Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

H-03 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation After shutdown, checkpoints are stopped reward.rewardintegralforuser No updates resulted in new users getting more rewards and possible theft of rewards. Mitigation PR 930 Modify that checkpoints are already executed, just not cal...

VotiumStrategy.price() does not validate Chainlink response

Lines of code Vulnerability details Impact AfEth.deposit may mint an incorrect amount of afEth. VotiumStrategy.price may return an incorrect price of vAfEth. AfEth.price may return an incorrect price of afEth. Proof of Concept VotiumStrategy.price function price external view override returns...

VotiumStrategyCore.applyRewards() leaves unlimited allowance on tokens.

Lines of code Vulnerability details Description VotiumStrategyCore.applyRewards gives unlimited allowance on its claimed rewards tokens. It is not thereafter reset and there is not even any way to reset the allowance. It is dangerous to trust the spenders indefinitely in case they are compromised...

Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...

Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value

Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...

No slippage protection on rewards deposits

Lines of code Vulnerability details Impact Rewards deposit is not slippage protected and susceptible to MEV-attacks. Proof of Concept VotiumCoreStrategy.buyCvx is not slippage protected, as even acknowledged by the comment in ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0...

Incorrect AfEth.price() calculation

Lines of code Vulnerability details Impact AfEth.price may be calculated as too low. Proof of Concept AfEth.requestWithdraw does not burn the afEth but only transfers it to itself. Hence the withdrawRatio is calculated using only the free supply of afEth: AfEth.solL180-L185 // ratio of afEth bein...

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...

Zero amount withdrawals of SafEth or Votium will brick the withdraw process

Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...

price() in AfEth.sol doesn't take afEth held for pending withdrawals into account

Lines of code Vulnerability details Bug Description In AfEth.sol, the price function returns the current price of afEth: AfEth.solL133-L141 function price public view returns uint256 if totalSupply == 0 return 1e18; AbstractStrategy vEthStrategy = AbstractStrategyvEthAddress; uint256...

cvxPerVotium() calculation will return zero if all CVX tokens are pending withdrawal as obligations

Lines of code Vulnerability details Summary The implementation of cvxPerVotium contains an edge case that causes it to return an invalid zero value price. Impact The cvxPerVotium function present in the VotingStrategy contract is used to measure the number of held CVX tokens per vAfEth. 144:...

VotiumStrategy.requestWithdraw() does not account for immediately possible withdrawals

Lines of code Vulnerability details Impact A user might be given an unnecessarily late withdrawal epoch. VotiumStrategy.requestWithdraw might revert altogether. Proof of Concept VotiumStrategy.requestWithdraw finds the epoch at which withdrawal is possible by the following logic: , uint256...

Missing deadline check for AfEth actions

Lines of code Vulnerability details Summary AfEth main actions execute on-chain swaps and lack an expiration deadline, which enables pending transactions to be maliciously executed at a later point. Impact Both AfEth deposits and withdrawals include on-chain swaps in AMM protocols as part of thei...

Inflation attack in VotiumStrategy

Lines of code Vulnerability details Summary The VotiumStrategy contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact Both AfEth and VotiumStrategy acts as vaults: accounts deposit some tokens and get back...

Withdrawals will be permanently DOSed if VLCVX's owner decides to shutdown the contract

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the relock function is used to withdraw all unlockable CVX and then lock an appropriate amount of CVX again. It does so by calling lock of the VLCVX contract: VotiumStrategy.solL145-L148 if cvxAmountToRelock 0...

Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

VotiumStrategy.requestWithdraw() doesn't check whether totalLockedBalancePlusUnlockable is already enough to cover withdrawal being requested

Lines of code Vulnerability details Vulnerability Details The totalLockedBalancePlusUnlockable is being used to calculate an amount that's ready to be withdrawn. In case, if totalLockedBalancePlusUnlockable = cvxUnlockObligations already before iterating over the lockedBalances, the withdrawal...

Unsafe use of balanceOf(address(this))

Lines of code Vulnerability details Impact AfEth.deposit can be bricked. Proof of Concept AfEth makes use of its own balance of afEth as a temporary store of afEth for withdrawal requests. On requestWithdraw afEth is transferred to the AfEth contract and these are then burned on withdraw. The...

The current vlCVX balance is not freezed, when withdrawal has been requested

Lines of code Vulnerability details Vulnerability Details After some deposits/withdrawals being made by users, the following edge case might occur: Let's say, n = totalLockedBalancePlusUnlockable, before iterating over the lockedBalances. t1 = lockedBalance0.unlockTime t2 =...

M-04 Unmitigated

Lines of code Vulnerability details Impact The previously identified vulnerability of potential rounding issues during reward calculations has not been fully mitigated. The current strategy to keep remainders and use them in subsequent claimAndSyncRewards calls does not adequately address the iss...

M-04 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation RewardableERC20claimAndSyncRewards rewardsPerShare += delta one / totalSupply; Some rewards might be locked inside the contract due to the rounding loss. Mitigation PR 896 Recalculated balanceAfterClaimingRewards to remove the...

Lack of access control and value validation in the reward flow exposes functions to public access

Lines of code Vulnerability details Summary Some functions that are part of the Votium reward flow are left unprotected and can be accessed by anyone to spend resources held by the contract. Impact Rewards coming from the Votium protocol are claimed and compounded back in AfEth. This flow consist...

VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process

Lines of code Vulnerability details Summary Withdrawals in VotiumStrategy are executed in queue since CVX tokens are potentially locked in Convex. However, the implementation fails to consider the case where unlocked assets are already enough to cover the withdrawal, leading to different issues...

AfEth deposits could use price data from an invalid Chainlink response

Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...

Intrinsic arbitrage from price discrepancy

Lines of code Vulnerability details Impact The up to 2 % price discrepancy from Chainlink creates an intrinsic arbitrage. Especially, it makes withdrawals worth more than deposits in the sense that one can immediately withdraw more than just deposited. Proof of Concept When depositing ETH into...

Functions in the VotiumStrategy contract are susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx and sellCvx functions call exchangeunderlying of Curve's ETH / CVX pool to buy and sell CVX respectively: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn...

AfEth collaterals cannot be balanced after ratio is changed

Lines of code Vulnerability details Summary The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio. Impact The AfEth contract contains a configurable parameter ratio that indicates the intended balance between the two...

M-05 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation when stakingContract.totalAllocPoint = 0 stakingContract.withdraw and stakingContract.deposit will div 0 , revert This results in StargateRewardableWrapper no longer being able to execute StargateRewardableWrapper.withdraw The...

It might not be possible to applyRewards(), if an amount received is less than 0.05 eth

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked bi-weekly in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or...

Potential rewards stealing by manipulating CVX/ETH pool

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or obtains...

VotiumStrategy.withdrawTime doesn't expect that balance can be already unlocked

Lines of code Vulnerability details Impact VotiumStrategy.withdrawTime doesn't expect that balance can be already unlocked. As result user can wait more time to witdraw. Proof of Concept When user wants to withdraw, then he needs to initiate requestWithdraw. As some part of funds are locked as cv...

AfEth withdrawing will not work when ratio will be 0

Lines of code Vulnerability details Impact AfEth withdrawing will not work when ratio will be 0. It will be not possible to withdraw. Proof of Concept Any ratio for the 2 tokens of afEth can be set by owner. AfEth.withdraw function will not work in case if ratio will be 0, which means that safEth...

Stale cvx price can be used while depositing

Lines of code Vulnerability details Impact Stale cvx price can be used while depositing Proof of Concept When user deposits, then price of afEth token is calculated. It's needed to know how many tokens user will receieve. This price consists of safEth price and vEth price. This is how price is...

Attacker can mint afEth with cheaper price

Lines of code Vulnerability details Impact Attacker can mint afEth with cheaper price and then withdraw. Proof of Concept When user would like to buy some amount of afEth tokens, then price is calculated. This price will be used to calculate amount of tokens to mint. function price public view...

Last stakers may not receive funds back

Lines of code Vulnerability details Impact Last stakers may not receive funds back. Proof of Concept When user wants to withdraw, then he needs to initiate requestWithdraw. As some part of funds are locked as cvx token inside vlcvx that means that they should be withdrawn. When you lock cvx then...

VotiumStrategyCore.applyRewards can be sandwhiched

Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched, so users rewards will be lost. Proof of Concept VotiumStrategyCore.applyRewards will be used in order to swap all rewards to eth and then distribute eth to the safEth or vEth. The problem here is that...

VotiumStrategyCore.applyRewards can be sandwhiched to make profit

Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched to make profit. Proof of Concept VotiumStrategyCore.applyRewards function will swap all rewards of contract into eth and then stake them into safEth or vEth contract. As result price of afEth token will...

Leaky faucet

Lines of code Vulnerability details Impact Leaking is bad. Proof of Concept Turn off faucet, it leaks! Tools Used Hands Recommended Mitigation Steps Teflon tape. Assessed type Other --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #506 [1695291399781]

Judge has assessed an item in Issue 506 as 2 risk. The relevant finding follows: L‑01 The admin wont be able to burn rUSDY if the address is blacklisted/sanctioned and not on the allowlist The burn function in rUSDY.sol allows the admin to seize rUSDY if the user is not legally allowed to own it...

Upgraded Q -> 2 from #86 [1695205999296]

Judge has assessed an item in Issue 86 as 2 risk. The relevant finding follows: QA-02. BondingManager.withdrawFees doesn’t create checkpoint --- The text was updated successfully, but these errors were encountered: All reactions...

No gas payment is done before calling the callContract in the Router.sol

Lines of code Vulnerability details Impact In the Axelar documentation it is specified that before calling callContract or callContractWithToken the user needs to first prepay the relayers gas fee on the source chain, but since the functions are not payable, nor does call...

New Ward Can Revoke Admin Access

Lines of code Vulnerability details Impact A Newly added ward can remove all the wards from the system, including the admin one. Proof of Concept There is not a mechanism to prevent newly added wards from removing everyone else access' to the contracts, including the admin. Tools Used Manual...

Users may not redeem the their tranche tokens and suffer loss.

Lines of code Vulnerability details Impact In case of the stablecoin depegging, users may may not redeem the their tranche tokens and suffer loss. Proof of Concept A tranche allows multiple stablecoins to be the currencies that users can deposit to get the tranche tokens. An example would be a...

Restriction Manager does not check the source address

Lines of code Vulnerability details Impact The detectTransferRestriction takes in all the necessary parameters: function detectTransferRestrictionaddress from, address to, uint256 value public view returns uint8 However it only performs a check on the address to The restriction used here is...

The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit

Lines of code Vulnerability details Impact Medium, contract's intended logic is for blacklisted users not to be able to interact with their system so as to follow rules set by regulationary bodies in the case where a user does anything that warrants them to be blacklisted, but this is clearly...

Potential Incorrect Domain Separator Generation in _calculateDomainSeparator Function

Lines of code Vulnerability details The calculateDomainSeparator function generates the EIP-712 domain separator using the contract's name and version. However, there is no explicit guarantee that the name has been set before calling this function, leading to an unreliable domain separator. Impac...

Unchecked Minting

Lines of code Vulnerability details Impact There is a possibility, an attacker can force minting of tokens to self or any other diluting the token value and stealing funds in the process Proof of Concept Here is a step-by-step process The attacker calls the transferFrom function with msg.data...

Rouge ward can remove auth permission from other wards and then remove themselves

Lines of code Vulnerability details In a protocol, the deny function is used to remove the ward permissions from an address. This is actually a serious thing to consider that can actually occur, if a ward contract or account is obtained and other wards are not aware, the rogue ward can actually...

Unsafe message encode and decode for cross chain message transfer and in execution process through axelar

Lines of code Vulnerability details Impact The cross chain message passing is done through the axelar gateway contracts. To pass the message, the message has to be formatted abi.encode and sent to destination chain from source chain. In destination chain, through gateway contract, the received...