setPosMode should not allow changing the mode when the new mode's canRepay status is disabled

Lines of code Vulnerability details Impact In the scenario where the mode's canRepay status is set to false, positions using that mode cannot be repaid and liquidated. However, users are allowed to change their position's mode to one where the canRepay status is currently set to false. This could...

Slippage protection missing

Lines of code Vulnerability details The MaxHeap contract does not check for slippage when updating item values. This could enable the admin to manipulate asset prices. Recommendation: Implement slippage protection by adding min/max checks in updateValue: function updateValueuint256 itemId, uint25...

LendingPool interest should not accrue when pool's repay is paused

Lines of code Vulnerability details Impact When the canRepay status of pools inside InitCore is paused, users are not allowed to repay their positions when borrowing from the paused pool. However, interests continue to accrue during this pause period, exposing users to potential liquidation risk...

Loss of Funds for Users Due to Token Purchase after Maximum Supply

Lines of code Vulnerability details Summary When the token's total supply reaches its maximum, users lose funds when attempting to buy tokens, as the transaction completes without minting new tokens. Vulnerability Details To engage in the voting system, users must acquire tokens directly from the...

wLp tokens could be stolen

Lines of code Vulnerability details PosManagerremoveCollateralWLpTo function allows users to remove collateral wrapped in a wLp token that was previously supplied to the protocol: File: PosManager.sol 249: function removeCollateralWLpTouint posId, address wLp, uint tokenId, uint amt, address...

Use SafeMath for overflow protection

Lines of code Vulnerability details Unchecked math could potentially trigger overflows. Recommendation: Utilize SafeMath library for overflow safe operations. using SafeMath for uint256; function mintaddress account, uint256 amount public onlyOwner // Overflow protected totalSupply =...

If the borrower enters token blacklist, LP may never be able to retrieve Liquidity

Lines of code Vulnerability details Vulnerability details Currently, there are two ways to retrieve Liquidity 1. borrower actively close position : call closePosition 2. be forced liquidation leads to close position : liquidatePosition - closePosition No matter which one, if there is a profit in...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

Contracts are vulnerable to fee-on-transfer accounting-related issues

Lines of code 359, 448, 509, 530, 42, 797, 162 Vulnerability details The functions below transfer funds from the caller to the receiver via transferFrom, but do not ensure that the actual number of tokens received is the same as the input amount to the transfer. If the token is a fee-on-transfer...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

InitCore.liquidate will revert in case if poolOut is paused for collateral

Lines of code Vulnerability details Proof of Concept InitCore.liquidate function tries to check, that provided poolOut variable is valid pool of protocol. It does it using vars.config.isAllowedForCollateral check. As you can see, in case if poolOut will be paused as collateral for the mode, then...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

Contracts are vulnerable to fee-on-transfer accounting-related issues

Lines of code 359, 448, 509, 530, 42, 797, 162 Vulnerability details The functions below transfer funds from the caller to the receiver via transferFrom, but do not ensure that the actual number of tokens received is the same as the input amount to the transfer. If the token is a fee-on-transfer...

TRST-M-8 from previous audit still present

Lines of code Vulnerability details Proof of Concept TRST-M-8 from previous audit describes the fact, that when repaying is paused, then pool still continue accruing interests. Usually this is not considered as a medium bug anymore. However, protocol team has stated, that they have fixed...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

Malicious user can still native tokens of MoneyMarketHook caller

Lines of code Vulnerability details Proof of Concept MoneyMarketHook allows user to chain some actions into one multicall to the InitCore. In the end user can get all wrapped native tokens that he withdrew in a form of native token. Note, that this part of code withdraws all balance from wrapped...

Interest still accuring when repayment is paused, creating debt that cannot be repaid

Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

TRST-M-1 finding from previous audit still exists

Lines of code Vulnerability details Proof of Concept Issue TRST-M-1 from previous audit still exist. In order to calculate collateral amount getCollateralCreditCurrente36 function is used. uint tokenValuee36 = ILendingPoolpoolsi.toAmtCurrentsharesi tokenPricee36; tokenValuee36 is usd value of...

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

InitiCore.liquidate uses stale toShares function

Lines of code Vulnerability details Proof of Concept When position is going to be liquidated, then liquidator provides poolToRepay and poolOut. He wants to repay some amount to poolToRepay and get shares from poolOut back according to repaid amount + bonus. ILendingPoolpoolOut.toShares function i...

Unsafe usage of msg.value in a loop

Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...

Position cannot be liquidated if the borrower is blocklisted

Lines of code Vulnerability details Impact position cannot be liquidated if the borrower is blocklisted Proof of Concept When the position is closed, the function closePosition is called // execute actual position closing closePositionparams, cache, lien, msg.sender; in this case, the msg.sender ...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the specification...

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Small positions are allowed in the system that are not profitable for liquidators

Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...

In case if wLP will be blacklisted then user will not be able to withdraw it

Lines of code Vulnerability details Proof of Concept When users deposit wLP tokens as collateral, then they are checked to be whitelisted. Later, it's possible that for some reason wLP token will be backlisted by governor. And once it's done, then users, who already used that wLP tokens as...

Lack of input validation for ClosePositionParams.amountSwap results in theft of fund (premium + protocol fee))

Lines of code Vulnerability details Impact Lack of input validation for ClosePositionParams.amountSwap results in theft of fund Proof of Concept ParticlePositionManager.sol hold two part of fund 1. the contract hold premium added by borrower 2. the contract hold protocol fee before protocol...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...