapUtils.determineA. The swap curve is therefore a join of two different curves at the target price. When doing a trade that crosses the target price, it should...

FSDVesting: Claiming tributes should call FSD token's corresponding functions

Handle hickuphh3 Vulnerability details Impact The claiming of staking and governance tributes for the a beneficiary's vested tokens should be no different than other users / EOAs. However, the claimTribute and claimGovernanceTribute are missing the actual claiming calls to the corresponding...

Double Spend in AirDropDistribution.sol

Handle elprofesor Vulnerability details HIGH Impact Due to improper validation of input, approved airdrop users are able to double spend airdrop allocated tokens. This is due to insufficient validation in validate and claimExact which allows the user to reset the amount of tokens they have claime...

SwapUtils.sol Wrong implementation

Handle WatchPug Vulnerability details Based on the context, the tokenPrecisionMultipliers used in price calculation should be calculated in realtime based on initialTargetPrice, futureTargetPrice, futureTargetPriceTime and current time, just like getA and getA2. However, in the current...

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should checked for success. Some functions perform ERC20 transfers without checking for the return value: BasicSale.processWithdrawal...

Anyone can DDOS vesting contract

Handle pauliax Vulnerability details Impact Vest function can be accessed by anyone. It accepts arbitrary beneficiary and pushes new vesting to the array of this beneficiary timelocks. As a malicious actor I can block any user by just invoking vest function with a tiny amount of vest token. The...

safe erc20

Handle pauliax Vulnerability details Impact Contracts e.g. InvestorDistribution, AirdropDistribution, Vesting have declared to use safe ERC20 library: using SafeERC20 for IERC20; However, when actually making the approvals or transfers, they make no use of this library and rely on simple standard...

Unbounded for loops allows an attacker to freeze users' funds

Handle WatchPug Vulnerability details function claim external whenNotPaused nonReentrant requirebenRevocablemsg.sender1 == false, 'Account must not already be revoked.'; uint256 amount = claimableAmountmsg.sender.subbenClaimedmsg.sender; requireamount 0, "Claimable amount must be positive";...

NFT flashloans can bypass sale constraints

Handle pauliax Vulnerability details Impact Public sale has a constraint that for the first 4 weeks only NFT holders can access the sale: if currentEra firstPublicEra requirenft.balanceOfmsg.sender 0, "You need NFT to participate in the sale."; However, this check can be easily bypassed with the...

Unsafe token transfer

Handle WatchPug Vulnerability details Calling ERC20.transfer without handling the returned value is unsafe. function processWithdrawal uint era, uint day, address member private returns uint value uint memberUnits = mapEraDayMemberUnitseradaymember; // Get Member Units if memberUnits == 0 value =...

Two-step change of an admin address

Handle pauliax Vulnerability details Impact function setAdmin allows the current admin to change it to a different address. If accidentally an invalid address is used for which they do not have the private key, then it cannot be corrected and none of the functions that require admin caller can be...

Vesting benRevocable flag can be switched on and off by anyone and doesn't provide any additional control

Handle hyh Vulnerability details Impact Griefing attack is possible for revoke mechanics by calling vest with a tiny amount and zero isRevocable. This will switch revocable off for the whole vesting amount i.e. the whole set of timelocks flag is being set via last vest call. And vice versa,...

customPrecisionMultipliers would be rounded to zero and break the pool

Handle jonah1005 Vulnerability details Impact CustomPrecisionMultipliers are set in the constructor: customPrecisionMultipliers0 = targetPriceStorage.originalPrecisionMultipliers0.multargetPrice.div10 18; originalPrecisionMultipliers equal to 1 if the token's decimal = 18. The targe price could...

addInvestor() Does Not Check Availability of investors_supply

Handle Meta0xNull Vulnerability details Impact When add investor, addInvestor does not check how many tokens is available from investorssupply. The total tokens allocated for Investors could more than investorssupply. Possible Attack Scenario: 1. Attacker who have Admin Private key call addInvest...

Use safeTransferFrom instead of transferFrom can improve safety and consistency

Handle WatchPug Vulnerability details vestingToken.transferFrommsg.sender, addressthis, amount; Recommendation Change to: vestingToken.safeTransferFrommsg.sender, addressthis, amount; --- The text was updated successfully, but these errors were encountered: All reactions...

InvestorDistribution uses setAdmin anti-pattern

Handle elprofesor Vulnerability details Impact InvestorDistriubtion.sol uses a setAdmin function which directly sets privileged user accounts to a set value. If this function is used incorrectly or by accident, the admin user may be lost or set to a malicious account. Recommended Mitigation Steps...

Unchecked low level calls

Handle Reigada Vulnerability details Impact The return value of these low-level calls are not checked, so if the call fails, the Ether will be locked in the contract. Setting the risk as medium as the smart contract has no function to withdraw the Ether. This Ether would remain stuck in the...

Swap does not provide best rate

Handle gzeon Vulnerability details Impact The custom swap curve depends on having 2 different A value, which is returned by determineA function based on current price and targetprice. targetprice also change tokenPrecisionMultipliers which is used in the swap calculation. These behavior may lead ...

Vestings' revoke status can be set by anyone

Handle cmichel Vulnerability details The idea of revoking vesting supposedly exists for the admins to call Vesting.revoke and claim back a user's vesting. However, if the user wants to protect their vesting from being revoked by the admin, they can create a new vest with isRevocable = false and a...

dev_rugpull() May be Misuse To Obtain Investors' Tokens That Does Not Belong To Admin

Handle Meta0xNull Vulnerability details Impact devrugpull Allow Admin to Transfer All Tokens to his/her wallet after 5 Years. However, Unclaimed tokens does not belong to dev by default. If someone lose their key, then lose their fund is normal in crypto. In the BOOT token allocation article belo...

Ideal balance is not calculated correctly when providing imbalanced liquidity

Handle jonah1005 Vulnerability details Impact When a user provides imbalanced liquidity, the fee is calculated according to the ideal balance. In saddle finance, the optimal balance should be the same ratio as in the Pool. Take, for example, if there's 10000 USD and 10000 DAI in the saddle's...

Permissioned nature of TwapOracle allows owner to manipulate oracle

Handle TomFrench Vulnerability details Impact Potentially frozen or purposefully inaccurate USDV:VADER price feed. Proof of Concept Only the owner of TwapOracle can call update on the oracle. Should the owner desire they could cease calling update on the oracle for a period. Over this period the...

Unchecked transferFrom call in Vesting

Handle loop Vulnerability details Vesting.sol makes use of the safeERC20 library to make transfer calls on the vestingToken as vestingToken does not seem to be a predetermined ERC20 token. There is however a transferFrom call on vestingToken which does not make use of the safeERC20 version. Impac...

Wrong assumption when updating token balance

Handle rfa Vulnerability details Impact When there is a movement of token in the swap and addliquidity function, the balances reserve , is updated based on the difference between the before and after the user transfer the token, however if there is a user that accidently send a token to this...

Can not update target price

Handle jonah1005 Vulnerability details Impact The sanity checks in rampTargetPrice are broken SwapUtils.solL1571-L1581 if futureTargetPricePrecise = initialTargetPricePrecise, "futureTargetPrice is too small" ; else require futureTargetPricePrecise =...

Unchecked transfer

Handle 0v3rf10w Vulnerability details Impact Unchecked transfer leading to free deposits to attacker account Proof of Concept function :: BasicSale.processWithdrawaluint256,uint256,address tge/contracts/PublicSale.sol212-229 Several tokens do not revert in case of failure and return false. The...

Unbounded loop in TwapOracle.update can result in oracle being locked

Handle TomFrench Vulnerability details Impact Loss of ability of TwapOracle to update should too many pools be added. Proof of Concept TwapOracle allows an unlimited number of pairs to be added and has no way of removing pairs after the fact. At the same time TwapOracle.update iterates through al...

setAdmin function use one-phase owner transfership instead of two-phases safer ownership transfer

Handle mics Vulnerability details one-phase ownership transfer sometimes used wrong and the ownership is transferred to a not existing account. The safe way to use it is to suggest new owner and then the new owner should claim its ownership. InvestorDistribution line 212 --- The text was updated...

Unchecked low-level calls

Handle 0v3rf10w Vulnerability details Impact Unchecked low-level calls Proof of Concept Unchecked cases at 2 places :- BasicSale.receive 2021-11-bootfinance/tge/contracts/PublicSale.sol148-156 ignores return value by burnAddress.callvalue: msg.value...

Should a Chainlink aggregator become stuck in a stale state then TwapOracle will become irrecoverably broken

Handle TomFrench Vulnerability details Impact Inability to call consult on the TwapOracle and so calculate the exchange rate between USDV and VADER. Proof of Concept Should any of the Chainlink aggregators used by the TwapOracle becomes stuck in such a state that the check on L143-146 of...

Overwrite benRevocable

Handle gpersoon Vulnerability details Impact Anyone can call the function vest of Vesting.sol, for example with a smail "amount" of tokens, for any beneficiary. The function overwrites the value of benRevocablebeneficiary, effectively erasing any previous value. So you can set any beneficiary to...

Investor can't claim the last tokens (via claim() )

Handle gpersoon Vulnerability details Impact Suppose you are an investor and want to claim the last part of your claimable tokens or your entire set of claimable tokens if you haven't claimed anything yet. Then you call the function claim of InvestorDistribution.sol, which has the following...

Unable to claim vesting due to unbounded timelock loop

Handle nathaniel Vulnerability details Impact The timelocks for any beneficiary are unbounded, and can be vested by someone who is not the beneficiary. When the array becomes significantly big enough, the vestments will no longer be claimable for the beneficiary. The vest function in Vesting.sol...