executeFlashloan() doesn't pass/authenticate the initiator address

Lines of code Vulnerability details Impact In PeUSDMainnetStableVision.sol executeFlashloan. File: contracts/lybra/token/PeUSDMainnetStableVision.sol 129 function executeFlashloanFlashBorrower receiver, uint256 eusdAmount, bytes calldata data public payable 130 uint256 shareAmount =...

Getting exchange rate function is wrong

Lines of code Vulnerability details Impact Unmatched function for getting the exchange rate can lead to being unable to mint PeUSD when depositing ETH into Rocket Pool. Proof of Concept The interface used in LybraRETHVault.sol for getting the exchange rate does not match the target contract RETH...

users can pay the fees without burning the amount in their balances

Lines of code Vulnerability details Impact users can set the amount in the repay function to the amount that is equal to his fee and in this case the users can pay the fee without burning the amount in their balancesthe caller set himself as provider and onBehlaf in the same time. more details in...

Missing require statements in onlyRole/checkRole modifiers

Lines of code Vulnerability details In LybraConfigurator.sol, there are two modifiers, checkOnlyRole and checkRole from GovernanceTimelock, designed to verify whether the msg.sender is authorized. However, these modifiers lack "require" statements to enforce the condition that the returned boolea...

The ethlbrStakePool, which is used in LOC 155 in EUSDMiningIncentives.sol, has no function balanceOf()

Lines of code Vulnerability details Impact The EUSDMiningIncentives.sol in LOC 155 uint256 userStaked = IEUSDethlbrStakePool.balanceOfuser; calls balanceOf function of ethlbrStakePool. By asking one of the sponsors, the address of this pool was given as 0x857CC243b8494e13BdbAde27C25ef61c2e500fda...

A user could drain collateral from LybraStETHVault.sol even if they have redeemed all their eUSD for their deposited collateral

Lines of code Vulnerability details Impact Suppose a user deposits certain Ether and mints eUSD. The user collects mining rewards for sometime assuming that the their earnings are not claimable by others. After sometime, the user redeems all their eUSD for StETH. Now, even after redemption, the...

distributeRewards can revert because of the too strict slippage check

Lines of code Vulnerability details Impact The report highlights that the distributeRewards function can revert due to a strict slippage check. The provided proof of concept demonstrates the issue, where the slippage is set to 98%, leading to potential transaction failures. Proof of Concept...

In LybraStETHVault.sol (LybraEUSDVaultBase.sol) a user could rigid redeem an amount more than their deposited collateral when the collateral ratio of the user goes below 100% even if they have been super-liquidated.

Lines of code Vulnerability details Impact If the collateral ratio of a user goes below 100%, the user would be able to redeem all of their eUSD for a collateral amount greater than their depositedAssetuser even after they have been super-liquidated. For eg, let us say we have a user X. Now, in...

flashloan stealing staking reward

Lines of code Vulnerability details Impact The report reveals a vulnerability where a flashloan can be used to steal staking rewards. The provided proof of concept demonstrates the issue, where a user can take advantage of the earned rewards calculation using the spot balance. By flashloaning a...

Reward distribution logic of the ProtocolRewardsPool and EUSDMiningIncentives contracts are fundamentally wrong, resulting in excess rewards for users

Lines of code Vulnerability details Impact The reward distribution logic of the ProtocolRewardsPool and EUSDMiningIncentives contracts effectively allow a user to mint much more rewards than they should be allowed to. This is possible because, unlike a true implementation of the synthetix staking...

[M] Hardcoded address will not remain consistent across other chains

Lines of code Vulnerability details Impact The hardcoded address for the LBR token will not remain consistent across other chains, such as Polygon, Avalanche, Arbitrum and BSC for example. IEUSD0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2.balanceOfethlbrLpToken Proof of Concept Hardcoding the addre...

User with bad collateralization ratio less than 125 cent can bypass super liquidation

Lines of code Vulnerability details Impact Users with a bad collateralization ratio such as less than 1251e15 can bypass super liquidation by just getting liquidated normally with the help of malicious liquidators/keepers where they might lose at most only 50% of their deposited collateral instea...

The LybraRETHVault.depositEtherToMint doesn't keep record of user's ether deposits which results in loss for the user.

Lines of code Vulnerability details Impact High: User will lose his deposited ether. Proof of Concept The collateralAsset address variable which is used in LybraPeUSDVaultBase is assumed to be stETH token address Now the depositEtherToMint function from contract LybraRETHVault.sol which inherits...

Using msg.value instead of sharesAmount while depositing Ether through Lido can lead to a loss of funds as stETH is not pegged to ETH with 1:1 ratio

Lines of code Vulnerability details Impact In case stETH is not pegged to ETH with 1:1 ratio, the LybraStETHVault.sol will still store all deposits in ETH value after converting to stETH. Also, the emitted event does not return the received stETH amount sharesAmount, but msg.value twice. This mig...

[H] Eth remains stuck in contract due to reversion in convertToPeUSD

Lines of code Vulnerability details Impact ETH sent with this call will not be refunded to the caller upon revert. Proof of Concept Due to a discrepancy in the convertToPeUSD function where the call to mintVault implemenation from transferFrom is non-existent, the subsequent call to...

Invalid Access Control Modifiers

Lines of code Vulnerability details Impact The LybraConfigurator is the contract in charge of all core functionality in the Lybra ecosystem. However, the modifiers checks here are invalid. So anybody could call any function in the protocol. All funds could be stolen and governance overturned Proo...

_voteSucceeded check is invalid

Lines of code Vulnerability details Impact //@audit-issue wrong check vote succeeded is when 0 1 function voteSucceededuint256 proposalId internal view override returns bool return proposalDataproposalId.supportVotes1 proposalDataproposalId.supportVotes0; voteSucceeded is a function that checks i...

contract has the tendency to mint more tokens than it actually has

Lines of code Vulnerability details Impact If the contract does not have enough esLBR tokens to mint and transfer as rewards, users will not be able to claim their rewards even if they have earned them. Proof of Concept There is no check to ensure that the contract's balance of esLBR tokens is...

The function will not work properly on Optimism due to use of block.number

Lines of code Vulnerability details Impact On Optimism, the block.number is not a reliable source of timing information and the time between each block is also different from Ethereum. This is because each transaction on L2 is placed in a separate block and blocks are not produce at a constant...

Exploiter can avoid negative Lido rebases stealing funds from EUSD vaults

Lines of code Vulnerability details Description Lybra keeps the exact amount of collateral as deposited ignoring any lido rebases. That allows malicious users to sandwich negative rebase transactions with depositing and withdrawing their stETH saving the exact amount as before negative rebase. Th...

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...

_quorumReached does not add all votes

Lines of code Vulnerability details Impact quorumReached is a function that checks if the Amount of votes already cast passes the threshold limit. But the function does not add all votes //@audit-issue quorum reached does not add all votes function quorumReacheduint256 proposalId internal view...

Flashloan/onFlashLoan() does not comply eip-3156

Lines of code Vulnerability details Impact In PeUSDMainnetStableVision.sol, File: contracts/lybra/token/PeUSDMainnetStableVision.sol interface FlashBorrower /// @notice Flash loan callback /// @param amount The amount of tokens received /// @param data Forwarded data from the flash loan request /...

Proposal remains open to votes for only 3 blocks instead of 7 days

Lines of code Vulnerability details Impact LybraGovernance contract only allows to vote during the first 3 blocks after the snapshot is taken. Assuming it takes roughly 12 seconds per 1 block on Ethereum, it is only 36 seconds to decide and vote for a proposal. This would be too fast for a regula...

quorumReached does not account for forVotes

Lines of code Vulnerability details Impact quorumReached does not account for forVotes. Proof of Concept The supportVodes mapping of the ProposalExtraData struct consists of three values: forVotes, againstVotes and abstainVotes respectively on keys 0, 1 and 2. The function: function...

Voting period hardcoded to 3 blocks

Lines of code Vulnerability details Impact Here in the Governance contract, the voting period is locked to 3 blocks. function votingPeriod public pure override returns uint256 return 3; function votingDelay public pure override returns uint256 return 1; This is a direct bug because if we take a...

Reentrancy may allow a customer to steal funds

Lines of code Vulnerability details Impact The reentrancy in the vested token can be used by a customer if the execution can be hijacked before the balance change occurs. Let’s consider function withdraw. Firstly, the balance is checked and then if there is enough token surplus to withdraw, the...

A Dutch trade could end up with an unintended lower closing price

Lines of code Vulnerability details Impact notTradingPausedOrFrozen that is turned on and off during an open Dutch trade could have the auction closed with a lower price depending on the timimg, leading to lesser capability to boost the Rtoken and/or stRSR exchange rates as well as a weakened...

The broker should not be fully disabled by GnosisTrade.reportViolation

Lines of code Vulnerability details Impact GnosisTrade and DutchTrade are two separate auction systems where the failing of either system should not affect the other one. The current design will have Broker.sol disabled when reportViolation is invoked by GnosisTrade.settle if the auction's cleari...

Add check to disallow creation of Standard Denomination pool

Lines of code Vulnerability details Impact CreatePool does not check if the counterpartyDenom is a Standard Denomination. This can lead to creation of pools where the StandardDenom and the CounterpartyDenom are the same. Code reference // CreatePool create a liquidity that saves relevant...

Missing store revert in case of erc20 conversion error can lead to loss of funds

Lines of code Vulnerability details Impact The module is expected to have no changes in case a erc20 conversion failed. It was implemented by swallowing the error with a log and continuing with the flow finishing the IBC transfer. This is the relevant code section: if , err =...

The calculateWithExactInput uses the same state's values for all transactions in the block

Lines of code Vulnerability details Impact The calculateWithExactInput uses the same state's values for all transactions. So all checks which should regulate swapped amounts will be broken. It can be a case of asset loss if there will be a significant amount of transactions in one block. Proof of...

Incorrect setting of EthIBCDenom invalidates risk management limits

Lines of code Vulnerability details Impact In the documentation, it is stated that: For risk management purposes, a swap will fail if the input coin amount exceeds a pre-defined limit 10 USDC, 10 USDT, 0.01 ETH or if the swap amount limit is not defined. However, in the code it defined as:...

Lack of token pair existence

Lines of code Vulnerability details Impact There is no check that ensures the token pair does exists. Proof of Concept he code assumes that if a token pair ID is not registered or if the token pair is not enabled, the conversion process will be skipped. However, there is no explicit check or...

The Swap action will always fail if the value of the deposited IBC asset is less than the value of autoSwapThreshold Canto

Lines of code Vulnerability details Impact The Swap action will always fail if the value of the deposited IBC asset the value of autoSwapThreshold Canto. This is not a bug, but it's very inconvenient for users and makes the goal of the onboarding module fail. Let's asssume that: 1 Canto = 0.1 USD...

TimeoutTimeStamp and TimeoutHeight fields are not properly validated

Lines of code Vulnerability details Impact The absence of proper validation for TimeoutTimeStamp and TimeoutHeight fields before processing an onboarding request can lead to significant disruption and potential security risks. This might allow an attacker to send an IBC Inter-Blockchain...

Default coin spend limit was set wrong for ETH

Lines of code Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens. As a...

users being overcharged or not receiving the full amount of coins as they expected caused by the incorrect calculation of the amount of coins bought

Lines of code Vulnerability details Impact in the GetInputPrice function there a line inputAmtWithFee := inputAmt.Mulsdk.NewIntFromBigIntdeltaFee.BigInt tat make a problem so here we have in that line in the GetInputPrice function, the sdk.NewIntFromBigInt function it's takes the big.Int as an...

Token pairs that are not whitelisted can be created as a pool

Lines of code Vulnerability details Class Medium Impact In the docs: Only token pairs on the whitelist can be created as a pool. Pool creation fails if the token pair is not on the whitelist. However, there is no logic that prevents from creating non-whitelisted pairs. The check is only happening...

There is no deadline for swaps

Lines of code Vulnerability details Impact If the receiver that is specified in the IBC callback doesn't have enough tokens for interacting with the Canto network defaults at 4 CANTO, then the middleware is going to swap the tokens for some CANTO tokens on the Canto network and convert the rest t...

GetStandardDenom at CreatePool might panic on unchecked nil

Lines of code Vulnerability details Impact A panic might occur when calling CreatePool and stop the app Proof of Concept here we can see CreatePool is creating new struct pool which call k,GetStandardDenom as value for StandardDenom key. now lets check GetStandardDenom body: func k Keeper...

An error could lead to coins not being returned to user

Lines of code Vulnerability details Impact The function swapCoins does check that SendCoins does receive them correctly here but not when sending them to the user here Proof of Concept If there is an error returning the swapped coins to the user, they will remain locked. There is no history of...

Slippage protection minOut autoSwapThreshold is not effective when swapping the token

Lines of code Vulnerability details Impact In the current model, the minimum output minOut amount for the auto-swap is set to match the autoSwapThreshold, which is fixed at 4 CANTO. This configuration might result in potential market risks due to fluctuations in the value of CANTO, potentially...

packet.DestinationChannel IS CHECKED AGAINST THE WhitelistedChannels, BUT packet.SourceChannel SHOULD BE CHECKED INSTEAD, AS PER THE PROTOCOL DESIGN REQUIREMENTS

Lines of code Vulnerability details Impact In the ibccallbacks.OnRecvPacket function, the Source Channel of the transferred packet is required to be checked against the WhitelistedChannels of the module. If the Source Channel of the packet is not in the WhitelistedChannels list then the auto swap...

Bypass check with one non-standard denom

Lines of code Vulnerability details Impact Wrong conditional when checking for non-standard denoms Proof of Concept The conditional is used to sanitize if the denom1 and denom2 are indeed standardDenom see the error in the next line. However, the condition can be bypassed with one of them being...

Lack of input validation

Lines of code Vulnerability details Impact There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable. Proof of Concept After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it,...

Missing store revert in case of swap error can lead to loss of funds

Lines of code Vulnerability details Impact The module is expected to have no state changes in case a swap failed, and continue to the conversion phase. It was implemented by swallowing the error with a log and continuing with the flow erc20 conversion, etc. This is the relevant code section:...

Potential risk of using swappedAmount in case of swap error

Lines of code Vulnerability details Impact In case the swap operation failed, the module should continue as is with the erc20 conversion and finish the IBC transfer. This is the relevant part of the code that swallows the error: swappedAmount, err = k.coinswapKeeper.TradeInputForExactOutputctx,...

D

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

Almost all of the github.com/cosmos/cosmos-sdk/types will be deprecated

Lines of code Vulnerability details Impact Codes in the scope won't work if the would be updated. Proof of Concept It is clearly seen that in the it is fixed version of v0.45.9. However, in next version of cosmos-sdk all of the Int methods will be deprecated. Almost all of the code in the scope i...