Broker Address can be Claim by a MEV Bot

Lines of code Vulnerability details Impact If the broker address is a malicious user, he can mint as many OTAP as he wants. Proof of Concept Protocol deploy the OTAP contract A Bot wait until the contract is deployed Then call the "brokerClaim" straight away with his own address. He can then call...

TapOFT.sol: Incorrect emission value due to division by higher decimal value

Lines of code Vulnerability details Impact Incorrect emission value which will be used in per week emission. Proof of Concept TapOFT.sol has the computeEmission function to calculate the emitted value. The output from this function is used in emitForWeek. when we look at the function...

StargateRewardableWrapper._claimAssetRewards should use stakingContract.withdraw(poolId, 0)

Lines of code Vulnerability details Impact StargateRewardableWrapper.claimAssetRewards leverage stakingContract.depositpoolId, 0; to claim rewards from Stargate. But it could fail to claim the reward in the edge case. Proof of Concept StargateRewardableWrapper.claimAssetRewards calls...

Loss of Funds when user wants to repay debt and underflow in _repay () function

Lines of code Vulnerability details Impact There is no check for if userBorrowPartto is greater than or equal to part before subtraction which can lead to loss of funds for user or underflow, incase a user inputs more amount than the user is in debt for. Proof of Concept Provide direct links to a...

Controlled Delegatecall Vulnerability in Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule

Lines of code Vulnerability details Impact The Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule contracts all use the delegatecall function to call a function in another contract. However, the function id of the function to be called is controlled by the caller...

Incorrect Interest Accrual Calculation in 'SGLCommon' Contract

Lines of code Vulnerability details Description The 'SGLCommon' contract contains a critical vulnerability in the interest accrual calculation, particularly in the computation of the 'extraAmount' used for accruing interest. The flaw arises from always dividing by 1e18, disregarding the number of...

Missing access control override in BoringFactory

Lines of code Vulnerability details Impact function addBigBang address mc, address contract external onlyOwner registeredBigBangMasterContractmc isMarketRegisteredcontract = true; clonesOfmc.pushcontract; emit RegisterBigBangcontract, mc; allows only onlyOwner to call this function, while deploy ...

CurveStableMetapoolCollateral.tryPrice returns a huge but valid high price when the price oracle of pairedToken is timeout

Lines of code Vulnerability details The CurveStableMetapoolCollateral is intended for 2-fiattoken stable metapools. The metapoolToken coin0 is pairedToken and the coin1 is lpToken, e.g. 3CRV. And the config.chainlinkFeed should be set for paired token. Impact The CurveStableMetapoolCollateral.pri...

ConvexTriCryptoStrategy might not compound all rewards

Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In ConvexTriCryptoStrategy.executeClai...

StaticATokenLM::_claimRewardsOnBehalf: wrong update of _unclaimedRewards[onBehalfOf] if reward > totBal lead to user lose of pending rewards.

Lines of code Vulnerability details Description If for some reason the current contract reward token balance is lower than the rewards meant to be paid to onBehalf address, then this rewards can never be claimed. function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate...

The USDOOptionsModule contract's exercise function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOOptionsModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for oTap actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

RTokenAsset price oracle can return a huge but valid high price when any underlying collateral's price oracle timeout

Lines of code Vulnerability details The RTokenAsset is an implementation of interface IRTokenOracle to work as a oracle price feed for the little RToken. RTokenAsset implements the latestPrice function to get the oracle price and saved time from the cachedOracleData, which is updated by...

Direct claim of convex rewards causes rewards to get stuck

Lines of code Vulnerability details Impact ConvexTriCryptoStrategy does not take into account that rewards from Convex can be claimed directly on behalf of any address. All rewards that get into the strategy contract this way will get stuck and compounding of yield will be denied. Proof of Concep...

rate is wrong

Lines of code Vulnerability details Impact attacker can manipulate pool price to make strategy have eth lower as it should have 1 seth 1 eth then mint new steth 1 steth = 1 eth so attacker can gain share more than normal Proof of Concept 1. attacker manipulate pool price 1 seth 1 eth 2. attacker...

No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

AirdropBroker.sol#L442 : _participatePhase3 - PHASE_3_AMOUNT_PER_USER should be multiplied by 1e18

Lines of code Vulnerability details Impact Incorrect eligibleAmount is minted to the user. Proof of Concept An eligible user can call the participatePhase3 function and mint the aToken to them. function participatePhase3 bytes calldata data internal returns uint256 oTAPTokenID uint256 tokenID =...

The Asset.lotPrice doubles the oracle timeout in the worst case

Lines of code Vulnerability details When the tryPrice function revert, for example oracle timeout, the Asset.lotPrice will use a decayed historical value: uint48 delta = uint48block.timestamp - lastSave; // s if delta = oracleTimeout + priceTimeout return 0, 0; // no price after full timeout else...

Add access control to inti constructor like function

Lines of code Vulnerability details Impact Not adding access control to init function would allow for frontrunning and injection of malicious code Proof of Concept event MinDebtRateUpdateduint256 oldVal, uint256 newVal; /// @notice event emitted when the maximum debt rate is updated event...

Lack of slippage checks on public withdraw fees function

Lines of code Vulnerability details Impact function withdrawAllMarketFees IMarket calldata markets, ISwapper calldata swappers, IPenrose.SwapData calldata swapData public notPaused require markets.length == swappers.length && swappers.length == swapData.length, "Penrose: length mismatch" ;...

Reentrancy vulnerability in BaseUSDO._executeModule() function

Lines of code Vulnerability details Impact the success variable in the executeModule function in the BaseUSDO contract is written in both line 366 and line 369. This could potentially lead to a reentrancy vulnerability. In line 366, the success variable is set to true. In line 369, the success...

Incorrect implementation of solvent() modifier

Lines of code Vulnerability details Impact In Market.sol, solvent modifier is given as below, modifier solventaddress from updateExchangeRate; accrue; ; requireisSolventfrom, exchangeRate, "Market: insolvent"; Here the modifier has used the accrue directly, however while the functions being used ...

The amount of debt removed during liquidation may be worth more than the account's collateral

Lines of code Vulnerability details Impact The contract decreases user's debts but may not take the full worth in collateral from the user, leading to the contract losing potential funds from the missing collateral. Proof of concept During the liquidate function call, the function...

Incorrect parameter for allowedBorrow when repaying

Lines of code Vulnerability details Impact Incorrect parameter for allowedBorrow check during repayment in BigBang requires an approval that is orders of magnitudes higher than the intended amount if Alice wants to allow Bob to use their funds. This can be abused by Bob to take more collateral or...

Possible rounding during the reward calculation

Lines of code Vulnerability details Impact Some rewards might be locked inside the contract due to the rounding loss. Proof of Concept claimAndSyncRewards claimed the rewards from the staking contract and tracks rewardsPerShare with the current supply. function claimAndSyncRewards internal virtua...

_sendToken in tapiocaz::Balancer::rebalance() not sending native fee will lead to revert

Lines of code Vulnerability details Impact function sendToken address payable oft, uint256 amount, uint16 dstChainId, uint256 slippage, bytes memory data private IERC20Metadata erc20 = IERC20MetadataITapiocaOFToft.erc20; if erc20.balanceOfaddressthis amount revert ExceedsBalance; uint256 srcPoolI...

Reentrancy vulnerability in SGLLendingCommon._removeCollateral

Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw collateral from the SGLLendingCommon contract without actually removing it. This could result in a loss of funds for the lender. Proof of Concept The SGLLendingCommon.removeCollateral function is...

CTokenV3Collateral._underlyingRefPerTok should use the decimals from underlying Comet.

Lines of code Vulnerability details Impact CTokenV3Collateral.underlyingRefPerTok uses erc20Decimals which is the decimals of CusdcV3Wrapper. But it should use the decimals of the underlying Comet. Proof of Concept CTokenV3Collateral.underlyingRefPerTokcomputes the actual quantity of whole...

_sendNative in tapiocaz::Balancer::rebalance() not sending ETH can break service

Lines of code Vulnerability details Impact function sendNative address payable oft, uint256 amount, uint16 dstChainId, uint256 slippage private if addressthis.balance amount revert ExceedsBalance; routerETH.swapETH dstChainId, oft, //refund abi.encodePackedconnectedOFTsoftdstChainId.dstOft, amoun...

CurveVolatileCollateral Collateral status can be manipulated by flashloan attack

Lines of code Vulnerability details Impact Attacker can make the CurveVolatileCollateral enter the status of IFFY/DISABLED . It will cause the basket to rebalance and sell off all the CurveVolatileCollateral. Proof of Concept The CurveVolatileCollateral overrides the anyDepeggedInPool function to...

BigBang liquidations causes YieldBox-tokens to be locked in contract

Lines of code Vulnerability details Impact When a position gets liquidated in BigBang the contract will receive YieldBox-assetId-tokens of which some are sent to the liquidator and penrose-fee-receiver. The rest will get stuck in the contract and cannot be claimed as fees in refreshPenroseFees...

Miusing empty string insteaf of oracleData in updateExchangeRate

Lines of code Vulnerability details Impact contract has this storage: /// @notice oracleData bytes public oracleData; updated, rate = oracle.get""; Instead of oracle.get"", it should use proper oracle data which was set otherwise it can lead to undefined behavior where oracle expects data. Proof ...

borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...

Permanent funds lock in StargateRewardableWrapper

Lines of code Vulnerability details Impact The staked funds might be locked because the deposit/withdraw/transfer logic reverts. Proof of Concept In StargateRewardableWrapper, claimAssetRewards claims the accumulated rewards from the staking contract and it's called during every...

Setting debtStartPoint > 0 breaks many BigBang actions

Lines of code Vulnerability details Impact If BigBang.debtStartPoint is set to a value 0, many core features will break, e.g. deposits of collateral will be possible, but removal not, which would effectively lock collateral inside the contract. Proof of Concept BigBang.getDebtRate uses the variab...

manipulate rate

Lines of code Vulnerability details Impact using spot price as the exchange rate can be manipulated. Proof of Concept 1. attacker manipulates the balancer pool making eth very expensive 2. By calling the updateCache function, the attacker updates the cachedCalculatedAmount based on the manipulate...

LiquidationQueue brings centralization risk in the contract.

Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...

Signature Validation Bypass in 'permit' Function of MarketERC20.sol

Lines of code Vulnerability details Description The 'MarketERC20.sol' contract contains a critical vulnerability in the 'permit' function, where insufficient signature validation allows for bypassing the authentication process. This loophole enables attackers to manipulate the function by providi...

exitPosition in TapiocaOptionBroker may incorrectly inflate position weights

Lines of code Vulnerability details Impact Users who participate and place stakes with large magnitudes may have their weight removed prematurely from pool.cumulative, hence causing the weight logic of participation to be wrong. pool.cumulative will have an incomplete image of the actual pool hen...

The USDOLeverageModule contract's leverageUp function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOLeverageModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for leverage actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

ARBTriCryptoOracle is prone to manipulation

Lines of code Vulnerability details Impact ARBTriCryptoOracle is used to determine price of LP token of tricrypto USDT, WBTC, WETH on arbitrum. This pool is susceptible to re-entrancy due to bug in vyper 0.2.15. and hence getvirtualprice can be manipulated which is used for pricing LP tokens. Pro...

CBEthCollateral and AnkrStakedEthCollateral _underlyingRefPerTok is incorrect

Lines of code Vulnerability details The CBEthCollateral.underlyingRefPerTok function just uses CBEth.exchangeRate to get the ref/tok rate. The CBEth.exchangeRate can only get the conversion rate from cbETH to staked ETH2 on the coinbase. However as the docs...

Re-entrancy in flash minting USDO can bypass max checks

Lines of code Vulnerability details Impact function flashLoan IERC3156FlashBorrower receiver, address token, uint256 amount, bytes calldata data external override notPaused returns bool // @audit re-enter and mint requiretoken == addressthis, "USDO: token not valid"; requiremaxFlashLoantoken =...

In the BaseTOFT, removeCollateral(), any marketHelper can be specified, allowing all the ETH to be stolen from a mTapiocaOFT with ETH as erc

Lines of code Vulnerability details Impact All the ETH in mTapiocaOFT can be stolen, which is relevant when the underlying asset erc is ETH. Proof of Concept mTapiocaOFT allows removing collateral from Singularity through a cross chain call, but the address of the MarketHelper is not validated. T...

ConvexStakingWrapper.sol after shutdown，rewards can be steal

Lines of code Vulnerability details Impact After shutdown, checkpoints are stopped, leading to possible theft of rewards. Proof of Concept ConvexStakingWrapper No more checkpoints after shutdown, i.e. no updates reward.rewardintegralforuser function beforeTokenTransfer address from, address to,...

Upgraded Q -> 2 from #141 [1691046669399]

Judge has assessed an item in Issue 141 as 2 risk. The relevant finding follows: L-11 --- The text was updated successfully, but these errors were encountered: All reactions...

_claimRewardsOnBehalf() User's rewards may be lost

Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept claimRewardsOnBehalf For users to retrieve rewards function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate internal if...

CurveVolatileCollateral._underlyingRefPerTok() Possible manipulation

Lines of code Vulnerability details Impact curvePool.getvirtualprice May be manipulated to cause malicious entry DISABLED Proof of Concept CurveVolatileCollateral.underlyingRefPerTok return curvePool.getvirtualprice function underlyingRefPerTok internal view virtual override returns uint192 @...

StaticATokenLM transfer missing _updateRewards

Lines of code Vulnerability details Impact transfer missing updateRewards,Resulting in the loss of from's reward Proof of Concept StaticATokenLM contains the rewards mechanism, when the balance changes, the global accRewardsPerToken needs to be updated first to calculate the user's rewardsAccrued...

Asset.lotPrice only uses oracleTimeout to determine if the price is stale.

Lines of code Vulnerability details Impact OracleTimeout is the number of seconds until an oracle value becomes invalid. It is set in the constructor of Asset. And Asset.lotPrice uses OracleTimeout to determine if the saved price is stale. However, OracleTimeout may not be the correct source to...

Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer

Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the...