RESERVE BALANCE BOUNDRY CHECKS IN _checkBalances FUNCTION IS ERRORNEOUS DUE TO WRONG INPUT PARAMETERS PASSED IN

Lines of code Vulnerability details Impact The EvolvingProteus.swap function is used to swap one token Specified token to another non-specified tokenusing the liquidity pool. The protocol charges the fee on the swap transactions by calling the applyFeeByRounding function as shown below:...

Existing checks with INT_MAX are insufficient such that the contract becomes dysfunctional after initial deployment of some large balance(s)

Lines of code Vulnerability details Impact EvolvingProteus.sol contains a variety of functions which detail the price in tokens to be paid in swaps, withdraws, and deposits. In external functions such as depositGivenInputAmount, as well as internal functions such as checkBalances, there exists a...

Missing _checkAmountWithBalance check in deposit functions

Lines of code Vulnerability details Impact When computing the input or output amount of a swap checkAmountWithBalance is called to ensure that precision errors do not occur and that the pool does not lose any value. However, checkAmountWithBalance is not called in depositGivenInputAmount and...

Upgraded Q -> 2 from #112 [1693238992728]

Judge has assessed an item in Issue 112 as 2 risk. The relevant finding follows: A profile can follow itself by receiving a pre-upgrade followNFT and then using the batchMigrateFollows function." --- The text was updated successfully, but these errors were encountered: All reactions...

swapGivenInputAmount() will always revert

Lines of code Vulnerability details Impact swapGivenInputAmount... will always revert leading to a Denial of service. Proof of Concept A call to swapGivenInputAmount... will always revert owing to the logic implementation in the function. function swapGivenInputAmount uint256 xBalance, uint256...

KEY INVARIANT RELATED TO THE FIXED_FEE AMOUNT CAN BE BROKEN

Lines of code Vulnerability details Impact The EvolvingProteus.applyFeeByRounding function is used to charge fees by rounding values in directions that are beneficial to the pool. Within this function there is a if condition which verifies that the calculated final amount is not less than the...

Max Price Ratio Manipulation

Lines of code Vulnerability details Impact Vulnerable Part in Code: pyinit.divpyinit.subpxinit ABDKMath64x64.divuuintMAXPRICERATIO, 1 here is A scenario where the range of acceptable price ratios is between 1 and 100 for instance, due to a misconfiguration or oversight, the constant MAXPRICERATIO...

M-22 Unmitigated

Lines of code Vulnerability details Comments The underlying yield vaults used by the V5 vaults usually round down shares received when depositing. As a result, if the Vault deposits to an underlying yield vault that has already issued shares, it is possible that a deposit could be rounded down to...

Claiming prizes will be bricked if prize periods are not aligned with twab periods

Lines of code Vulnerability details Comments The previous implementation allowed a malicious user to keep updating their balances provided the previous observation fell within the same period. As such, if a draw ends part way through a period, the user would be able to manipulate their average...

Number of prize tiers may never scale due to aggressive new algorithm

Lines of code Vulnerability details Comments This issue is very similar to M-14 but covers another edge case where the threshold check is not performed when there are currently 14 prize tiers and at least 1 canary tier is claimed. This is due to an early return of MAXIMUMNUMBEROFTIERS. Mitigation...

Upgraded Q -> 2 from #273 [1692910023114]

Judge has assessed an item in Issue 273 as 2 risk. The relevant finding follows: L-01 --- The text was updated successfully, but these errors were encountered: All reactions...

Loss of precision in the YieldVault causes DoS when depositing from the Vault

Lines of code Vulnerability details Title Loss of precision in the YieldVault causes DoS when depositing from the Vault Original Issue M-22 - Loss of precision leads to undercollateralized Details The original demonstrates how the Vault could fall into undercollateralization mode if the YieldVaul...

M-02 - Malicious users can set their hooks to contracts that will always revert, causing Claimers to get their tx to claim the user's prizes to be reverted

Lines of code Vulnerability details Title M-02 - Malicious users can set their hooks to contracts that will always revert, causing Claimers to get their tx to claim the user's prizes to be reverted Original Issue M-02 - Unintended or Malicious Use of Prize Winners' Hooks Details The previous...

TwabController::_periodEndOnOrAfter() function returns the period start instead of the period end

Lines of code Vulnerability details Original Issue M-03 - TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Details The original finding is about the lack of a mechanism to validate if the startTime and endTime are safely bounded, otherwise, if...

H-08 MitigationConfirmed

Lines of code Vulnerability details Original Issue H-08 - Increasing reserves breaks PrizePool accounting Details The previous implementation to increase reserves in the PrizePool contract didn't take into account the injected reserves, which caused the accounted balance in the prize pool to not ...

Vault will stop participating in draws in case if they deposited maximum assets to the underlying vault

Lines of code Vulnerability details Impact Vault will stop participating in draws in case if they deposited maximum assets to the underlying vault. Proof of Concept Vault contract has maxMint function. This function first checks allowed amount to mint in the PtVault and then also checks amount...

M-10 Unmitigated

Lines of code Vulnerability details Issue not mitigated About the problem There was unsafe cast in the getTier function and warden has stated, that in case if value will be bigger than uint96.max, then wrong prize amount will be used. Solution Pool together has increased Tier.prizeSize variable t...

H-09 Unmitigated

Lines of code Vulnerability details Issue not mitigated About the problem In the report i have described some vaults that will not work in the designed system. Example of such vault will be any vault that has withdraw limit. In this case yieldVault.maxWithdraw call will not return actual amount o...

H-05 Unmitigated

Lines of code Vulnerability details Issue not mitigated About the problem sponsor function allows caller to delegate his shares to the special address. In this case caller losses ability to win prizes. Previous version of code had sponsor function, which allowed to deposit funds on behalf of owne...

Auctions run at significantly different speeds for different prize tiers

Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...

M-02 Unmitigated

Lines of code Vulnerability details Comments In the previous implementation a malicious user could set arbitrary vault hooks for afterClaimPrize and beforeClaimPrize that could be used to gas grief the claimer or cause other claims in the same call to fail by deliberately reverting Mitigation The...

Upgraded Q -> 2 from #422 [1692189363530]

Judge has assessed an item in Issue 422 as 2 risk. The relevant finding follows: L-04 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #264 [1691857350267]

Judge has assessed an item in Issue 264 as 3 risk. The relevant finding follows: Let's see how it can be exploited. You can add this test to Withdraw.t.sol and run with forge test -vv --match-contract VaultWithdrawTest --match-test testWithdrawAllAssetsForHalfShares: function...

TEST PR 1093 - edited

Lines of code L1 Vulnerability details edited Assessed type call/delegatecall --- The text was updated successfully, but these errors were encountered: All reactions...

replaceMember and rotateMember redundancy

Lines of code Vulnerability details Impact The replaceMember and rotateMember functions have identical functionality which may lead to redundancy and confusion. Proof of Concept Both the replaceMember and rotateMember functions essentially perform the same action: replacing a current member...

receive() in LendingLedger should be replaced by an appropriate function to prevent users from sending native by mistake

Lines of code Vulnerability details Impact Users lose funds by transferring them by mistake to LendingLedger. Proof of Concept Since the LendingLedger contract has a receive external payable function which receives native without any validation, which means that anyone can transfer native to it b...

Double voting in GaugeController

Lines of code Vulnerability details Impact Voting with the same collateral multiple times by delegating and undelegating, a process that could manipulatively influenceincrease the weight of a particular lending market where the malicious actor is the major Liquidity provider. Proof of Concept The...

Reusing other user's votes for both nominee and member elections

Lines of code Vulnerability details Impact The two elections nominee and member are sharing the same proposal id. This give an attack opportunity to a malicious user to reuse signature of other users who casted vote by signature in nominee election for casting vote in member election. In other...

Users can abuse VotingEscrow.delegate() to avoid voting power decay. Additionally, users can delegate expired locks to regain full voting power.

Lines of code Vulnerability details Impact Voting power will not decay over the course of the lock. Proof of Concept The VotingEscrow.delegate function allows users to delegate to locks with a longer expiry time. See the below code snippet and inline comments: requiretoLocked.end = fromLocked.end...

createLock, increaseAmount int128(int256(_value)) unsafe downcast can lead to asset loss

Lines of code Vulnerability details Impact Suppose users deposit more than typeint128.max value through createLock and increaseAmount, they may get less voting power and can't get the assets back. Proof of Concept The VotingEscrow.sol is forked from FIATDAO, but it seems don't consider a MEDIUM...

block.number DOES NOT PROVIDE A FAIR EVALUATION OF TIME MEASUREMENTS WITHIN FUNCTIONS

Lines of code Vulnerability details Impact The SecurityCouncilMemberElectionGovernorCountingUpgradeable.votesToWeight function is used to calculate the weight of a vote for a given proposal, block number, and number of votes. During the weight calculation the weight given for each vote depends on...

Upgraded Q -> 2 from #513 [1691698843467]

Judge has assessed an item in Issue 513 as 2 risk. The relevant finding follows: Issue 2 --- The text was updated successfully, but these errors were encountered: All reactions...

getPastCirculatingSupply() returns the ARB token supply instead of circulating votes supply

Lines of code Vulnerability details Bug Description In ArbitrumGovernorVotesQuorumFractionUpgradeable, the getPastCirculatingSupply function is used when calculating quorum for proposals: ArbitrumGovernorVotesQuorumFractionUpgradeable.solL31-L35 /// @notice Get "circulating" votes supply; i.e.,...

setFullWeightDuration() can be called while a member election is ongoing

Lines of code Vulnerability details Bug Description In SecurityCouncilMemberElectionGovernorCountingUpgradeable, fullWeightDuration which is the duration where a user's votes has weight 1 can be set using setFullWeightDuration: SecurityCouncilMemberElectionGovernorCountingUpgradeable.solL77-L84...

Users can vote infinitely via delegation

Lines of code Vulnerability details Summary GaugeControllervoteforgaugeweights is designed to allow users to vote for gauge rewards based on the amount of $CANTO they have locked in the VotingEscrow contract. VotingEscrow includes functionality for users to delegate their voting power to another...

GaugeController - Vulnerability with changing gauge weight would make the contract stop working

Lines of code Vulnerability details Impact The issue is applied differently based on how changegaugeweight works. 1. When changing gauge weight is essential for every enabled gauge before any vote happens An attacker can front-run changegaugeweight transaction to manipulate slope which can result...

SecurityCouncilMemberSyncAction.perform is not exclusively can be scheduled from SecurityCouncilManager's operations

Lines of code Vulnerability details Impact SecurityCouncilMemberSyncAction.perform is a crucial function that will be triggered by upgrade executor via delegate call after the whole election process or after current members do some update add/remove/replace/rotate to update security council...

The LendingLedger.sync_ledger function is susceptible to a potential reentrancy attack

Lines of code Vulnerability details Impact The primary focus is on the functions deposit/withdraw situated within the LendingMarket smart contracts, as they trigger the invocation of the LendingLedger.syncledger function. These functions carry the potential risk of containing a reentrancy issue,...

add_gauge doesn't initialize time_weight and update time_sum

Lines of code Vulnerability details Impact In Curve's implementation, when adding gauge, timeweight of gauge type is being initialized and timesum being updated. if self.timesumgaugetype == 0: self.timesumgaugetype = nexttime self.timeweightaddr = nexttime Since timesum has been set in constructo...

Sencond hand Delegatee can Withdraw before owner undelegates

Lines of code Vulnerability details Impact When an original depositor delegates to another address, the new address can call withdraw before the delegator undelegates. Proof of Concept requirelocked.amount 0, "No lock"; requirelocked.end Attack Scenerio: 1. When an original depositor creates a...

TEST FINDING

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

Vulnerability: Setting the userClaimedEpoch to a wrong Epoch / Contract: LendingLedger / Function: claim

Lines of code Vulnerability details Impact The userClaimedEpoch is setted to a different epoch week more than the actual epoch of the claim. Proof of Concept In the function to claim the canto for a market, the claiming can only be made for a prior epoch and the function does it in that way, but...

A user can make sybil attack for manipulate gaugeController dao

Lines of code Vulnerability details Impact When voteforgaugeweights used contract just take info of users slope of exact time. And there is no extra check mechanism in protocol for control is user's delegate amount so slope too until user use voteforgaugeweights. So a user can use...

vulnerability due to the nonce rolling over and generating duplicate salts

Lines of code Vulnerability details Impact An attacker could take the transaction data from the original proposal and re-submit it to the L2 timelock with the same salt. This would get executed again since the salt matches, allowing the attacker to replay the state change. Proof of Concept The...

GaugeController.remove_gauge() may indefinitely trap user voting power

Lines of code Vulnerability details Impact Users will permanently lose voting power equal to their power used to vote in the removed gauge unless the gauge is re-added and users re-vote to remove their voting power from the gauge. Proof of Concept GaugeController.sol does not have any function fo...

critical functions should emit an event when they called

Lines of code Vulnerability details Impact some critical functions should emit an even when they called because it contains important information and an event should be emitted, some functions in this contest did not emit an event and this may led to unwanted behavior in future functions like cla...

SecurityCouncilMemberElectionGovernor propose() function is not properly restricted

Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...

Stealing or reusing votes

Lines of code Vulnerability details Impact It is possible to reuse/steal user's votes if they are supposed to cast vote by signature. Proof of Concept Casting votes during nominee election and member election is possible by calling the functions: castVoteWithReasonAndParams...

Lock owner DOS and funds stuck

Lines of code Vulnerability details Impact The lock's owner will no longer have the ability to use the delegate function. Meaning the person he chose to delegate can withdraw his funds when lock expires, but won't be able to. Proof of Concept Lets imagine 3 users with a Lock each: If user 1...

Timelock canceller role is removed from council and transferred to upgrade executor

Lines of code Vulnerability details Impact In L1SCMgmtActivationAction the TIMELOCKCANCELLORROLE is removed from the previous EmergencySecurityCouncil and not transferred to the new EmergencySecurityCouncil but rather to the L1 UpgradeExecutor. In SecurityCouncilNomineeElectionGovernor the...