user with ADDEXTENSIONS and CHANGEEXTENSIONS will remove extension unintentional

Lines of code Vulnerability details Summary Adding extension use 4 bytes function selector to add new extension, and if user with ADDEXTENSIONS permission also has CHANGEEXTENSIONS permission and wants to add new extension and there is an extension with that function selector, extension will be...

A Storage Write Removal Bug in contracts

Lines of code Vulnerability details Summary In fallbackLSP17Extendable, Calling functions that conditionally terminate the external EVM call using the assembly statements return... may result in incorrect removals of prior storage writes. Impact In LSP17Extendable.sol, fallbackLSP17Extendable is...

In LSP6SetDataModule.sol, Infinite loop in _verifyAllowedERC725YDataKeys()

Lines of code Vulnerability details Impact In verifyAllowedERC725YDataKeys there is a great possibility of an Infinite loop. This is because ++ii is an increment inside if condition. This can lead to excessive gas consumption, causing the Ethereum transaction to fail due to the gas limit Proof of...

possible revert due to improper subtraction in _extendableMsgData() of LSP17Extension.sol

Lines of code Vulnerability details Impact in extendableMsgData of LSP17Extension.sol there is an arithmetic calculation msg.data:msg.data.length - 52; msg.data.length may be smaller than 52 in some instances. this can cause reverts in solidity Proof of Concept function extendableMsgData internal...

Allowing delegate call with msg.value in executeBatch() is dangerous

Lines of code Vulnerability details Bug Description ERC725XCore's execute function allows four types of operations: 1. CALL for normal calls 2. DELEGATECALL 3. CREATE/CREATE2 for contract deployment 4. STATICCALL The executeBatch function simply calls execute in a loop to perform multiple calls i...

Avoid using the same ERC-165 interface ID for URDs and their callers

Lines of code Vulnerability details Bug Description Contracts that implement the LSP-1 standard include INTERFACEIDLSP1 in their supportsInterface function. This means that they have a universalReceiver function that calls a Universal Receiver Delegate URD, such as LSP1UniversalReceiverDelegateUP...

The owner of a LSP0ERC725Account can become the owner again after renouncing ownership

Lines of code Vulnerability details Bug Description The renounceOwnership function allows the owner of a LSP0ERC725Account to renounce ownership through a two-step process. When renounceOwnership is first called, renounceOwnershipStartedAt is set to block.number to indicate that the process has...

LSP8Burnable extension incorrectly inherits LSP8IdentifiableDigitalAssetCore

Lines of code Vulnerability details Bug Description The LSP8Burnable contract inherits from LSP8IdentifiableDigitalAssetCore: LSP8Burnable.solL15 abstract contract LSP8Burnable is LSP8IdentifiableDigitalAssetCore However, LSP8 extensions are supposed to inherit LSP8IdentifiableDigitalAsset instea...

tx.origin may be removed in future and its usage is not recommended

Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid for the authentication purpose. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 I...

Missing Input Validation

Lines of code Vulnerability details Impact The below situations do not have checks on their inputs: When bytes12inputDataKey == LSP6KEYADDRESSPERMISSIONSPERMISSIONSPREFIX: // AddressPermissions:Permissions: if bytes12inputDataKey == LSP6KEYADDRESSPERMISSIONSPERMISSIONSPREFIX // controller already...

initialize function can be front run

Lines of code Vulnerability details Impact Initialize function have the potential of front running by a malicious actor. An attacker can front-run the deployer and takeover the contract by setting itself as the owner in the Contract. Taking ownership will result in carrying out malicious acts tha...

Incorrect Interface ID for LSP14

Lines of code Vulnerability details Impact Contracts that use typeILSP14Ownable2Step.interfaceId, such as when implementing IERC165.supportsInterface, will use a value different from the current standard. Proof of Concept The interface ID of LSP14 is stated to be 0x94be5999. However, the interfac...

Inconsistencies When Using Inherited Functions

Lines of code https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP0ERC...

Malicious claimer could arbitrage the prize-claiming functionality

Lines of code Vulnerability details Impact The feePerClaim is a user controlled parameter which tops at tierLiquidity.prizeSize for a given tier see here for that. That means the CLAIMER can set arbitrary fees for a given call to claimPrize to increase maliciously the collected fees with //...

Pending owner can be the wrong recipient of ownership

Lines of code Vulnerability details Impact An attacker can call the acceptOwnership function with their address as the pending owner before the legitimate pending owner has a chance to call the function Proof of Concept The transferOwnership function allows the current owner to set a pending owne...

Incorrect Interface ID for LSP0

Lines of code Vulnerability details Impact The interface ID stated for LSP0 in LSP0Constants.sol and LIP-0 is 0x3e89ad98, which will affect related logics. Proof of Concept According to LIP-0, this ID is derived from the XOR of the following: selector of batchCalls IDs of the following standards:...

Claim failure can result to loss of funds

Lines of code Vulnerability details Impact Caller will lose funds through gas fees when claim fails Proof of Concept The claimPrize function allows any caller to claim a prize by providing the necessary parameters: winner address of the winner, tier prize tier, prizeIndex prize index,...

Depositors might lose funds due to the lack of zero share check

Lines of code Vulnerability details Impact Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial...

_deployCreate()/_deployCreate2() will not work on ZKSync Era

Lines of code Vulnerability details Bug Description In the contest's Scoping Details, the sponsor states that Universal Profiles might eventually be deployed across multiple chains: Is it multi-chain? LUKSO itself is not a multi-chain. The lsp-smart-contracts are initially intended to be used on...

LSP8CompatibleERC721's approve() deviates from ERC-721 specification

Lines of code Vulnerability details Bug Description The LSP8CompatibleERC721 contract is a wrapper around LSP8 that is meant to function similarly to ERC-721 tokens. One of its implemented functions is ERC-721's approve: LSP8CompatibleERC721.solL155-L158 function approveaddress operator, uint256...

Missing External Transfer Function In Vault

Lines of code Vulnerability details Impact Balances of TwabController for a vault can not be transferred. Proof of Concept The Vault implements an internal transfer function meant to be used to transfer balances within the TwabController: function transferaddress from, address to, uint256 shares...

Using supportsERC165InterfaceUnchecked() might break LSP functionality for certain contracts

Lines of code Vulnerability details Bug Description Throughout the codebase, the protocol uses the supportsERC165InterfaceUnchecked function from Openzeppelin's ERC165Checker.sol to check for the support of ERC-165 interface IDs. However, supportsERC165InterfaceUnchecked only checks if the call t...

An identical vault can be deployed with existing values, the logic controlling this is missing

Lines of code Vulnerability details VaultFactory. The deployVault function deploys a new vault with 10 arguments, but does not check if there is a vault already deployed with the same arguments This seems to have been preferred as a design, but malicious people with copy safes can direct users to...

Failed transfer with low level call could be overlooked

Lines of code Vulnerability details Impact Transfers may fail silently. Proof of Concept According to the Solidity docs: "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM...

withdrawReserve will revert when withdrawing tokens with on chain tx fees

Lines of code Vulnerability details Impact Function will revert when reserve is equal to amount, when the token being transferred is a fee on transfer token. Proof of Concept function withdrawReserve address to, uint104 amount external onlyDrawManager function withdrawReserve address to, uint104...

Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100

Lines of code Vulnerability details Impact If the shares are not properly validated and do not add up to 100, there will be an imbalance in the distribution of funds resulting in loss of funds or locked funds that cannot be accessed or distributed correctly. Proof of Concept The constructor of th...

Malicious user can steal other user's deposits from Vault.sol

Lines of code Vulnerability details Impact When the Vault.withdraw function is called, a maximum of typeuint96.max shares are being burnt subsequently: Vault.withdraw- Vault.withdraw- Vault.burn burns uint96shares, see Vault.sol line 1139. A malicious user can exploit this in the following way: 1...

Users might lose their balances when they set delegates

Lines of code Vulnerability details Impact Undelegated users will lose their balances if they set delegate to themselves. Proof of Concept A User can set a delegate and the delegated balance of the user will be accounted on the delegate's delegated balance in the TWAB controller. The internal...

The exchange rate is decreasing in Vault

Lines of code Vulnerability details Impact The exchange rate of the vaults will be decreasing and this will block core functionalities. Proof of Concept The exchange rate of the Vault is calculated as follows: minwithdrawableAssets, totalSupplyToAssets assetUnit / totalSupplyAmount =...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details I HAVE ALREADY SUBMITTED THIS ISSUE HOWEVER I MESSED UP THE LINKS FOR IT. CAN YOU PLEASE DISREGARD THE PREVIOUS SUBMISSION? Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token...

Vault.mintYieldFee FUNCTION CAN BE CALLED BY ANYONE TO MINT Vault Shares TO ANY RECIPIENT ADDRESS

Lines of code Vulnerability details Impact The Vault.mintYieldFee external function is used to mint Vault shares to the yield fee recipient. The function is an external function and can be called by anyone since there is no access control. The function will revert only under following two...

Balance invariant between individual and total twabs can be broken

Lines of code Vulnerability details Impact An edge case in the TwabController.transferBalance can cause total balance for a vault account to decrease although it did not actually decrease. This will cause the sum of individual delegateBalances for a vault to be greater than the registered total f...

No access control on mintYieldFee

Lines of code Vulnerability details Impact Lack of access-control allows anyone to mint the yield fee to himself. Proof of Concept Vault.mintYieldFee does not restrict the recipient yield fees: function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares...

Unsecure and predictable random number generation in closeDraw.winningRandomNumber_()

Lines of code Vulnerability details Impact Unsecure and predictable random number generation in closeDraw.winningRandomNumber can lead to external influence by malicious attackers. Leading to undermining of the fairness and security and unpredictability of the draw function. Both the timestamp an...

No validation check for whether the msg.value is not less than the value parameter in the execute function

Lines of code Vulnerability details Impact Users can send msg.value lesser than the supplied value parameter leading to incorrect accounting. Proof of Concept There is no check for whether msg.value = value in the execute function of the LSP0ERC725AccountCore contract. LSP0ERC725Account is in sco...

deposit function does not check for the maxMint amount.

Lines of code Vulnerability details Impact It is theoretically possible for the deposit amount to mint shares more than the maxMint amount Proof of Concept The deposit function has a check for maxDeposit and reverts if the deposit value is more than maxuint96. But, it does not check the shares to...

Allowed calls in LSP6KeyManager doesn't allow calls with empty calldata

Lines of code Vulnerability details Bug Description Whenever a controller attempts to call a LSP0 account's execute function without the relevant SUPER permissions, LSP6ExecuteModule will check that the call is one of the whitelisted allowed calls. If the controller is trying to perform a call wi...

Two-step ownership transfer process in LSP0ERC725AccountCore can be bypassed

Lines of code Vulnerability details Bug Description To transfer ownership of the LSP0ERC725AccountCore contract, the owner has to call transferOwnership to nominate a pending owner. Afterwards, the pending owner must call acceptOwnership to become the new owner. When called by the owner,...

Users with DEPLOY permission can grief each other through CREATE2

Lines of code Vulnerability details Bug Description In ERC725XCore.sol, the deployCreate2 function uses Openzeppelin's Create2.deploy to deploy new contracts: ERC725XCore.solL253-L267 function deployCreate2 uint256 value, bytes memory creationCode internal virtual returns bytes memory newContract...

IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT

Lines of code Vulnerability details Impact The Vault.deposit function is used by the users to deposit assets to the vault and mint vault shares to the recipient address. The amount of assets are transferred to the Vault as follows: SafeERC20.safeTransferFrom asset, caller, addressthis,...

executeTransaction function allows executing a queued transaction.

Lines of code Vulnerability details Impact The executeTransaction function allows executing a queued transaction. It requires the caller to be the admin, verifies the transaction's queue status and time lock, and executes the transaction. The use of target.call this can be exploit it by an attack...

msg-value-loop

Lines of code Vulnerability details Impact The use of msg.value in a loop in different places in the contract can introduce potential risks. The contract accepts Ether as part of its execution and relay calls. If the contract's logic does not handle or validate the msg.value appropriately, it can...

Unauthorized Access to Tokens in returnTokensToOwner function.

Lines of code Vulnerability details Impact returnTokensToOwner Function: Attack Surface: This function allows the DAO contract to unescrow tokens and return them to the original owner. The returnTokensToOwner function allows the DAO contract to unescrow tokens by transferring them from the...

tx.origin may be removed in future and its usage is not recommended

Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid using it. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 In NounsDAOLogicV2.sol,...

Escrow Premature Closure and Fork ID Manipulation in closeEscrow function.

Lines of code Vulnerability details Impact closeEscrow Function: Attack Surface: This function allows the DAO contract to close the escrow and increment the fork ID. Attack Vectors: Unauthorized Access: If an attacker gains control over the DAO contract, they can call this function and close the...

Vetoed proposals still can be execute or queued

Lines of code Vulnerability details Impact Function veto does not change the state of the proposal. This means, that when a proposal is in a ProposalState.Queued state and then vetoed - it, still can be executed. The same occurs for proposals in ProposalState.Succeeded state - even after being...

Division before Multiplication could incur unnecessary precision loss

Lines of code Vulnerability details Impact Division before multiplication could incur unnecessary precision loss causing loss of funds. Proof of Concept In the dynamicQuorumVotes function of NounsDAOV3DynamicQuorum.sol contract the value of againstVotesBPS is first calculated by dividing a value ...

Proposal can executed even when it is in the "Queued" state.

Lines of code Vulnerability details Impact An attacker can bypass the intended governance process and directly execute proposals that are still in the voting or canceled state. This can result in unauthorized actions being performed on the smart contract, leading to loss of funds Proof of Concept...

ETH might stuck in NounsDAOProxy.sol

Lines of code Vulnerability details Impact NounsDAOProxy.fallback and NounsDAOProxy.receive expect to receive ETH, but the contract and its implementation don't contain a function to withdraw the received ETH as NounsDAOLogicV3.withdraw and NounsDAOLogicV2.withdraw Proof of Concept In...

dynamicQuorumVotes calculation has accuracy error resulting in the less required quorum

Lines of code Vulnerability details Impact dynamicQuorumVotes is divided by totalSupply, multiplied by quorumCoefficient, divided by 1e6 and then multiplied by totalSupply. There are precision errors in division before multiply. For quorumAdjustmentBPS, the division precision error is 1 and...