RTokenAsset price oracle can return a huge but valid high price when any underlying collateral's price oracle timeout

Lines of code Vulnerability details The RTokenAsset is an implementation of interface IRTokenOracle to work as a oracle price feed for the little RToken. RTokenAsset implements the latestPrice function to get the oracle price and saved time from the cachedOracleData, which is updated by...

Miusing empty string insteaf of oracleData in updateExchangeRate

Lines of code Vulnerability details Impact contract has this storage: /// @notice oracleData bytes public oracleData; updated, rate = oracle.get""; Instead of oracle.get"", it should use proper oracle data which was set otherwise it can lead to undefined behavior where oracle expects data. Proof ...

TOFT in (m)TapiocaOft contracts can be stolen by calling removeCollateral() with a malicious removeParams.market

Lines of code Vulnerability details Impact The TOFT available in the TapiocaOFT contract can be stolen when calling removeCollateral with a malicious market. Proof of Concept mTapiocaOFT inherit BaseTOFT, which has a function removeCollateral that accepts a market address as an argument. This...

Incorrect parameter for getCallerReward might return 0 reward despite insolvency

Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur...

Missing access control override in BoringFactory

Lines of code Vulnerability details Impact function addBigBang address mc, address contract external onlyOwner registeredBigBangMasterContractmc isMarketRegisteredcontract = true; clonesOfmc.pushcontract; emit RegisterBigBangcontract, mc; allows only onlyOwner to call this function, while deploy ...

borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...

Controlled Delegatecall Vulnerability in Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule

Lines of code Vulnerability details Impact The Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule contracts all use the delegatecall function to call a function in another contract. However, the function id of the function to be called is controlled by the caller...

The USDOMarketModule contract's lend function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOMarketModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for market actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

The USDOLeverageModule contract's leverageUp function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOLeverageModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for leverage actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

In the BaseTOFT, removeCollateral(), any marketHelper can be specified, allowing all the ETH to be stolen from a mTapiocaOFT with ETH as erc

Lines of code Vulnerability details Impact All the ETH in mTapiocaOFT can be stolen, which is relevant when the underlying asset erc is ETH. Proof of Concept mTapiocaOFT allows removing collateral from Singularity through a cross chain call, but the address of the MarketHelper is not validated. T...

Malicious user can drain the Singularity contract of it's liquidity

Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...

LiquidationQueue brings centralization risk in the contract.

Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...

There is no decrease for the share allowance from _addCollateral when share passed zero

Lines of code Vulnerability details Impact When calling addCollateral, and if the share passed as zero, it is calculated based on the passed amount. However, this happens after allowanceBorrow was already called in addCollateral. So, deduction never occur for the share. Eventually, the borrow...

Cross-chain replay attacks are possible

Lines of code Vulnerability details Impact In MarketERC20.sol we have permit function: function permit / bool asset, // 1 = asset, 0 = collateral address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, ...

addCollateral allows anyone to addCollateral on behalf of others

Lines of code Vulnerability details Impact addCollateral allows anyone to addCollateral on behalf of others. In other words, bypassing the borrow allowance check. Proof of Concept allowedBorrow modifier will not revert if passed share == 0. addCollateral method uses allowedBorrow modifier functio...

Balancer swap fee is not set and quote properly when Rebalancing

Lines of code Vulnerability details Impact Rebalance may revert Proof of Concept The rebalance functon tightly integrate with stargate and layezero however, the swap fee is not quoted and calculated the swap erc20.approveaddressrouter, amount; router.swap dstChainId, srcPoolId, dstPoolId, oft,...

Direct claim of convex rewards causes rewards to get stuck

Lines of code Vulnerability details Impact ConvexTriCryptoStrategy does not take into account that rewards from Convex can be claimed directly on behalf of any address. All rewards that get into the strategy contract this way will get stuck and compounding of yield will be denied. Proof of Concep...

AirdropBroker.sol#L442 : _participatePhase3 - PHASE_3_AMOUNT_PER_USER should be multiplied by 1e18

Lines of code Vulnerability details Impact Incorrect eligibleAmount is minted to the user. Proof of Concept An eligible user can call the participatePhase3 function and mint the aToken to them. function participatePhase3 bytes calldata data internal returns uint256 oTAPTokenID uint256 tokenID =...

ConvexTriCryptoStrategy might not compound all rewards

Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In ConvexTriCryptoStrategy.executeClai...

Lack of slippage checks on public withdraw fees function

Lines of code Vulnerability details Impact function withdrawAllMarketFees IMarket calldata markets, ISwapper calldata swappers, IPenrose.SwapData calldata swapData public notPaused require markets.length == swappers.length && swappers.length == swapData.length, "Penrose: length mismatch" ;...

BigBang liquidations causes YieldBox-tokens to be locked in contract

Lines of code Vulnerability details Impact When a position gets liquidated in BigBang the contract will receive YieldBox-assetId-tokens of which some are sent to the liquidator and penrose-fee-receiver. The rest will get stuck in the contract and cannot be claimed as fees in refreshPenroseFees...

_sendNative in tapiocaz::Balancer::rebalance() not sending ETH can break service

Lines of code Vulnerability details Impact function sendNative address payable oft, uint256 amount, uint16 dstChainId, uint256 slippage private if addressthis.balance amount revert ExceedsBalance; routerETH.swapETH dstChainId, oft, //refund abi.encodePackedconnectedOFTsoftdstChainId.dstOft, amoun...

The Asset.lotPrice doubles the oracle timeout in the worst case

Lines of code Vulnerability details When the tryPrice function revert, for example oracle timeout, the Asset.lotPrice will use a decayed historical value: uint48 delta = uint48block.timestamp - lastSave; // s if delta = oracleTimeout + priceTimeout return 0, 0; // no price after full timeout else...

Permanent funds lock in StargateRewardableWrapper

Lines of code Vulnerability details Impact The staked funds might be locked because the deposit/withdraw/transfer logic reverts. Proof of Concept In StargateRewardableWrapper, claimAssetRewards claims the accumulated rewards from the staking contract and it's called during every...

Missing validation checks on sending non blocking LZ payload

Lines of code Vulnerability details Impact In OFTCoreV2 provided as example by LayerZero function sendaddress from, uint16 dstChainId, bytes32 toAddress, uint amount, address payable refundAddress, address zroPaymentAddress, bytes memory adapterParams internal virtual returns uint amount...

CurveStableMetapoolCollateral.tryPrice returns a huge but valid high price when the price oracle of pairedToken is timeout

Lines of code Vulnerability details The CurveStableMetapoolCollateral is intended for 2-fiattoken stable metapools. The metapoolToken coin0 is pairedToken and the coin1 is lpToken, e.g. 3CRV. And the config.chainlinkFeed should be set for paired token. Impact The CurveStableMetapoolCollateral.pri...

StaticATokenLM::_claimRewardsOnBehalf: wrong update of _unclaimedRewards[onBehalfOf] if reward > totBal lead to user lose of pending rewards.

Lines of code Vulnerability details Description If for some reason the current contract reward token balance is lower than the rewards meant to be paid to onBehalf address, then this rewards can never be claimed. function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate...

The amount of debt removed during liquidation may be worth more than the account's collateral

Lines of code Vulnerability details Impact The contract decreases user's debts but may not take the full worth in collateral from the user, leading to the contract losing potential funds from the missing collateral. Proof of concept During the liquidate function call, the function...

User can't redeem from RToken based on CurveStableRTokenMetapoolCollateral when any underlying collateral of paired RToken's price oracle is offline(timeout)

Lines of code Vulnerability details The CurveStableMetapoolCollateral is intended for 2-fiattoken stable metapools that involve RTokens, such as eUSD-fraxBP. The metapoolToken coin0 is pairedToken, which is also a RToken, and the coin1 is lpToken, e.g. 3CRV. And the...

Calc token amount can be manipulated

Lines of code Vulnerability details Impact function calcDepositInOneCoin uint2563 memory arr private view returns uint256 return liquidityPool.calctokenamountarr, true; This function is being used to calculate slippage, return value calctokenamount can be manipulated as described in POC section,...

Reentrancy vulnerability in USDO.flashLoan() function

Lines of code Vulnerability details Impact The reentrancy vulnerability in the USDO contract could allow an attacker to withdraw funds from the contract even if the original contract has not yet approved the withdrawal. This could result in a loss of funds for the USDO contract and its users. Pro...

Re-entrancy in flash minting USDO can bypass max checks

Lines of code Vulnerability details Impact function flashLoan IERC3156FlashBorrower receiver, address token, uint256 amount, bytes calldata data external override notPaused returns bool // @audit re-enter and mint requiretoken == addressthis, "USDO: token not valid"; requiremaxFlashLoantoken =...

Reentrancy vulnerability in Singularity.execute

Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the Singularity contract. This could result in a loss of funds for the user. Proof of Concept The Singularity.execute function has external calls inside a loop. This could potentially lead...

Signature Validation Bypass in 'permit' Function of MarketERC20.sol

Lines of code Vulnerability details Description The 'MarketERC20.sol' contract contains a critical vulnerability in the 'permit' function, where insufficient signature validation allows for bypassing the authentication process. This loophole enables attackers to manipulate the function by providi...

Reentrancy vulnerability in BaseUSDO._executeModule() function

Lines of code Vulnerability details Impact the success variable in the executeModule function in the BaseUSDO contract is written in both line 366 and line 369. This could potentially lead to a reentrancy vulnerability. In line 366, the success variable is set to true. In line 369, the success...

Incorrect Interest Accrual Calculation in 'SGLCommon' Contract

Lines of code Vulnerability details Description The 'SGLCommon' contract contains a critical vulnerability in the interest accrual calculation, particularly in the computation of the 'extraAmount' used for accruing interest. The flaw arises from always dividing by 1e18, disregarding the number of...

manipulate rate

Lines of code Vulnerability details Impact using spot price as the exchange rate can be manipulated. Proof of Concept 1. attacker manipulates the balancer pool making eth very expensive 2. By calling the updateCache function, the attacker updates the cachedCalculatedAmount based on the manipulate...

StargateRewardableWrapper._claimAssetRewards should use stakingContract.withdraw(poolId, 0)

Lines of code Vulnerability details Impact StargateRewardableWrapper.claimAssetRewards leverage stakingContract.depositpoolId, 0; to claim rewards from Stargate. But it could fail to claim the reward in the edge case. Proof of Concept StargateRewardableWrapper.claimAssetRewards calls...

Insufficient Authorization Checks in 'SGLLeverage' Contract Functions

Lines of code Vulnerability details Description The 'SGLLeverage' contract contains critical vulnerabilities in multiple functions, including 'multiHopBuyCollateral,' 'multiHopSellCollateral,' 'sellCollateral,' and 'buyCollateral.' These functions lack proper authorization checks, allowing any us...

rate is wrong

Lines of code Vulnerability details Impact attacker can manipulate pool price to make strategy have eth lower as it should have 1 seth 1 eth then mint new steth 1 steth = 1 eth so attacker can gain share more than normal Proof of Concept 1. attacker manipulate pool price 1 seth 1 eth 2. attacker...

Incorrect parameter for allowedBorrow when repaying

Lines of code Vulnerability details Impact Incorrect parameter for allowedBorrow check during repayment in BigBang requires an approval that is orders of magnitudes higher than the intended amount if Alice wants to allow Bob to use their funds. This can be abused by Bob to take more collateral or...

No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

Broker Address can be Claim by a MEV Bot

Lines of code Vulnerability details Impact If the broker address is a malicious user, he can mint as many OTAP as he wants. Proof of Concept Protocol deploy the OTAP contract A Bot wait until the contract is deployed Then call the "brokerClaim" straight away with his own address. He can then call...

CurveVolatileCollateral._underlyingRefPerTok() Possible manipulation

Lines of code Vulnerability details Impact curvePool.getvirtualprice May be manipulated to cause malicious entry DISABLED Proof of Concept CurveVolatileCollateral.underlyingRefPerTok return curvePool.getvirtualprice function underlyingRefPerTok internal view virtual override returns uint192 @...

_claimRewardsOnBehalf() User's rewards may be lost

Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept claimRewardsOnBehalf For users to retrieve rewards function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate internal if...

Asset.lotPrice only uses oracleTimeout to determine if the price is stale.

Lines of code Vulnerability details Impact OracleTimeout is the number of seconds until an oracle value becomes invalid. It is set in the constructor of Asset. And Asset.lotPrice uses OracleTimeout to determine if the saved price is stale. However, OracleTimeout may not be the correct source to...

Upgraded Q -> 2 from #141 [1691046669399]

Judge has assessed an item in Issue 141 as 2 risk. The relevant finding follows: L-11 --- The text was updated successfully, but these errors were encountered: All reactions...

ConvexStakingWrapper.sol after shutdown，rewards can be steal

Lines of code Vulnerability details Impact After shutdown, checkpoints are stopped, leading to possible theft of rewards. Proof of Concept ConvexStakingWrapper No more checkpoints after shutdown, i.e. no updates reward.rewardintegralforuser function beforeTokenTransfer address from, address to,...

StaticATokenLM transfer missing _updateRewards

Lines of code Vulnerability details Impact transfer missing updateRewards,Resulting in the loss of from's reward Proof of Concept StaticATokenLM contains the rewards mechanism, when the balance changes, the global accRewardsPerToken needs to be updated first to calculate the user's rewardsAccrued...

Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer

Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the...