The system is subjected to Cross-Contract Reentrancy due to Insufficient validation for tokens, source and liquidity Pairs

Lines of code Vulnerability details Impact A malicious actor can gain control of the liquidation process which can manipulate the POOL token price Proof of Concept Almost all the pieces of the protocol are open to everyone with no guard, and that can cause a serious problem. consider the followin...

Flashloan excess debt is not sent to user

Lines of code Vulnerability details Impact These vulnerabilities can have the following impacts: 1. Liquidators may lose their eligible funds due to missing transfers of excess debt assets. 2. Excess debt TR tokens could remain in the contract after LP.flashloan claim back borrowed funds, which c...

GetVault poolMatchesOracle calculation may overflow

Lines of code Vulnerability details Impact Overflow. Proof of Concept The GetVault derivative contract implements the poolMatchesOracle function, which is used by deposit, withdraw and rebalance functions. The poolMatchesOracle function checks that the pool price isn't manipulated using a Uniswap...

GeVault cannot deposit ETH

Lines of code Vulnerability details Impact The GeVault contract has two instances where the require statement for token validation can cause reverts. In the first instance, the contract allows only token0 and token1 addresses for withdrawal, making it impossible to withdraw ETH. In the second...

Forced close position

Lines of code Vulnerability details Impact The impact of this vulnerability is that any entity can forcefully close a user's position, resulting in a potential griefing attack. If the user's position is profitable, the user could lose potential larger profits against their will. Proof of Concept...

initiator in OptionsPositionManager.executeOperation is not checked

Lines of code Vulnerability details Impact An attacker can execute flashloan pretending to be other user. Proof of Concept LendigPool.flashloan sends which user called in the parameter initiator, but it is not used in executeOperation. Tools Used Manual review. Recommended Mitigation Steps Check ...

addDust in OptionsPositionManager.sol can add way more tokens than expected in cases where the asset used has less decimals

Lines of code Vulnerability details Impact The function addDust is used in closeDebt to // Add dust to be sure debt reformed = debt outstanding as stated in the NatSpec, but in the cases of tokens with less decimals, the amount calculated will be way bigger than expected which could make the whol...

executeOperation() doesn't pass/authenticate the initiator address

Lines of code Vulnerability details Impact In OptionsPositionManager.sol executeFlashloan. File: contracts/PositionManager/OptionsPositionManager.sol function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params...

cleanup() does not properly handle debt repayment

Lines of code Vulnerability details Impact The cleanup... function in the PositionManager.sol contract is used to deposit remaining users assets back to ROE, repaying debt if any. However the users debt will not be repaid if the user has debt leading to loss of funds for the lenders and the proje...

Calculations like valueX8 and liquidity do not account for potential rounding errors

Lines of code Vulnerability details Impact These small inaccuracies could accumulate and cause the total supply of liquidity tokens to not exactly match the vault holdings. This could allow an attacker to potentially deposit tokens, get liquidity that is slightly higher than what they should base...

INCORRECT ACCESS CONTROL

Lines of code https...

getTickAtSqrtRatio used in TokenisableRange.sol to calculate lower and upper ticks is used without letting for overflow behavior, which is required

Lines of code Vulnerability details Impact The function getTickAtSqrtRatio is used multiple times in the TokenisableRange.sol, but the library TickMath.sol is compiled with pragma solidity ^0.8.4 as you can see here which doesn't allow for overflows, and since the function is not unchecked,...

CONTROLLED LOW-LEVEL CALL

Lines of code Vulnerability details Impact The contract was using call which was accepting address controlled by a user. This can have devastating effects on the contract as a delegate call allows the contract to execute code belonging to other contracts but using it’s own storage. This can very...

DEPRECATED POOLS CAN BE USED IN THE CRITICAL TRANSACTION EXECUTIONS OF THE OptionsPositionManager CONTRACT

Lines of code Vulnerability details Impact The PositionManager.getPoolAddresses function is used to get the important address details of the RoePool to be used in the critical function executions of the OptionsPositionManager contract such as executeBuyOptions, executeLiquidation,...

Wrong calculation of debt in function close0 may lead to loss of funds.

Lines of code Vulnerability details Impact In the function close, the debt was equated to the repayAmount after checking that repayAmountis greater than zero and less than the debt. Consider a situation where a user is owing 10 tokens and wants to repay 3 tokens. since 3 passes the check of being...

Functions Not Considering ERC20 Transaction Fees

Lines of code Vulnerability details Impact Some ERC20 tokens charge a transaction fee for every transfer used to encourage staking, add to liquidity pool, pay a fee to contract owner, etc.. Sometimes this is not a problem but in the cases where the same value is passed to a state variable and to...

Missing check for equal length arrays in executeOperation().

Lines of code Vulnerability details Impact The executeOperation function in the OptionsPositionManager contract doesn't check if the lengths of the arrays submitted are equal. This can lead to unexpected operations. Proof of Concept In the OptionsPositionManager contract, the executeOperation...

Avoid the use of hard coded slippage

Lines of code Vulnerability details Impact In OptionsPositionManager.sol, swapExactTokensForTokens has used the hardcoded slippage of 1% which is used in withdrawOptionAssets and swapTokens functions. function swapExactTokensForTokensIUniswapV2Router01 ammRouter, IPriceOracle oracle, uint amount,...

Calculation Errors in calculateAndSendFee Function of OptionsPositionManager Contract

Lines of code Vulnerability details Bug Description In the OptionsPositionManager contract, specifically in the calculateAndSendFee function lines 365 to 367, there are several mathematical errors that impact the accuracy of the feeAmount result. These errors can lead to incorrect fee calculation...

Some functions in TokenisableRange contracts does not allow user to deadline.

Lines of code Vulnerability details Impact Not allowing users to supply their own deadline could potentially expose them to sandwich attacks Proof of Concept Consider the following scenario: if fee0 100 bal0 && fee1 100 bal1 TOKEN0.token.safeIncreaseAllowanceaddressPOSMGR, fee0;...

Usage of slot0 is extremely easy to manipulate

Lines of code Vulnerability details Impact Pool LP value can be manipulated and cause other users to receive less lp tokens. Proof of Concept TokenisableRange.sol uses slot0 to calculate several values in the code. slot0 is the most recent data point and is therefore extremely easy to manipulate...

isDeprecated CAN ONLY BE MADE TO true AND CAN NOT BE CHANGED TO false IN THE FUTURE IF THE NEED ARISES

Lines of code Vulnerability details Impact The RoeRouter.deprecatePool function is used to Deprecate a pool. It is a onlyOwner modifier controlled function. A pool can be deprecated via the deprecatePool function as shown below: function deprecatePooluint poolId public onlyOwner...

deadline using swap functions does not verify that the deadline has passed/expired

Lines of code Vulnerability details Impact In V3Proxy.sol contract, deadline is used in functions like swapExactTokensForTokens, swapTokensForExactTokens, swapExactETHForTokens, swapETHForExactTokens, swapTokensForExactETH and swapExactTokensForETH etc to ensure that the transaction can be execut...

INCORRECT ACCESS CONTROL

Lines of code Vulnerability details Impact Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of...

REENTRANCY

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

removeFromAllTicks() withdraws all tick assets before deposit and withdraw re-deposit them creates a reentrancy attacks.

Lines of code Vulnerability details Impact reentrancy attacks can result to stolen funds Proof of Concept The key issue is that removeFromAllTicks calls removeFromTickindex in a loop, which calls lendingPool.withdraw and tr.withdraw. These external calls could trigger a reentrant call back into t...

Too many rewards are distributed when a draw is closed

Lines of code Vulnerability details Impact A relayer completes a prize pool draw by calling rngComplete in RngRelayAuction.sol. This method closes the prize pool draw with the relayed random number and distributes the rewards to the RNG auction recipient and the RNG relay auction recipient. These...

Anyone can complete the Rng relay auction

Lines of code Vulnerability details Impact There's no access restriction on rngComplete which allows anyone to execute this function and complete the auction. This can lead to unexpected behavior or potential DOS attack where a user completes the auction. Tools Used Manual Analysis Recommended...

A malicious deployer can set auctionTargetTime close to auctionDuration to make it hard or impossible for anyone to win a reward.

Lines of code Vulnerability details Impact A malicious deployer could set auctionTargetTime very close to auctionDuration, making it hard/impossible for anyone to win a reward leading to losses Proof of Concept In the constructor, auctionTargetTime is not validated to be less than auctionDuration...

Only a relayer should call rngComplete function in RngRelayAuction.sol contract.

Lines of code Vulnerability details Impact An arbitrary user can set a wining number and set a rewardRecipient to take the rewards Proof of Concept The contract RngRelayAuction is setting a rngAuctionRelayer in the constructor. file: pt-v5-draw-auction/src/RngRelayAuction.sol /// @notice The...

Lack of check in LiquidationPair.sol#_computePeriod() can lead to DOS

Lines of code Vulnerability details Impact computePeriod will revert because lack of check input validation Proof of Concept In LiquidationPair.sol, computePeriod is used to computes the current auction period: see here. It is called in functions like getPeriodStart and checkUpdateAuction. 377:...

rounding error can lead to DISABLE the system

Lines of code Vulnerability details Impact In RNGAuction.sol, openSequenceId if the difference between currentTime and sequenceOffset is less than the sequencePeriod, it will round to zero leading to all functions depending on its value to return false like canStartNextSequence, or even revert in...

Re-org attack in factory LiquidationPairFactory.sol

Lines of code Vulnerability details Impact Allowing creation of new LiquidationPairs by Re-org attack may adversely affect pricing in LiquidationPair.sol contracts. Proof of Concept The LiquidationPairFactory.solcreatePair function deploys a new LiquidationPair using the create, where the address...

Incorrect Import Path Directories

Lines of code Vulnerability details Impact Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports Proof of Concept 4. import ILiquidationSource from...

RemoteOwner circular dependency at deployment time

Lines of code Vulnerability details Impact The RemoteOwner.sol contract has a security measure that ensures the sender from the remote/origin chain was the origin chain owner i.e. a RngAuctionRelayerRemoteOwner.sol deployment, and this address is set at deployment time in the constructor. The...

Missing deadline param in swapExactAmountOut() allowing outdated slippage and allow pending transaction to be executed unexpectedly.

Lines of code Vulnerability details Impact Loss of funds/tokens for the protocol, since block execution is delegated to the block validator without a hard deadline. Proof of Concept The function swapExactAmountOut from LiquidationRouter.sol and LiquidationPair.sol use these methods to swap tokens...

Closing the draw will be compromised if the recipient reward is address(0)

Lines of code Vulnerability details Impact The rngComplete function receives the RNG request results, it closes the draw using the randomNumber generated by the RNG request auction and it transfer the rewards. The problem is that a malicious actor can introduce a address zero in the recipient...

VaultBooster liquidations can revert due to discrepancy in liquidatable balance value

Lines of code Vulnerability details Impact When a user/bot wants to perform a liquidation for a liquidation pair, they can call view methods like maxAmountOut to see what balance of the output token they are able to liquidate at the current time. This makes an underlying call to...

Potential Near-Zero Scenarios for purchasePrice in the Continuous Gradual Dutch Auction

Lines of code Vulnerability details Impact The Continuous Gradual Dutch Auction CGDA model has potential scenarios where the purchasePrice for an amount of tokens could approach near-zero values. This is influenced mainly by two factors: emissionRate and timeSinceLastAuctionStart. If either one o...

swapExactAmountOut() no deadline protection

Lines of code Vulnerability details Impact no deadline protection , users may suffer losses Proof of Concept LiquidationRouter.swapExactAmountOut use for swap tokens. However, currently only amountInMax slippage protection is provided, and not deadline protection like the common AMMS protection...

[M-01] Denial of Service with failed call Dos

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its...

Protocol won't work with tokens that can prevent transfers

Lines of code Vulnerability details Impact There are various tokens and token standards that can result in transfers being stopped, blocked, blacklisted, paused or disallowed. This entails protocols may function well with these tokens up until a time when any of above measures activated leading t...

VaultBoosterFactory allows deployment of VaultBooster with phoney PrizePool

Lines of code Vulnerability details Impact A malicious VaultBooster can be deployed via VaultBoosterFactory contract. Users may lose funds while interacting with such VaultBooster. File: src/VaultBoosterFactory.sol function createVaultBoosterPrizePool prizePool, address vault, address owner...

_computeAvailable() the calculations are wrong

Lines of code Vulnerability details Impact computeAvailable incorrect calculations that result in a return value greater than the current balance, causing methods such as liquidate to fail Proof of Concept VaultBooster.computeAvailable used to count the number of tokens currently available There...

Wrong Type for Time Related Variable

Lines of code Vulnerability details Impact uint8, uint16 was used as Type to declare Time Related Variable in the LiquidationPair.sol contract, this totally wrong as except otherwise stated, seconds is the standard time frame in solidity and the number of digits needed will be too large for uint8...

integer underflow vulnerability in the _fractionalReward() function

Lines of code Vulnerability details Impact It could cause an integer underflow when calculating the reward fraction, resulting in the attacker getting more rewards than intended. True or false, explain in details, show relevant code and explain proof of co Proof of Concept The...

Overstatement of Available Funds Due to Logic Error

Lines of code Vulnerability details Impact The computeAvailable function in VaultBooster.sol could potentially overstate the available balance in certain situations. Two functions rely on computeAvailable for determining the available funds, such as liquidate, accrue. If the overstated balance fr...

An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves

Lines of code Vulnerability details Impact When the rewards are calculated using computeRewards, the attacker's inflated rewardFraction will be used, giving them a bigger share Proof of Concept The rngAuctionResult passed to rngComplete is stored directly into the auctionResults array without any...

Integer underflow/overflow is possible in some of the timestamp calculations if sequenceOffset or auctionDuration are set maliciously

Lines of code Vulnerability details Impact An attacker could exploit this to make auctionElapsedTime return a low value when it should be high, thereby manipulating the reward calculation. Proof of Concept The vulnerability comes from the subtraction currentTime - sequenceOffset which could...

the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.

Lines of code Vulnerability details Impact This would cause the check to fail and revert the transaction, locking the user's funds Proof of Concept In volatile markets, the price could move more than 2% between when the user sends the transactions and when it gets mined. This would cause the chec...