In VirtualAccount.sol.withdrawERC20(), Transaction revert if the Token does not support 0 value transfer

Lines of code Vulnerability details Impact In VirtualAccount.sol.withdrawERC20, Transaction revert if the Token does not support 0 value transfer when transferring tokens to recipient address. File: src/ulysses-omnichain/VirtualAccount.sol 31 function withdrawERC20address token, uint256 amount...

Unable to check state() if proposalId == 0

Lines of code Vulnerability details Impact state function cannot be called to view proposal state if proposalId == 0. Proof of Concept There is no check to prevent queueing a proposalId with a value of 0 via the queue function. However, in the state function there is a check preventing using a...

setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract

Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...

Not using slippage parameter when interacting with AMMs

Lines of code Vulnerability details Impact The slippage parameters are hardcoded to 0, meaning the minimum amount can be 0. The absence of slippage protection causes transactions to be vulnerable to front running. This can result in users potentially losing their funds. Proof of Concept...

Tokens with multiple addresses can be stolen due to reliance on balanceOf()

Lines of code Vulnerability details Impact Some ERC20 tokens have multiple valid contract addresses that serve as entrypoints for manipulating the same underlying storage such as Synthetix tokens like SNX and sBTC and the TUSD stablecoin. The accrueUser function holds all rewards for all pools,...

Reentry restrictions are not properly released

Lines of code Vulnerability details Impact After LSP6KeyManagerCore.execute or LSP6KeyManagerCore.executeRelayCall is executed, non-isSetData methods that call these two methods without re-entry permission cannot be called normally Proof of Concept Tools Used manual review Recommended Mitigation...

Reentrancy in Redeemer._redeem allows redemptions with wrong collateralization ratio

Lines of code Vulnerability details Impact There are two potential sources of reentrancy within Redeemer.redeem: The call to LibManager.release: As this is an arbitrary strategy that may perform arbitrary calls / callbacks on release for instance because it calls another protocol which supports...

User may get less tokens than expected when collateral list order changes

Lines of code Vulnerability details Impact The order of ts.collateralList is not stable: Whenever LibSetters.revokeCollateral is used to revoke a collateral, it may change because of the swap that is performed. However, the function Redeemer.redeem relies on this order, as the user has to provide...

No target price check performed for external oracles

Lines of code Vulnerability details Impact readMint and readBurn do not check the price of returned assets against the target price, this check is only performed for Chainlink Oracles. Therefore, external oracles can report an arbitrarily price that will be accepted by the protocol and any oracle...

FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun

Lines of code Vulnerability details Impact FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun. The user only needs to frontrun the delegate before each incentive is distributed to get the incentive, and there is no way to prevent the user from undelegating...

_createDepositSingle() call bridgeOut missing normalizeDecimals

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in createDepositSingle will call IPortlocalPortAddress.bridgeOut The parameter deposit is not converted to 18 decimal createDepositSingle function createDepositSingle address...

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...

If a STRATEGY TOKEN is "Toggled off" STRATEGIES will still be able to withdraw but returning of tokens with replenishReserves will be disabled.

Lines of code Vulnerability details Impact BranchPort.manage allows a registered Strategy to withdraw certain amounts of enabled strategy tokens. It validates access rights ie. if called by a strategy registered for the requested token. It however doesn't check if the token itself is currently...

In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...

Reactivated gauges can’t queue up rewards

Lines of code Vulnerability details Impact Reactivated gauges can’t queue up rewards Proof of Concept Active gauges as set by authorised users get their rewards queued up in the FlywheelGaugeRewards.queueRewards function. As part of it, their associated struct QueuedRewards updates its storedCycl...

the mint function in erc4626 will mint incorrect amount

Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...

Potential Integer Underflow/Overflow: The code uses the SafeCastLib library for type conversions, but it does not handle potential underflow or overflow situations.

Lines of code Vulnerability details Impact The potential integer underflow/overflow vulnerability in the code can lead to incorrect calculations, unexpected behavior, and potential security issues. Proof of Concept In the provided code, there are a few areas where potential integer...

Behaviour of Distributor when user appears in multiple merkle trees

Lines of code Vulnerability details Impact To avoid that a user can claim the same amount multiple times, the following code is used: uint256 toSend = amount - claimedusertoken.amount; However, the Distributor contract supports updating the merkle tree via updateTree. But because the claimed...

Interactions with Pool do not use valid deadlines for operations

Lines of code Vulnerability details Impact Miner can potentially hold the transaction which results in loss of funds for users. Proof of Concept File: TalosBaseStrategy.sol liquidityDifference, amount0, amount1 = nonfungiblePositionManager.increaseLiquidity...

Contracts are vulnerable to rebasing accounting-related issues

Lines of code Vulnerability details Impact Rebasing tokens are tokens that have each holder's balanceof increase over time. Aave aTokens are an example of such tokens. If rebasing tokens are used, rewards accrue to the contract holding the tokens, and cannot be withdrawn by the original depositor...

Id not saved when adding a vault with addVault or partner with addPartner

Lines of code Vulnerability details Impact In the PartnerManagerFactory contract when adding a new vault with the addVault or adding a new partner with addPartner function, both functions does not save the id of the added vault or partner, this will cause function like migratePartnerVault to reve...

Vulnerable to MEV exploitation due to lack of slippage protection

Lines of code Vulnerability details Proof of Concept Function to decrease and increase liquidity are passing amount0Min and amount1Min as zero. This will result in MEV bots sandwiching transactions to extract value from it. In the worst case it will actually return zero or a very small value in...

MALICIOUS USER CAN CALL THE FlywheelBribeRewards.setRewardsDepot() FUNCTION INDEFINITELY TO PUSH ethereum INTO STATE BLOAT

Lines of code Vulnerability details Impact The FlywheelBribeRewards.setRewardsDepot function is an external permissionless function. Any malicious user can create as many ERC20 compatible contracts as possible and can call this function to set themselves as strategies in the...

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...

NO CHECK TO VERIFY THE ELEMENTS OF assetsAmounts[] ARRAY IS IN THE SAME ORDER AS assets[] ARRAY, IF MISCONFIGURED COULD BREAK THE INTERNAL ACCOUNTING OF SHARE CALCULATION

Lines of code Vulnerability details Impact In the ERC4626MultiToken.convertToShares function, assetsAmounts are used to calculate the shares to mint. Here the assetsAmounts are expected to be passed in the order of the assets array. If there is any misconfiguration in the order, then it will affe...

Reactivated gauges have incorrect accounting for the last cycle’s rewards

Lines of code Vulnerability details Impact reactivated gauges that previously had queued up rewards have a mismatch between their storedCycle and contract’s gaugeCycle state variable. Due to this mismatch, there is also a resulting issue with the accounting logic for its completed rewards: Proof ...

BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.

Lines of code Vulnerability details Impact IAnycallProxy.anyCall operates under one of two modes of taking fees, namely fees are taken either on source or on the destination chain. Fee mode is decided by the caller with an appropriate value of the fourth parameter, ie. uint256 flag . Values 0,4...

User can brick collateralization ratio calculation by donating a small amount

Lines of code Vulnerability details Impact The following code is used to calculate the collateralization ratio when stablecoinsIssued 0: collatRatio = uint64totalCollateralization.mulDivBASE9, stablecoinsIssued, Math.Rounding.Up; During normal operation, this should not overflow. However, when...

User can manipulate totalRewardUnclaimed and steal pool incentives

Lines of code Vulnerability details Impact In the UniswapV3Staker.sol contract, a user can drain the incentives by repeatedly staking and unstaking. Proof of Concept During staking, the stakeToken... function checks that incentives is not zero this would later become insufficient but does not in...

The LybraRETHVault.depositEtherToMint doesn't keep record of user's ether deposits which results in loss for the user.

Lines of code Vulnerability details Impact High: User will lose his deposited ether. Proof of Concept The collateralAsset address variable which is used in LybraPeUSDVaultBase is assumed to be stETH token address Now the depositEtherToMint function from contract LybraRETHVault.sol which inherits...

[M] Hardcoded address will not remain consistent across other chains

Lines of code Vulnerability details Impact The hardcoded address for the LBR token will not remain consistent across other chains, such as Polygon, Avalanche, Arbitrum and BSC for example. IEUSD0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2.balanceOfethlbrLpToken Proof of Concept Hardcoding the addre...

Users with bad collateralization ratio from either rebase/nonrebasevault can bypassliquidation

Lines of code Vulnerability details Impact users with an unsafe collateralization ratio who are supposed to be liquidated can manipulate the rigidRedemption feature to bypass the liquidation. From the code above its noted that being a rigidRedemption provider one can can put their collateral amou...

An attacker can burn shares of other users by calling executeFlashloan()

Lines of code Vulnerability details The executeFlashloan in PeUSDMainnetStableVision.sol allows users to execute flash loans but the problem is that the receiver doesnt have to be the msg.sender so an attacker can do 2 things: 1. Execute other users flash loans 2. If a user is a smart contract th...

Flashloan/onFlashLoan() does not comply eip-3156

Lines of code Vulnerability details Impact In PeUSDMainnetStableVision.sol, File: contracts/lybra/token/PeUSDMainnetStableVision.sol interface FlashBorrower /// @notice Flash loan callback /// @param amount The amount of tokens received /// @param data Forwarded data from the flash loan request /...

Exploiter can avoid negative Lido rebases stealing funds from EUSD vaults

Lines of code Vulnerability details Description Lybra keeps the exact amount of collateral as deposited ignoring any lido rebases. That allows malicious users to sandwich negative rebase transactions with depositing and withdrawing their stETH saving the exact amount as before negative rebase. Th...

Wrong proposalThreshold amount in LybraGovernance.sol

Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...

executeFlashloan() doesn't pass/authenticate the initiator address

Lines of code Vulnerability details Impact In PeUSDMainnetStableVision.sol executeFlashloan. File: contracts/lybra/token/PeUSDMainnetStableVision.sol 129 function executeFlashloanFlashBorrower receiver, uint256 eusdAmount, bytes calldata data public payable 130 uint256 shareAmount =...

Missing require statements in onlyRole/checkRole modifiers

Lines of code Vulnerability details In LybraConfigurator.sol, there are two modifiers, checkOnlyRole and checkRole from GovernanceTimelock, designed to verify whether the msg.sender is authorized. However, these modifiers lack "require" statements to enforce the condition that the returned boolea...

[M] Mining rewards are not distributed to users

Lines of code Vulnerability details Impact Expected mining rewards in distributeRewards are not distributed due to a revert in purchaseOtherEarnings. Proof of Concept A missing mintVault implementation in transferFrom will inevitably cause a revert in purchaseOtherEarnings. This means expected...

flashloan stealing staking reward

Lines of code Vulnerability details Impact The report reveals a vulnerability where a flashloan can be used to steal staking rewards. The provided proof of concept demonstrates the issue, where a user can take advantage of the earned rewards calculation using the spot balance. By flashloaning a...

_voteSucceeded and proposals give opposite result

Lines of code Vulnerability details Impact In the LybraGovernance contract, the voteSucceeded function returns true if supportVotes1 supportVotes0. At the same time in the proposals function supportVotes0 is returned as forVotes and supportVotes1 is returned as againstVotes. This could suggest,...

_voteSucceeded check is invalid

Lines of code Vulnerability details Impact //@audit-issue wrong check vote succeeded is when 0 1 function voteSucceededuint256 proposalId internal view override returns bool return proposalDataproposalId.supportVotes1 proposalDataproposalId.supportVotes0; voteSucceeded is a function that checks i...

A user could drain collateral from LybraStETHVault.sol even if they have redeemed all their eUSD for their deposited collateral

Lines of code Vulnerability details Impact Suppose a user deposits certain Ether and mints eUSD. The user collects mining rewards for sometime assuming that the their earnings are not claimable by others. After sometime, the user redeems all their eUSD for StETH. Now, even after redemption, the...

The _spendAllowance function in EUSD contract is labeled as virtual which can be overriden as malicious code

Lines of code Vulnerability details Impact The spendAllowance function is labeled as virtual which can be overriden by some malicious code Proof of Concept The attacker could modify the spendAllowance function to only call approve function of same contract which is internal and can pass max...

proposals view function returns wrong voting results

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Even though, the votes are calculated correctly, the proposals view function returns wrong voting results returning forVotes results as againstVotes amount. This would negatively impact the users...

[H] Eth remains stuck in contract due to reversion in convertToPeUSD

Lines of code Vulnerability details Impact ETH sent with this call will not be refunded to the caller upon revert. Proof of Concept Due to a discrepancy in the convertToPeUSD function where the call to mintVault implemenation from transferFrom is non-existent, the subsequent call to...

Using msg.value instead of sharesAmount while depositing Ether through Lido can lead to a loss of funds as stETH is not pegged to ETH with 1:1 ratio

Lines of code Vulnerability details Impact In case stETH is not pegged to ETH with 1:1 ratio, the LybraStETHVault.sol will still store all deposits in ETH value after converting to stETH. Also, the emitted event does not return the received stETH amount sharesAmount, but msg.value twice. This mig...

[H] Users can lose funds if they call depositEtherToMint

Lines of code Vulnerability details Impact Due to only an interface implementation of function submit in Lido contract, users will lose funds due to non-existent implementation. Proof of Concept The comments in the code suggest that when users deposit ETH, it should be directly deposited into the...

contract has the tendency to mint more tokens than it actually has

Lines of code Vulnerability details Impact If the contract does not have enough esLBR tokens to mint and transfer as rewards, users will not be able to claim their rewards even if they have earned them. Proof of Concept There is no check to ensure that the contract's balance of esLBR tokens is...

Owner will be address(0) because it is not initialized

Lines of code Vulnerability details Impact Owner will be address0 making the functions which use the onlyOwner modifier insolvable Proof of Concept There are contracts in the protocol which use the Ownable from OZ: esLBRBoost.sol, EUSDMiningIncentives.sol, ProtocolRewardsPool.sol,...