Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray.

Lines of code Vulnerability details Contract lacks proper error handling. Without meaningful error messages, it becomes difficult to identify the exact reasons for failures or unexpected behavior. Often leading end user astray. The code lacks proper error handling mechanisms, which can make it...

requestDeposit and requestRedeem do not allow for any price guarantee, opening users to sandwich attacks and other losses

Lines of code Vulnerability details Impact Request functions take only the desired input amount as a parameter, giving no way for the caller to control the fulfilment price. The price is decided by the Centrifuge mainnet only. function requestDeposituint256 assets, address owner; function...

Some Outgoing functions are not supported on the gateway

Lines of code Vulnerability details Impact The gateway serves both outgoing and incoming calls, All incoming calls should have corresponding outgoing calls and vice versa However, some incoming calls like addPool , allowPoolCurrency , addTranche have no corresponding calls via the gateway contrac...

lack of failsafe mechanism to replay the failed transaction between source chain and destination chain. This would lead to loss of funds to user when transaction is failed.

Lines of code Vulnerability details Impact When the transaction fails in any of chain source or destination, it never be replayed. This would lead to loss of assets if the the transaction is target for token transfer. Similarly other issue can happen. Proof of Concept Centrifuge used the cross...

Unchecked Input

Lines of code Vulnerability details Impact Attackers can get the auth badge due to unchecked input vulnerability at the LiquidityPool The wardmsg.sender badge gives the attacker the highest role in the entire Centrifuge ecosystem, allowing the attacker to steal funds and cause DOS. Proof of Conce...

Access Control Dependency on msg.sender: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the contract.

Lines of code Vulnerability details Access Control Dependency on msg.sender Impact: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the...

Allowance manipulation in UserEscrow struct leads to unauthorized token transfers due to overreliance on maximum allowance check

Lines of code Vulnerability details Summary The UserEscrow smart contract contains a vulnerability that can possibly allow unauthorized users to transfer tokens out of the contract. Specifically, an attacker can exploit this flaw by manipulating the allowances, thus enabling them to bypass the...

An attacker can drain all the tokens from UserEscrow contract.

Lines of code Vulnerability details Impact An user who is allowed to invest can maliciously drain all the tokens from the UserEscrow contract from decreaseDepositRequest and decreaseRedeemRequest of LiquidityPool.sol contract. Both functions are first send to the router and when the call is...

approve function can be frontrun and funds will be stolen as a result

Lines of code Vulnerability details Impact The user that gives allowances will lose funds. Proof of Concept In the file ERC20.sol there is a function approve. This function is problematic as it is susceptible to frontrunning attacks. PoC: Consider the following scenario: Alice calls the function...

users can mint TT tokens without locking/depositing any currency tokens

Lines of code https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/InvestmentManager.solL427-L441...

Blocking assets/shares in escrow

Lines of code Vulnerability details Impact An investor can lose a part of assets or shares due to their blocking in escrow. Proof of Concept Suppose the user decided to invest an amount of assets which is more than typeuint128.max. This can be done by calling the requestDeposit function several...

https://github.com/code-423n4/2023-09-centrifuge/blob/main/src/InvestmentManager.sol#L467-L480

Lines of code Vulnerability details Impact In this function InvestmentManager.deposit, the require statement calls the lPool.transferFrom function with an arbitrary from address. This means that the attacker can control who the tokens are transferred from. Proof of Concept Tools Used manuel revie...

Vulnerability: An Attacker can steal Tranche Tokens and Drain the Pool / Contract: InvestmentManager.

Lines of code Vulnerability details Impact An Attacker can mint Tranche Tokens for free and use them to Drain the Pool and steal the user's money. Proof of Concept Let's imagine that some users deposit money in the pool and mint tranches but they didn't redeem/withdraw their tokens, one of the...

InvestmentManager.requestDeposit Arbitrary send erc20

Lines of code Vulnerability details Impact InvestmentManager.requestDeposit. In this function, the SafeTransferLib.safeTransferFrom function is called with an arbitrary from address. This means that the attacker can control who the tokens are transferred from. Proof of Concept Tools Used manual...

Transactions could be frontrun to deposit assets and collect shares between the deposit request and collection

Lines of code Vulnerability details Impact Attacker can spoof deposit to get free shares. Proof of Concept requestDeposit - Requests a deposit, locks up the assets. collectDeposit - Collects the shares after deposit execution. The vulnerability arises because: requestDeposit locks up the assets,...

Signature malleability in permit function

Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...

LiquidityPool.sol doesn't respect fully EIP 4626

Lines of code Vulnerability details Impact The EIP-4626 states that the function previewMint and previewWithdraw should be rounded up always, but that is not the case in the InvestmentManager.sol which makes it not fully compliant. Proof of Concept As can be seen by EIP-4626 the function...

transferIn() is susceptible to a front-running attack

Lines of code Vulnerability details Impact Another auth caller can exploit the vulnerability by executing front-running transactions using the source address that has just given allowance approval to the contract. This allows the attacker to acquire and increase the destination amount of the...

Assumptions are currently made that prices would forever be positive

Lines of code Vulnerability details Impact Neglecting the potential for negative asset prices can lead to inaccurate value representation in the Liquidity Pool, possibly affecting calculations related to assets and tokens. It's crucial to note that the value of an asset, even if negative in the...

Not enough valid checks in the Factory.sol

Lines of code Vulnerability details Impact The LiquidityPoolFactory contract is used to deploy LiquidityPools through a controlled newLiquidityPool , however a vital check is omitted. The newLiquidityPool is first called in the PoolManager.sol but it is not restricted to just that, it can also be...

Owners having valid permits might not be able to deposit or redeem assets/shares due to incorrect order of address validation in _isValidSignature

Lines of code Vulnerability details Proof of Concept requestDepositWithPermit requests asset deposit for a receiver to be included in the next epoch execution with a permit option. requestRedeemWithPermit request share redemption for a receiver to be included in the next epoch execution with a...

Already allowed pool currency can not be removed

Lines of code Vulnerability details Impact Already allowed pool currency can not be removed. Once a currency is allowed, it can not be removed. Most of the time, the currency will be a stablecoin but in cases where the stablecoin depegs, as seen with USDC three months ago, new liquidity pools for...

SafeTransferLib's safeApprove() does not set allowance 0 first which would lead to the escrow encountering issues when dealing with tether's USDT or tokens like it.

Lines of code Vulnerability details Impact Medium... a number of features within the protocol will not work if an approval reverts in the escrow or anywhere else NB: Report mainly focuses on the usage of the SafeTransferLib's safeApprove, but bug is attached to the underlying call made to approve...

The price update timestamp doesn't get checked, allowing for the use of stale prices

Lines of code Vulnerability details Impact It allows for the use of stale prices in cases where they will either damage the protocol or the user. Proof of Concept The protocol has a price oracle system where the price gets updated by an account with a privileged role by calling updatePrice...

addPauser should be a two-step process in PauseAdmin.sol

Lines of code Vulnerability details Impact Adding new pauser should me two-step proccess. The identified issue pertains to the absence of a two-step process for adding a new pauser in the smart contract. This vulnerability could potentially allow an unauthorized entity to gain control over pausin...

possibility of reentrancy attack when poolManger.sol#Transfer called with malicious recipient contract address

Lines of code Vulnerability details Impact when users calls the transfer function in the poolManger.sol the transaction data will be send to the centrifuge chain first and then it will be back to the router and then direct it to thehandleTransfer function in poolManger.sol, user can make a...

The executeScheduledRely function in the code allows any external caller to execute it without proper access control checks. This means that anyone can make themselves a ward on a contract without authorization, which poses a security risk.

Lines of code Vulnerability details Issue: The executeScheduledRely function in the code allows any external caller to execute it without proper access control checks. This means that anyone can make themselves a ward on a contract without authorization, which poses a security risk. Proof of...

potential overflow in max.Deposit&maxMint; and max.redeem&max;.withdraw

Lines of code Vulnerability details Impact there is potential overflow in max.deposit and max.mint Proof of Concept there is only way to decrease max.deposit and max.mint is deposit to be excuted . function deposituint128 trancheTokenAmount, uint128 currencyAmount, address liquidityPool, address...

The maxMint check should be cumulatively applied to ensure it's effectiveness

Lines of code Vulnerability details Impact Circumvention of the maximum minting restriction, since all a receiver need to do is not specify the whole amount of tokens in one attempt and then claim more than the maximum amount Proof of Concept Take a look at LiquidityPool.solL145-L157 /// @notice...

Allowing price updates once in an epoch is extremely risky and open windows to a lot of issues

Lines of code Vulnerability details Impact Protocol currently knows about how this could be an effect, since the comments to both previewDeposit and convertToShares suggest that any difference attached to this should be considered slippage, but measures are not taken to ensure that this slippage ...

The current axelar router's implementation can't interact with any calls that requires native tokens

Lines of code Vulnerability details Impact Medium... this completely blocks off users that would need to call a contract and want to pass value to them, as they can't do this since the functions are not payable Proof of Concept See summary Additionally take a look at the Axelar's Router.sol and s...

Expired members can lose their tranche tokens if they call transferTrancheTokensToCentrifuge or transferTrancheTokensToEVM in PoolManager.sol

Lines of code Vulnerability details Impact User can call transferTrancheTokensToCentrifuge or transferTrancheTokensToEVM to transfer their tranche tokens to other chains, but no verifying is done to see if they are expired members or not on the source chain, which can cause loss of funds for some...

previewWithdraw doesn't round up the asset amount leading to confusion when external protocols integrate with the vaults of the protocol

Lines of code Vulnerability details Impact Protocols, that integrate with Centrifuge liquidity pools may wrongly assume that withdraw rounds the amount up as per the ERC-4626 specification leading to a wide array or issues for both parties. Proof of Concept The following is stated in the EIP's...

Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

There is no concept of a requestDeposit, requestRedeem receipt made on the source chain, resulting in no recovery proces escrowed funds in the event of bridge or Centrifuge fall.

Lines of code Vulnerability details Impact There is no kind of request receipt on the EVM chain at all. The InvenstmentManagerrequestDeposit simply puts users tokens in the escrow and then the request gets routed to the Gateway and later to the outgoingRouter. The flow goes as follows 1.Buyer cal...

"Divide-by-Zero Risk in convertToShares Function"

Lines of code Vulnerability details Description The convertToShares function calculates the number of shares based on the provided assets and the "latestPrice" obtained from the liquidityPool. While the code may appear straightforward, there is a specific security concern related to divide-by-zer...

lack of an ownership transfer mechanism

Lines of code Vulnerability details Issue: The code does not have a mechanism to transfer ownership of the contract. In the current implementation, once deployed, the contract owner's address cannot be changed. This can be problematic for contract maintenance and security, as it restricts the...

Any user can drain the escrow contract by calling decreaseDepositRequest with more amount than they deposited into the escrow while requesting.

Lines of code Vulnerability details Impact In the protocol, users submit deposit requests to the Centrifuge gateway for depositing assets into the Liquidity Pools. There is also a mechanism to decrease this deposit order by calling LiquidityPool::decreaseDepositRequest which decreases their depos...

Incorrent approval for escrow tokens, not allowing to burn on redeem

Lines of code Vulnerability details Impact Liquidity pool approval for burning escrow tokens is not correctly assigned when pool is deployed on PoolManager deployLiquidityPool lines: EscrowLikeescrow.approveliquidityPool, addressinvestmentManager, typeuint256.max; // Approve investment manager on...

LiquidityPool inflation attack

Lines of code Vulnerability details Bug Description The LiquidityPool uses an algorithm that converts prices to shares through a linear relationship. For instance, if there are 10,000 assets and 100 shares, then holding 100 assets should yield 1 share. However, a situation arises when investor...

Malicious RestrictionManger can be used to verify Tranche Members

Lines of code Vulnerability details The ability to file a new Restriction Manger after deployment can actually be utilized by a rouge ward and deploy a malicious version of the RestrictionManger that implements almost the same thing as the originals, but just tweaked to return the SUCCESSMESSAGE...

Missing Ownership Check in mint Function

Lines of code Vulnerability details Description: The mint function in the PrincipalToken contract lacks a crucial ownership check before allowing token minting. While it correctly checks if the caller is the delegateToken contract to restrict minting to authorized contracts, it doesn't verify if...

To protect the contract in case of hacking or detection of incorrect operation, it is necessary to add pause and blacklist functions

Lines of code Vulnerability details Impact Cases of hacking and self-identification of errors in contact often occur. To protect the contract in such a case, the pause and blacklist functions in the contract are usually used. This would provide protection for the DelegateToken.sol contract in cas...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

Compound charges are sent to GeVault, making them potentially vulnerable to theft

Lines of code Vulnerability details Impact In the previous version, the compound fee would be saved in the TokenisableRange before being deposited into LP, and would be deposited into LP after reaching 1%. After reconstruction, the fees are sent directly to GeVault for distribution through getTVL...

Attacker can extract value from pool by sandwiching herself at swapAll during close

Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...

The owner of the PrincipalToken can redeem the asset from escrow before the selected time period expires

Lines of code Vulnerability details Impact After calling the create function, the owner of the DelegateToken gains delegate rights for the duration of the escrow. The documentation for the competition states: "The holder of the PrincipalToken will have the right to redeem the boredom ape from...

Use of tx.origin breaks interoperability with AA wallets.

Lines of code Vulnerability details In OptionPositionMananger, several functions like close and sellOptions, need to call PMWithdraw, which calls PMTransfer. Then it is checked that tx.origin != user. However, smart contract wallet cannot be tx.origin, which means AA wallets will not be able to...

Incorrect delegate token URI in MarketMetadata.sol.

Lines of code Vulnerability details Impact Web3 logic may be error prone by the wrong delegate token URL. Proof of Concept In DelegateToken.tokenURL, MarketMetadata.delegateTokenURI is called. MarketMetadata.delegateTokenURI is as follows. File: MarketMetadata.sol 37: function...

In ratifyOrder there is no need for array

Lines of code Vulnerability details Impact In ratifyOrder there is no need for array for SpentItem and ReceivedItem calldata consideration Single object can be used, there is use of the array Proof of Concept The single variable can be used instead of offer0.identifier and consideration0 Array is...