Possible reentrancy during redemption/swap

Lines of code Vulnerability details Impact Redeemers might charge more collaterals during redemption/swap by the reentrancy attack. Proof of Concept Redeemers can redeem the agToken for collaterals in Redeemer contract and redeem burns the agToken and transfers the collaterals. function redeem...

SWAP TRADES COULD BE EXECUTED AT A LATER POINT IN TIME BY THE MINERS, IF deadline == 0

Lines of code Vulnerability details Impact The Swapper.swapExactInput external function, has the deadline parameter to control the execution time of the swap transaction. If the block.timestamp has elapsed the deadline given the transaction will revert as per the implementation in the...

DENIAL OF SERVICE COULD OCCUR IF CHAINLINK PRICE FEEDS ARE BLOCKED

Lines of code Vulnerability details Impact Protocol’s usability becomes very limited when access to Chainlink oracle data feed is blocked The LibOracle.readChainlinkFeed function calls the feed.latestRoundData on the chain link price feed to calculate the quotePrice and retrun it to the...

LACK OF deadline CHECK COULD PROMPT DELAYED EXECUTION OF swap OPERATION

Lines of code Vulnerability details Impact The RewardHandler.sellRewards function is used by governance and trusted sellers to sell reward tokens for collateral tokens. This function ensures that none of the collateral should be decreased after the swap by checking their respective balances befor...

The first disputer might lose funds although his dispute is valid.

Lines of code Vulnerability details Impact The first disputer might lose funds although his dispute is valid. Proof of Concept Users can dispute the current tree using disputeTree and the governor refunds the dispute funds if the dispute is valid in resolveDispute. function disputeTreestring memo...

Disputer loses the deposit when someone disputes after them

Lines of code Vulnerability details Impact A disputer loses their deposited dispute tokens if someone disputes the tree after them. Proof of Concept The Distributor.disputeTree function is used to dispute a Merkle tree. The function requires the caller to deposit disputeAmount of disputeToken; th...

estimatedAPR() might return the wrong APR.

Lines of code Vulnerability details Impact estimatedAPR might return the wrong APR and it will make users confused. Proof of Concept SavingsVest.estimatedAPR returns the APR using the current vestingProfit and vestingPeriod. function estimatedAPR external view returns uint256 apr uint256...

Read-only reentrancy is possible

Lines of code Vulnerability details Impact The agToken might be minted wrongly as rewards due to the reentrancy attack. Proof of Concept There are redeem/swap logics in the transmuter contract and all functions don't have a nonReentrant modifier. So the typical reentrancy attack is possible durin...

IF RETURNED DECIMAL VALUE IS ZERO, IT COULD BREAK THE FUNCTIONING OF THE PROTOCOL

Lines of code Vulnerability details Impact The LibOracle.readChainlinkFeed function is used to calculate the quotePrice for a collateral using the chainlink price feeds. The function uses the values received via the multiple arrays in the LibOracle.read function. One such array is the...

CRITICAL UPGRADES IN THE DIAMOND PROXY COULD BE MISSED DUE TO INVALID ACTIONS PASSED IN

Lines of code Vulnerability details Impact The LibDiamond.diamondCut function is used to modify the facets by passing in the FacetCut structs. The FacetCut struct contains the action to perform: add, replace and remove and the function selectors to use for them. Here the function implementation...

Redeemer.redeem FUNCTION COULD REVERT DUE TO ARRAY LENGTH MISMATCH IN THE minAmountOuts ARRAY

Lines of code Vulnerability details Impact In the Redeemer.sol contract the Natspec comments are given how the minAmountOuts array is constructed when there are managed collaterals with sub-collaterals present. The comment is as follows: /// process and the minAmountOuts will be bigger than the...

No check for active Arbitrum Sequencer

Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...

ARBITARY USER CAN CALL THE SavingsVest.accrue FUNCTION MULTIPLE TIMES BEFORE THE updateDelay PERIOD HAS ELAPSED

Lines of code Vulnerability details Impact In the SavingsVest contract the updateDelay variable is defined. This variable is used to refer the minimum time between two calls to the accrue function. This is implemented in the SavingsVest.accrue function as follows: if block.timestamp - lastUpdate...

uint128 changeAmount might overflow

Lines of code Vulnerability details Impact This issue is an edge case, that uint128 changeAmount could overflow, making the protocol fail for certain amount of swap. Proof of Concept Let's break down the changeAmount: 1. amountOut/amountIn 2. BASE27 3. normalizer File:...

Incorrect modification authorization amount

Lines of code Vulnerability details Impact In a specific scenario, the authorized transfer amount from N-M M0, N0 will cause the user to lose M+N money. This solution is to first change the authorized amount to N-0 and then to 0-M. This is not the best solution suggested by the article, and it is...

Poor detection of disputed trees allows claiming tokens from a disputed tree

Lines of code Vulnerability details Targets Impact Users can claim rewards from a Merkle tree that's being disputed. This can potentially lead to loss of funds since a malicious trusted EOA can claim funds from a malicious tree while it's being disputed. Proof of Concept The...

ONLY THE LAST DISPUTE IS CONSIDERED UNRESOLVED IN THE Distributor CONTRACT

Lines of code Vulnerability details Impact The Distributor.disputeTree function is used to freeze the Merkle tree update until the dispute is resolved. This is done by setting the disputer state variable to msg.sender. disputeTree is an external function which can be called by anyone by providing...

Interest is not accrued before parameters are updated in SavingsVest

Lines of code Vulnerability details Impact Stablecoin holders can receive wrongly calculated yield in the SavingsVest contract. Also, wrong vesting profit can be slashed when the protocol is under-collateralized. Proof of Concept The SavingsVest contract lets users deposit their stablecoins and...

Unsafe cast in getCollateralRatio()

Lines of code Vulnerability details Impact LibGetters.getCollateralRatio might return the incorrect ratio due to the unsafe cast. Proof of Concept getCollateralRatio outputs the collateral ratio using the total collaterals and issued agTokens. // The stablecoinsIssued value need to be rounded up...

ERC721 onERC721Received() reentrancy

Lines of code Vulnerability details Impact Reentrancy is an attack that can occur when a bug in a contract may allow a malicious contract to reenter the contract unexpectedly during execution of the original function. This can be used to drain funds from a smart contract if used maliciously...

LibHelpers.piecewiseLinear will revert when the value is less than the first element of the array

Lines of code Vulnerability details Impact LibHelpers.piecewiseLinear reverts when the value is less than the first element of the array. This method is used in Redeemer contract and if the collateral ratio is below the first element of xRedemptionCurve, the redepmtion will revert. Proof of Conce...

Decimal is not correct in fee calculation

Lines of code Vulnerability details Impact The decimal doesn't match in the fee calculation, so this will break the fee calculation. Since fee calculation is very important in Mint/Burn actions, this problem can ruin the core functionality of transmuter. Proof of Concept This is the non-exact min...

sellRewards() might be used to steal collaterals/rewards by malicious guardians or sellers.

Lines of code Vulnerability details Impact Malicious guardians or sellers might steal funds using sellRewards. Proof of Concept sellRewards is used to buy collaterals using rewardsagToken through 1inch router. function sellRewardsuint256 minAmountOut, bytes memory payload external returns uint256...

The merkle tree might be revoked again after being used to claim rewards.

Lines of code Vulnerability details Impact The merkle tree might be revoked again after being used to claim rewards. Proof of Concept The governor can revoke the merkle tree using revokeTree. function revokeTree external onlyGovernorOrGuardian if disputer != address0 revert UnresolvedDispute;...

getMerkleRoot() might return an unconfirmed root.

Lines of code Vulnerability details Impact Users might claim rewards using an unconfirmed merkle root. Proof of Concept getMerkleRoot returns the merkle root to claim the rewards. function getMerkleRoot public view returns bytes32 if block.timestamp = endOfDisputePeriod return tree.merkleRoot; el...

stealth of funds

Lines of code Vulnerability details CRITICAL Impact The LSP0ERC725Account contract executes calls to specified targets provided in the arguments, the contract can receive native coins using the payable functions or directly transfered since the contract implements a receive function. However, the...

LSP6KeyManagerCore reentrancy vulnerability

Lines of code Vulnerability details Impact Both LSP6KeyManager and LSP6KeyManagerInit inherit from LSP6KeyManagerCore. Consider our previous 3 contracts as A, B and C. We write a contract D, call the A.execute method, and let it execute D.execute. When executing D.execute, we can also execute...

MALICIOUS USER CAN CALL THE FlywheelBribeRewards.setRewardsDepot() FUNCTION INDEFINITELY TO PUSH ethereum INTO STATE BLOAT

Lines of code Vulnerability details Impact The FlywheelBribeRewards.setRewardsDepot function is an external permissionless function. Any malicious user can create as many ERC20 compatible contracts as possible and can call this function to set themselves as strategies in the...

RootBridgeAgent.redeemSettlement can be front-run using RootBridgeAgent.retrySettlement causing redeem DoS

Lines of code Vulnerability details Impact Since RootBridgeAgent.retrySettlement... can be called by anyone for any settlement, a malicious actor can front-run an user trying to redeem his failed settlement via RootBridgeAgent.redeemSettlement... by calling RootBridgeAgent.retrySettlement... with...

Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract

Lines of code Vulnerability details Summary Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract on deposit and withdraw logic. Vulnerability Detail The UlyssesToken unified liquidity tokens are derived from ERC4626Multitoken. This is an standard tokenized vault with...

Many create methods are suspicious of the reorg attack

Lines of code Vulnerability details Proof of Concept There are many instance of this, but to understand things better, taking the example of createTalosV3Strategy method. The createTalosV3Strategy function deploys a new TalosStrategyStaked contract using the create, where the address derivation...

Liquidity providers may lose funds when initialising a strategy

Lines of code Vulnerability details Summary Liquidity providers may lose funds when initialising a strategy Vulnerability Detail Liquidity providers may lose a portion of provided liquidity in either of the pair tokens when creating a new position. The init function on TalosBaseStrategy.sol does...

BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.

Lines of code Vulnerability details Impact IAnycallProxy.anyCall operates under one of two modes of taking fees, namely fees are taken either on source or on the destination chain. Fee mode is decided by the caller with an appropriate value of the fourth parameter, ie. uint256 flag . Values 0,4...

Interactions with Pool do not use valid deadlines for operations

Lines of code Vulnerability details Impact Miner can potentially hold the transaction which results in loss of funds for users. Proof of Concept File: TalosBaseStrategy.sol liquidityDifference, amount0, amount1 = nonfungiblePositionManager.increaseLiquidity...

Reward clarinets can claim rewards multiple times

Lines of code Vulnerability details Impact Reward claimers can call the get accrued reward function multiple times and maybe even drain the contract Proof of Concept As we can see there’s no check setting the accrued reward to zero after the rewards have been transferred Tools Used Manual review...

setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract

Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...

Not using slippage parameter in swap() while swapping causes loss of funds

Lines of code Vulnerability details Impact While making a swap on UniswapV3 the caller should use the slippage parameter amountOutMinimum parameter to avoid losing funds. In swapToEqualAmounts does not use the slippage parameter amountOutMinimum. File: /src/talos/libraries/PoolActions.solL46-L52...

the mint function in erc4626 will mint incorrect amount

Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...

_createDepositSingle() call bridgeOut missing normalizeDecimals

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in createDepositSingle will call IPortlocalPortAddress.bridgeOut The parameter deposit is not converted to 18 decimal createDepositSingle function createDepositSingle address...

Tokens with multiple addresses can be stolen due to reliance on balanceOf()

Lines of code Vulnerability details Impact Some ERC20 tokens have multiple valid contract addresses that serve as entrypoints for manipulating the same underlying storage such as Synthetix tokens like SNX and sBTC and the TUSD stablecoin. The accrueUser function holds all rewards for all pools,...

User can brick collateralization ratio calculation by donating a small amount

Lines of code Vulnerability details Impact The following code is used to calculate the collateralization ratio when stablecoinsIssued 0: collatRatio = uint64totalCollateralization.mulDivBASE9, stablecoinsIssued, Math.Rounding.Up; During normal operation, this should not overflow. However, when...

NO CHECK TO VERIFY THE ELEMENTS OF assetsAmounts[] ARRAY IS IN THE SAME ORDER AS assets[] ARRAY, IF MISCONFIGURED COULD BREAK THE INTERNAL ACCOUNTING OF SHARE CALCULATION

Lines of code Vulnerability details Impact In the ERC4626MultiToken.convertToShares function, assetsAmounts are used to calculate the shares to mint. Here the assetsAmounts are expected to be passed in the order of the assets array. If there is any misconfiguration in the order, then it will affe...

Reentrancy in Redeemer._redeem allows redemptions with wrong collateralization ratio

Lines of code Vulnerability details Impact There are two potential sources of reentrancy within Redeemer.redeem: The call to LibManager.release: As this is an arbitrary strategy that may perform arbitrary calls / callbacks on release for instance because it calls another protocol which supports...

Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

Vulnerable to MEV exploitation due to lack of slippage protection

Lines of code Vulnerability details Proof of Concept Function to decrease and increase liquidity are passing amount0Min and amount1Min as zero. This will result in MEV bots sandwiching transactions to extract value from it. In the worst case it will actually return zero or a very small value in...

Potential Integer Underflow/Overflow: The code uses the SafeCastLib library for type conversions, but it does not handle potential underflow or overflow situations.

Lines of code Vulnerability details Impact The potential integer underflow/overflow vulnerability in the code can lead to incorrect calculations, unexpected behavior, and potential security issues. Proof of Concept In the provided code, there are a few areas where potential integer...

In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...

Missing deadline checks allow pending transactions to be maliciously executed

Lines of code Vulnerability details Impact In PoolActions.sol, swapToEqualAmounts function has no deadline check for the transaction when swapping. File: src/talos/libraries/PoolActions.sol function swapToEqualAmountsActionParams memory actionParams, int24 baseThreshold internal bool zeroForOne,...

addLiquidity() unable to work

Lines of code Vulnerability details Impact missing the first transfer of the asset to router, addLiquidity unable to work Proof of Concept UlyssesRouter.addLiquidityuse for mint LP The code is as follows: function addLiquidityuint256 amount, uint256 minOutput, uint256 poolId external returns...