Inefficient handling when the Prime contract is unfunded during interest claims

Lines of code Vulnerability details Impact Loss of funds. Transferring of wring user amount interests. This issue also might leave the PrimeLiquidityProvider with a depleted balance, making it unable to fulfill other potential interest payouts. Additionally, if the PrimeLiquidityProvider doesn't...

anyone with valid token address can create DOS for accrueInterest() in prime.sol

Lines of code Vulnerability details Impact anyone or attacker with valid token address can create DOSdenial of service for accrueInterest and functions using accrueInterest in prime.sol Proof of Concept a function accrueTokens in PrimeLiquidityProvider.sol has visibility pubic,it means anyone can...

Prime.sol currently miscalculates the duration users have already staked, which breaks multiple core functions.

Lines of code Vulnerability details Summary A wrong assumption is currently being made regarding the time taken to mine a block in all chains where the protocol will be deployed this is cause multiple core functions inappropriately equate block per year to seconds per year. Impact The impact is...

Wrong calculation of APR in certain conditions.

Lines of code Vulnerability details Impact The wrong APR due to the miscalculation of effective distribution speed. Proof of Concept The functions Prime.sol/calculateAPR and Prime.sol/estimateAPR both uses the function calculateUserAPR which uses incomeDistributionYearly function. Now this functi...

calculateAPR and estimateAPR may return invalid results

Lines of code Vulnerability details Impact The capitalForScore function in the Prime contract calculates the capital for calculation of score using a price oracle. The function is called three times inside of the contract, where only in the calculateScore is the oracle updated using the following...

Loss of interests due to loss of precision

Lines of code Vulnerability details Impact Users can lose accrued interest due to loss of precision during calculation. It is possible that the interestsvTokenuser.rewardIndex is changed and the interestsvTokenuser.accrued is never increased. Proof of Concept The interestsvTokenuser.rewardIndex a...

Update score system can be bricked

Lines of code Vulnerability details Impact The updateScores function is used to manually update users scores, devlopers have shared their reasoning of this in the documentation. Any change in the alpha and the multipliers will unbalace the reward system because the change cannot be propagated to...

Potential Gas Limit Issue with Bulk Score Updates

Lines of code Vulnerability details The updateScores function, which updates scores for multiple users, uses a nested loop structure. This can lead to a situation where if the users array is large and each user has many markets to update, the function could run out of gas. Impact If the function...

Users can use flashloans to get higher share of accrued token

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Users' vtoken balance is one of the factors to determine their score. Malicious users can just use some flashloan services that offer these vtokens to boost their balance temporarily, hence boosting the...

An irrevocable prime token holder can claim a revocable token after burning the initial one

Lines of code Vulnerability details Bug Description Here's the step-by-step description of this issue: 1. A user depositsXVSVault.deposit 10,000 XVS tokens for a certain period e.g., 90 days. 2. ACM issuesPrime.issue an irrevocable prime token to the user. 3. The user...

Potential Blacklisting from Accepting Tainted Tokens

Lines of code Vulnerability details Impact The contract can store practically any token, the problem is that some tokens have to be compliant with authorities and because of that they can and probably will add the contract's address to their blacklist if any tainted token is sent to it, here it i...

No zero address check in PrimeLiquidityProvider.sol:sweepTokens

Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesn’t implement such a check and we can see from the implementation of the function:...

Lack of Access Control for Critical Functions

Lines of code Vulnerability details Impact Several critical functions within the Prime contract lack proper access control mechanisms. These functions handle sensitive operations, making the contract vulnerable to unauthorized access and potential exploits. Proof of Concept Tools Used Manual...

Missing Access Control in setLimit Function

Lines of code Vulnerability details Impact The setLimit function does not have proper access control, allowing anyone to modify the revocableLimit and irrevocableLimit variables. This can lead to potential security risks and unintended changes to these limits. Proof of Concept no access control o...

Potential Fund Compromise via Malicious Token Insertion

Lines of code Vulnerability details Impact Since any token can be sent to the PrimeLiquidityProvider contract there is a great chance of an attacker sending a scam token with some legit value in it to lure the owner making him sweep those tokens and by doing so compromising the whole contract's...

Prime.sol: stakedAt value is not deleted when manually issuing an irrevocable token

Lines of code Vulnerability details Impact Protocol specifications state that a user cannot have less than the minimum xvs staked if they are not irrevocable prime token users. In other words, only holders of irrevocables prime tokens can have less than the minimum xvs staked. The problem arises...

functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow

Lines of code Vulnerability details Impact functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values Proof of Concept functions in FixedMath.sol like uintDiv , uintMul , toFixed directly converting its arguments from uint256 to int25...

Users can claim double the interest than they are supposed to.

Lines of code Vulnerability details Impact A malicious user can claim double the amount of interest by calling accrueInterestAndUpdateScore function before calling claimInterestfunction. This can result in direct loss of funds for the protocol and hence the high severity. Proof of Concept 1. The...

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Lines of code Vulnerability details Note All functions/properties referred to are in the Prime.sol contract. Impact A malicious user can accrue outsized rewards at the expense of other users after updateAlpha or updateMultipliers is called. Proof of Concept An attacker can prevent their score fro...

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code Vulnerability details Impact When an irrevocable token is burned by the admin, the holder should go through the 90 day staking period again before accruing rewards. However, the holder can exploit the protocol to immediately begin accruing rewards after burning. Furthermore, the...

pendingScoreUpdates counts may be corrupted

Lines of code Vulnerability details Vulnerability details Prime.pendingScoreUpdates is used to record the number of users whose score needs to be recalculated when addMarket , updateAlpha , updateMultipliers occurs. Record pendingScoreUpdates=totalIrrevocable + totalRevocable when the above metho...

BLOCKS_PER_YEAR in Prime.sol should vary depending on leap and non-leap year

Lines of code Vulnerability details Impact Since BLOCKSPERYEAR is used for calculating the total income that's going to be distributed in a year to prime token holders in the function incomeDistributionYearly, an inadequate non-zero value for BLOCKSPERYEAR in terms of chain and/or leap/non-leap...

accrueTokens will revert if any rebase tokens are used

Lines of code Vulnerability details Impact In PrimeLiquidityProvider.sol:accrueTokens we get the current balance of the passed token. If the token is any rebase token AMPL, stETH, RMPL and the current balance has become lower than tokenAmountAccruedtoken, the function will revert. This will lead ...

User Score Not Updated During Interest Claim, Leading to Incorrect Interest Calculations

Lines of code Vulnerability details Impact This oversight in the contract logic may lead to incorrect interest calculations for users. Specifically, if a user's balance or the factors contributing to the score changes between interest accruals due to actions outside of staking more tokens, the...

function 'accrueInterest(address vToken)' allows too many rewards to be allocated

Lines of code Vulnerability details Impact Malicious users can increase the number of rewards they receive within a block. Proof of Concept In the Prime contract, marketsvToken.rewardIndex is used to determine how many rewards are allocated to Prime token holders, and its value can only be change...

Missing of the distribution state updating

Lines of code Vulnerability details Impact The getEffectiveDistributionSpeed can return incorrect information. It can return distributionSpeed but the accrueTokens function will increase tokenAmountAccruedtoken only for the difference between token.balanceOfaddressthis and tokenAmountAccruedtoken...

Gas Limit Issues/DoS with Block Gas Limit

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get...

updateScore() is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact vToken.balanceOfuser can be manipulated by dong some flash loan of vToken. Proof of Concept A flash loan attack is a type of exploit that takes advantage of the fact that flash loans are uncollateralized and do not require a credit check. In a flash loan...

accrueTokens() function could revert due to potential underflow

Lines of code Vulnerability details Impact Medium, as any underflow would cause the accrueTokens function to revert, preventing tokens from being accrued, which disrupts the rewards distribution mechanism. Proof of Concept The accrueTokens function is designed to update the distribution state by...

A malicious user can reduce a staker's rewards

Lines of code Vulnerability details Impact A user's interest is accrued through the executeBoost function, which calls interestAccrued which performs calculations on how much the user has accrued. Said calculations are made by subtracting the user's rewardIndex from the current market rewardIndex...

underflow possible with sufficiently large capital and sufficiently low alpha

Lines of code Vulnerability details Impact An underflow is possible when a sufficiently large capital is coupled with an adequately low alpha value. This scenario may trigger unanticipated behaviors, resulting in the unforeseen failure of transactions, undermining the integrity and reliability of...

The prime Initializer function in prime.sol is marked “virtual”

Lines of code Vulnerability details Impact The prime initializer is responsible for setting the state variables in the prime.sol contract. The deal breaker here is; Use of virtual - If the function in the parent contract is expected to be overridden in its child contracts, it should be declared a...

Prime.sol - User can claim Prime token without having any staked XVS, because his stakedAt isn't reset whenever he is issued an irrevocable token.

Lines of code Vulnerability details Impact Whenever a new Prime token is created, the users stakedAt is reset to 0. This happens when the user claim a revocable token and when he is issue a revocable token, but it does not happen when a user is issue an irrevocable token. This is issue function...

Single Failure in claim() Reverts Entire Transaction

Lines of code Vulnerability details Impact When the claim function is called it calls internally initializeMarketsmsg.sender which then loops through the whole market and other functions involving the user passed as parameter, the problem is that if one single thing fails everything will fail and...

XVSVault implementation cannot be upgraded due to lack of proper mechanism

Lines of code Vulnerability details Summary The XVSVault is expected to be upgradeable in context of xvs staked for claim to venus prime token. The XVSVault will be updated in the Prime.sol with the initializefunction. Impact The Prime.sol cannot be upgraded as clearly mentioned in the scoping...

Incorrect Score calculation in Prime.sol

Lines of code Vulnerability details Impact Score is not calculated correctly; improperly high weight will be given to the staked XVS amount or the supply/borrow amount. Rewards accrued will not be properly calculated, so users may accrue too much or too little reward. Proof of Concept...

accrueTokens() may truncate user accrual amounts unfairly

Lines of code Vulnerability details Impact High, as this could result in users not receiving rewards they have earned. Any truncation or unfair distribution can erode trust in the protocol, leading to potential dissatisfaction among users and participants. Proof of Concept Take a look at...

Underlying tokens are stuck in the Prime contract due to roundings, which has been exacerbated by the multiplication.

Lines of code Vulnerability details Impact Underlying tokens are stuck in the Prime contract due to rounding, which has been exacerbated by the multiplication. Proof of Concept In the accrueInterest function, the value of the new market index marketsvToken.rewardIndex will be rounded down since t...

Wrong estimation of _incomeDistributionYearly

Lines of code Vulnerability details Impact Incorrect estimation of incomeDistributionYearly due to an uncertain assumption, leading to wrong APR estimation. Proof of Concept ... uint256 totalIncomePerBlockFromPLP = IPrimeLiquidityProviderprimeLiquidityProvider...

Lack of Input Validation

Lines of code Vulnerability details Impact Neither function appears to validate the length of the users array, which opens the door for misuse or unexpected behavior. Proof of Concept A user can pass an empty array or an exceedingly large array to disrupt expected behavior. Tools Used Manual code...

User scores can be wrong due to wrong scaling of the Capital.

Lines of code Vulnerability details Impact In the prime.sol contract, the function CalculateScore is used to calculate and scale the capital using 1e18 as the SCALEFACTOR. The capital is then used to call CalculateScore in Score.sol to calculate the score. The problem here is that using 1e18 as t...

Prime.sol : Incorrect decimal scaling

Lines of code Vulnerability details Impact Incorrect computation of the capital variable due to an incorrect decimal scaling. This directly impacts the computation of user's score. PoC The function calculateScore calculates the score for a given user and a given market. One of the core variables ...

Staking period reset to zero

Lines of code Vulnerability details Impact The claim function checks if the user has staked 1,000 XVS for 100 days and then sets stakedAtmsg.sender = 0.Meaning, it sets the staked period for that certain user to zero. Then,it calls the mint function.The mint function then checks if the user alrea...

AfEth price calculation doesn't factor locked tokens held in contract balance

Lines of code Vulnerability details Summary When withdrawals are enqueued in AfEth, the implementation will remove the tokens from the caller and lock these in the contract until the withdrawal is made effective. These tokens still count in the supply, and must not be considered during price...

Withdrawal requests do not check if the amount of unlockable CVX is sufficient for withdrawals

Lines of code Vulnerability details Bug Description In AfEth.sol, whenever a user calls requestWithdraw to queue a withdrawal, the time that they can withdraw is determined by withdrawTime: AfEth.solL175-L176 function requestWithdrawuint256 amount external virtual uint256 withdrawTimeBefore =...

Reward sandwiching in VotiumStrategy

Lines of code Vulnerability details Summary The reward system in VotiumStrategy can be potentially gamed by users to enter just before rewards are deposited and request an exit after that. Depending on the withdrawal queue, users may exit as early as the next epoch and avoid waiting the normal 16...

Users can deposit() even when Chainlink's price feed for CVX is stale

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...

Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...

Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value

Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...

No slippage protection on rewards deposits

Lines of code Vulnerability details Impact Rewards deposit is not slippage protected and susceptible to MEV-attacks. Proof of Concept VotiumCoreStrategy.buyCvx is not slippage protected, as even acknowledged by the comment in ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0...