Insecure minimum threshold in _rotateSigners function

Lines of code Vulnerability details Impact Insecure minimum threshold in rotateSigners function can cause execution of malicious multisig proposals with unexpected results. Proof of Concept The rotateSigners is the only function which can initialize multisig parameters. This function has zero che...

Unauthorized Contract Upgrade Vulnerability in Upgradable Contract

Lines of code Vulnerability details In the "upgrade" function, the contract allows the owner to upgrade the contract to a new implementation using the provided address and code hash. However, there is a flaw in the implementation that can allow an attacker to bypass the contract upgrade checks an...

MID-Risk Vulnerabilities in the Axelar Smart Contracts

Lines of code Vulnerability details Impact The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to: Gain control of the Axelar network by proposing and voting on malicious proposals. Mint or burn...

onlyProxy MODIFIER CAN BE BYPASSED BY A MALICIOUS PROXY CONTRACT AND CAN PUSH THE IMPLEMENTATION CONTRACT INTO AN UNDESIRABLE STATE

Lines of code Vulnerability details Impact The Upgradeable.onlyProxy modifier is used to ensure that a function can only be called by the proxy and can not be directly called in the Upgradeable.sol contract. The onlyProxy modifier implementation is as follows: modifier onlyProxy // Prevent setup...

A Remote InterchainTokenService will not be able to call _execute() because incorrect validation of hashes due to wrong conversion of address to lowercase

Lines of code Vulnerability details Proof of Concept The ASCII table contains letters, numbers, control characters, and other symbols. Each character is assigned a unique 7-bit code. ASCII is an acronym for American Standard Code for Information Interchange. The ASCII code for uppercase 'A' is 65...

LACK OF VALIDATION CHECK COULD LEAD TO WRONG TOKEN TRANSFERS THUS BREAKING THE PROTOCOL

Lines of code Vulnerability details Impact The InterchainTokenService.processSendTokenWithDataPayload function is used to process the received token amount with data at the destination InterchainTokenService contract. The received token amount is transferred to either the expressCaller or the...

M-04 Unmitigated

Lines of code Vulnerability details While the fix improves the APR estimation for the case that is described in the finding, it significantly worsens it for other scenarios which may happen in practice when we assume underlying staking protocols with relatively constant APRs. For instance, consid...

Upgraded Q -> 2 from #422 [1689707351452]

Judge has assessed an item in Issue 422 as 2 risk. The relevant finding follows: 01 In the function PrizePool.setDrawManager, anyone can frontrun it and become the drawManager Reading the documentation of the Prize Pool contract, the following is specified: The Prize Pool allows a 'draw manager'...

Upgraded Q -> 2 from #392 [1689707598962]

Judge has assessed an item in Issue 392 as 2 risk. The relevant finding follows: 4 - The liquidator can be frontrunned while is depositing prizeTokens to the prizePool The liquidator should introduce prizeTokens to the prizePool before he calls the Vault.liquidate function. The problem is that a...

Attacker can brick redemptions by donating a small amount

Lines of code Vulnerability details Impact While the fix properly fixes the issue of collateralization ratio overflows that can no longer occurs, it enables DoS attacks on the redemption mechanism: Issue description Consider the example that was already provided code-423n4/2023-06-angle-findings9...

Guardian can brick SavingsVest contract accidentally

Lines of code Vulnerability details Impact The fix to M-06 introduces a new vulnerability, as it turns a missing validation that previously was recoverable i.e., only a minor thing into an irrecoverable error, resulting in a permanent loss of funds. Proof of Concept Consider the scenario where th...

M-07 Unmitigated

Lines of code Vulnerability details The fix addresses the scenarios when collaterals are removed between the crafting of the minAmountsOut list and the submission of the transaction. Then, we will have amounts.length minAmountOuts.length, meaning that the following line causes a revert: if...

Upgraded Q -> 2 from #93 [1689707967381]

Judge has assessed an item in Issue 93 as 2 risk. The relevant finding follows: L-01 - no check on the deployedVaults mapping in the VaultFactory can lead to duplicate vaults being created Mitigation - add an if check to not recreate the same vault: ifdeployedVaultsvault revert.... --- The text w...

mintYieldFee function does not check for the maxMint amount.

Lines of code Vulnerability details Impact Theoretically, it is possible to mint more than the maxMint amount using the mintYieldFee function in the Vault contract. Proof of Concept The functions in Vault contract like mint, mintWithPermit call the beforeMint function which checks whether shares...

isTimeSafe and isTimeRangeSafe not implemented in the functions getBalanceAt and getTwabBetween

Lines of code Vulnerability details Impact The Natspec of both getBalanceAt and getTwabBetween functions indicates that they should implement the functions isTimeSafe and isTimeRangeSafe respectively to ensure that the queried timestamps are safe, but both functions don't implement them which can...

Deposit transaction is prone to being front-run by bad actors.

Lines of code Vulnerability details Impact It is possible for an attacker to front-run a user's deposit transaction while transferring fewer amount of assets than the user and minting an equivalent amount of shares as the user could have. Proof of Concept The scenario described below is for the...

abi.encodePacked() collision due to dynamic types usage that could lead to

Lines of code Vulnerability details Impact The use of abi.encodePacked could lead to collision due to the dynamic types usage. Through abi.encodePacked, Solidity supports a non-standard packed mode where: Types shorter than 32 bytes are neither zero padded nor sign extended and Dynamic types are...

The output amount validation in Vault.liquidate() is not correct.

Lines of code Vulnerability details Impact The output amount validation is not correct in Vault.liquidate, so the method might accept invalid output amount and refuse valid output amount. Proof of Concept In Vault.liquidate, there is a validation about the output share amount should be less than ...

Incorrect amount of tokens is transferred before updating the accumulator and emitting the ContributePrizeTokens event

Lines of code Vulnerability details Impact An attacker can call the contributePrizeTokens function with a lower amount of tokens than claimed, misleading the contract to update the accumulator and emit the event based on the incorrect amount. As a result, the prize pool's internal state will be...

_totalWithdrawn VALUE DOES NOT INCLUDE THE _fee AMOUNT THUS INTRODUCING ACCOUNTING ERROR

Lines of code Vulnerability details Impact In the PrizePool.ClaimPrize function is used to claim the rewards of the verified winner. Here when sending the Prize amount to the winner a fee amount is deducted from it as shown below: uint256 amount = tierLiquidity.prizeSize - fee; And this amount is...

No access control for mintYieldFee()

Lines of code Vulnerability details Impact Anyone can mint the yield fee using mintYieldFee. Proof of Concept mintYieldFee mints the shares for yield fee. function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares yieldFeeTotalSupply revert...

LSP8 and LSP9's ERC-165 interface ID differs from their specification

Lines of code Vulnerability details Bug Description According to LSP7's specification, the ERC-165 interface ID for LSP7 token contracts should be 0x5fcaac27: ERC165 interface id: 0x5fcaac27 However, INTERFACEIDLSP7 has a different value in the code: LSP7Constants.solL4-L5 // --- ERC165 interface...

Anyone can mint to themselves type(uint96).max if _isVaultCollateralized() returns true

Lines of code Vulnerability details Impact There is no check that ensures the caller to mint is a trusted one. Moreover, there is a flaw which lets anyone to mint typeuint96.max number of shares Proof of Concept First, the mint function does not implement any check for the caller to be someone wi...

All Ether sent to LSP0ERC725Account will be permanently locked

Lines of code Vulnerability details Impact All Ether sent to LSP0ERC725Account will be permanently locked because it inherits the receive function from the LSP0ERC725AccountCore contract but does not have a withdraw function. Proof of Concept All Ether sent to LSP0ERC725Account will be permanentl...

Attacker can steal vault funds through the deposit function.

Lines of code Vulnerability details Impact In the deposit function, a check is made to see if the amount of assets being deposited by the user is greater than the amount of assets the vault currently holds. The vault then transfers the difference between the assets being deposited and the vault’s...

Potential Ownership Issues Due to External Calls in LSP0ERC725AccountCore's execute and executeBatch Functions

Lines of code Vulnerability details Impact In the LSP0ERC725AccountCore contract, the execute and executeBatch functions use the LSP20CallVerification standard. In some cases, you may need to use verifyCallAfter. However, because an external call is made between verifyCall and verifyCallAfter, th...

Unintended or Malicious Use of Prize Winners' Hooks

Lines of code Vulnerability details Impact The setHooks function in Vault.sol allows users to set arbitrary hooks, potentially enabling them to make external calls with unintended consequences. This vulnerability could lead to various unexpected behaviors, such as unauthorized side transactions...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token after its deployment. This ability is due to the inheritance of the setData function from ERC725YCore.sol implemented in...

CONFIGURING ALLOWANCE TO ZERO FOR THE _previousLiquidationPair CAN BE FRONT RUN

Lines of code Vulnerability details Impact The Vault.setLiquidationPair is used to change the liquidationPair address to a new address. In the process it sets the allowance of the previousLiquidationPair to zero as shown below: if previousLiquidationPair != address0...

Attacker can force users to delegate to SPONSORSHIP_ADDRESS

Lines of code Vulnerability details Impact An attacker can change the delegatee of a user who deposited into the vault to the SPONSORSHIPADDRESS address by calling one of the functions sponsor or sponsorWithPermit and giving the address of the user as receiver. The impact of this issue is that th...

TwabLib::getTwabBetween can return innacurate balances if _startTime and _endTime aren't safely bounded

Lines of code Vulnerability details M-01 TwabLib::getTwabBetween can return innacurate balances if startTime and endTime aren't safely bounded Vulnerability details Here's the documentation of the get TwabLib::getTwabBetween function : File: twab-controller\src\libraries\TwabLib.sol 278: / 279:...

Sponsor function allows voiding some elses chance to win

Lines of code Vulnerability details Impact Anyone can delegate someone elses balance to the sponsorship address, increasing their own likelihood of winning, while voiding the victims chance. Proof of Concept The issue is in the call-chain starting with Vault.sponsor: //Vault function sponsoruint2...

The _currentExchangeRate of the Vault contract can't increase, and always be lower than or equal to _assetUnit

Lines of code Vulnerability details Impact The currentExchangeRate of the Vault contract can not increase, and always be lower than or equal to assetUnit. Therefore, when the vault is undercollateralized currentExchangeRate assetUnit, it can't be further collateralized. Proof of concept function...

_amountOut is representing assets and shares at the same time in the liquidate function

Lines of code Vulnerability details Impact In the liquidate function from the Vault contract, the input argument amountOut is used as if it was representing a value of asset amount and share amount at the same time which is impossible a there a conversion rate between them, this error will make...

Yield fee can be stolen

Lines of code Vulnerability details Impact The yieldFeeRecipient can claim some of the fees earned in the vault by calling mintYieldFee. The function has no access control so anyone can call the function and claim the yield fee for themselves. Proof of Concept In the below test an attacker Alice...

Vault.sponsor may take away the prize chance from the receiver.

Lines of code Vulnerability details Impact TwabController.delegateBalance is related to the probability to get the prize, and Vault.sponsor can make the others' delegateBalance to 0. A malicious user can send a small amount of assets to every depositor and be the only prize taker. Proof of Concep...

FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT

Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...

Missing access control in mintYieldFee allowing everybody to mint the available YieldFee to himself

Lines of code Vulnerability details Impact Everybody can call the mintYieldFee function in the Vault, when there is yieldFeeTotalSupply available and mint shares to himself for free, which latter results in stealing funds form the Vault. if this is a desired behavior, which it shouldn't based on...

The liquidate function lets the caller mint amountOut tokens without providing any

Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...

Malicious Yield Vault could deny Pool Together withdrawing assets

Lines of code Vulnerability details Impact Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an attacker could set up a malicious ERC-4626 contract and set that as the yield source for a newly created Vault. The attacker could then have the maliciou...

Permit does not revert for tokens that do not implement it.

Lines of code Vulnerability details Impact Callers should not rely on permit to revert for arbitrary tokens especially if permit is used as a security check. Tokens which do not revert on permit either do not implement it or have a non-reverting fallback function. Most notable among them is WETH...

_winningRandomNumber vartiable used in calculating if caller is winner can be read via web3.getStorageAt() and user can predict if he wins or not before hand

Lines of code Vulnerability details Impact the variable winningRandomNumber used in isWinner to calc if caller has won the tier can be read, and the calculation can be predicted. Proof of Concept that a variable is marked internal doesnt mean it cannot be read Tools Used vs code Recommended...

Vault funds can be stolen by a malicious Yield Vault.

Lines of code Vulnerability details Impact When a vault is initialized, it sets Max Token Approval for the Yield Vault which allows the Yield Vault to ALWAYS have access to the funds in the vault. Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an...

Possible centralization issue in PrizePool.closeDraw

Lines of code Vulnerability details The winning random number is chosen by DrawManager, which will lead to centralization risk. Despite haventt really deep dive in codebase of this issue, but if DrawManager ,can somehow calculate which random number can make their controlled address is winner wit...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

balanceOf method can be manipulate to liquidated vault

Lines of code Vulnerability details Impact Deriving price from balanceOf can be manipulated to liquidate vault see example Attacker can provide ERC20 token to the vaultAsset and mint vault shares. The deposited tokens will then be withdrawn with having same shares in the vault. The shares then wi...

_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities

Lines of code Vulnerability details Impact The use of strict equalities can be easily manipulated by an attacker. Miners may attempt to manipulate the timestamp. Proof of Concept File: TwabLib.sol Code Link: Code: if newestObservation.timestamp == currentTime File: TwabLib.sol Code Link: Code: if...

Malicious yield vault owners can manipulate the interaction between the vault and yield vault

Lines of code Vulnerability details Impact Malicious yield vault owners can steal depositor's assets. Proof of Concept yieldVault is the Address of the ERC4626 vault in which assets are deposited to generate yield. After tokens are deposited into the vault, the deposit function of yieldVault is...

Potential Reversion in Transfer due to LSP1 Interface Support Check

Lines of code Vulnerability details Impact The transfer function in LSP7DigitalAssetCore & LSP8DigitalAssetCore includes a mandatory hook, notifyTokenSender, which verifies if the sender supports INTERFACEIDLSP1. However, if a token owner who initially implemented LSP1 interface ceases to support...

Potential Reversion in Transfer due to LSP1 Interface Support Check

Lines of code Vulnerability details SORRY I HAVFE PREVIOUSLY SUBMITTED THIS ISSUE WITHOUT THE FIX... FIRST TIME WARDEN FORGIVE ME Impact The transfer function in LSP7DigitalAssetCore & LSP8DigitalAssetCore includes a mandatory hook, notifyTokenSender, which verifies if the sender supports...