LlamaAccount can be tricked to selfdestruct with an upgradable contract

Lines of code Vulnerability details Impact The LlamaAccount contract will be destroyed and all the assets can be lost. Proof of Concept In execute, we use readSlot0 to prevent a malicious or buggy target from taking ownership of this contract. But the malicious target can send all the assets and...

Llama Core and Policy implementation not only minimal proxy should not be allowed to be authorized as scripts

Lines of code Vulnerability details Impact authorizeScript function will be used to authorize any contract to be delegatecalled by executor's context. To be qualified as script, it should not access storage but immutable storage, because script's storage layout can be overlapped each other. I...

Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().

Lines of code Vulnerability details Impact Delegatecall to targets which have storage access will read/write each other's storage variables. Although slot 0 is protected from modification by delegatecall, reading slot 0 is not protected. Modifying storage slot other than 0 is not protected. It's...

LlamaAccount.llamaExecutor may be changed for a malicious purpose and be return to the initial state.

Lines of code Vulnerability details Impact If the delegatecall changes llamaExecutor to an malicious contract, then onlyLlama modifier cannot protect the contract. After the exploit, it can return the llamaExecutor as before. Proof of Concept Update test/mock/MockExtension.sol as below. //...

In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval.

Lines of code Vulnerability details Impact In LlamaRelativeQuorum, the governance result might be incorrect as it counts the wrong approval/disapproval. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total supply and the...

The initial total supply of the role can be miscalculated in some cases

Lines of code Vulnerability details Impact Due to miscalculations during LlamaPolicy contract deployment the initial supply of the role can be set wrongly. And most of strategies will not work as intended. Moreover users will not be able to start an Action for some strategies as well. Proof of...

The owner is a single point of failure and a centralization risk.

Lines of code Vulnerability details Impact & Vunerability Details. Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure, as this contract's owner can perform roles of high importance to the protocol. A single private key may be taken in a...

sell reward rTokens at low price because of skiping furnace.melt

Lines of code Vulnerability details Impact The reward rToken sent to RevenueTrader will be sold at a low price. RSR stakers will lose some of their profits. Proof of Concept RevenueTraderP1.manageToken function is used to launch auctions for any erc20 tokens sent to it. For the RevenueTrader of t...

Challenger can change the output root or delete output root arbitrarily to authorize invalid withdrawal or block withdrawal infinitely

Lines of code Vulnerability details Impact Challenger can change the output root or delete output root arbitrarily Proof of Concept In the OptimismPortal.sol, when prove and finalize the transaction the output root needs to be verificated // Grab the OutputProposal from the L2OutputOracle, will...

getPORFeedData() doesn't validate price feed answers (totalETHBalanceInInt and totalETHXSupplyInInt) before casting to uint256

Lines of code Vulnerability details Impact If a negative value is returned 0 from chainlink oracle and the value is cast to type uint256, the resulting value will be the unsigned representation of that value which will be an inaccurate price. Also, cases where sdprice can't be less than 0 will...

Insecure State settleFunds function, state update

Lines of code Vulnerability details Impact The impact of this finding is that an unauthorized party can manipulate the state of the vaultSettleStatus variable before executing critical operations related to penalty marking, fund distribution, and reward deposits. This can potentially disrupt the...

Incorrect Handling of Return Value in onlyWhenNotPaused Modifier

Lines of code Vulnerability details Description: contract named "L1ChugSplashProxy" which is a proxy contract with additional functionality for code and storage modification. However, there is a bug in the code that needs to be addressed. Bug: The bug is in the modifier onlyWhenNotPaused function...

FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()

Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...

When deploying contracts in PermissionedNodeRegistry.deployWithdrawVault(), PermissionlessNodeRegistry.deployWithdrawVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

Aunction DOS

Lines of code Vulnerability details Impact All auction functions are under a potential DOS or exploitability vulnerability A 2 day duration is added to the current block.number when creating a lot. This introduces a critical flaw, Adding 2 86400correct value of 2 days / 27200wrong value used in...

Legacy version check should be removed to avoid double relaying message in CrossDomainMessager.sol

Lines of code Vulnerability details Impact Legacy version check should be removed to avoid double relaying message Proof of Concept In Optimism bedrock implementation, to handle the pre-bedrock migration, there is code check to make sure the transaction that finalized and relayed in pre-bedrock...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw

Lines of code Vulnerability details Impact manager and DEFAULTADMINROLE can update conflicting values as max deposit limit and max withdrawal limit, where maxDepositAmount is than maxWithdrawAmount. Users will be able to deposit more than they are permitted to withdraw. considering the extremes i...

There is no check to see if eth was successfully sent from PermissionlessNodeRegistry to StaderInsuranceFund.

Lines of code Vulnerability details Impact Eth may not complete successfully. As a result, StaderInsuranceFund will not receive collateral. Tools Used Manual audit Recommended Mitigation Steps Add to StaderInsuranceFund.depositFund function: ifmsg.value == 0 revert Error Assessed type ETH-Transfe...

ERC20 token bridge does not support token with different decimals

Lines of code Vulnerability details ERC20 token bridge does not support token with different decimals Summary ERC20 token bridge does not support token with different decimals Vulnerability Detail In the current implementation: User can perform ERC20 cross-chain transfer via token bridge. Let us...

accountsMap[ADMIN] not set in initialize function of StaderConfig contract

Lines of code Vulnerability details Impact When initializing the StaderConfig contract with the initialize function, the admin address is not set in accountsMapADMIN variable, so the getAdmin function will return address0. This will cause the loss of the ownership of the VaultProxy contract as it...

Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days

Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...

Cross contract reentrancy attack through changing the xDomainMsgSender

Lines of code Vulnerability details Impact The use of the guaranteed safe CrossDomainMessenger for withdrawals can result in permanent blockages when the recipient address interacts with external addresses, which is an important feature for interoperability and is expected to be widely utilized...

Lack of reentrancy protection in L1ERC721Bridge.sol

Lines of code Vulnerability details Summary Calling IERC721.transferFrom in the L1ERC721Bridge.initiateBridgeERC721 after writing the deposit makes a reentrancy attack possible if there is a callback before transfer in the localToken contract we will name such a contract ERC721Callback...

MISSING ACCESS CONTROL AND MISSING LOGICAL CHECKS IN PENALTY.sol

Lines of code Vulnerability details Impact In the penalty.sol contract anyone can call the markValidatorSettled... function to clear the penalty of an erring validator. Proof of Concept Anyone can clear the penalty of an erring validator without by calling markValidatorSettled... as the function...

Oracle data is not sufficiently validated

Lines of code Vulnerability details Impact The retrieved price from the oracle can be stale value or outdated and used anyways as a valid data. The usage of such data can impact on how the further logics of that price are implemented. Proof of Concept File: StaderOracle.sol function getPORFeedDat...

Lack of Event Signature Verification

Lines of code Vulnerability details Impact The functions submitExchangeRateData, submitSDPrice, and submitValidatorStats emit events without verifying the signature of the calling contract. Malicious contracts can exploit this by emitting events with misleading information, potentially deceiving...

The incorrect check implemented in the UserWithdrawalManager undermines the effectiveness of the timelock for claiming ETH

Lines of code Vulnerability details high Title: The incorrect check implemented in the UserWithdrawalManager undermines the effectiveness of the timelock for claiming ETH. Links: Impact Any malicious users can bypass the timelock mechanism for claiming ETH. The issue lies in the claim function,...

depositERC20To() and withdrawTo() is missing onlyEOA() modifier - Leading to loss of user funds

Lines of code Vulnerability details Impact StandardBridge.sol contract has a modifier called onlyEOA. The comment says 132 / 133 @notice Only allow EOAs to call the functions. Note that this is not safe against contracts 134 calling code within their constructors, but also doesn't really matter...

Bug on e handling of excess ETH deposits

Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...

cancelUnstake lack payoutRewards before mint shares

Lines of code Vulnerability details cancelUnstake will cancel the withdrawal request in the queue can mint shares as the current stakeRate. But it doesn't payoutRewards before mintStakes. Therefor it will mint stRsr as a lower rate, which means it will get more rsr. Impact Withdrawers in the...

Using transferFrom on ERC20 tokens transfer

Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom which is not recommended. OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFrom whenever possible Some tokens do not implement the ERC20 standard properly but ar...

Potential Integer Overflow/Underflow

Lines of code Vulnerability details Impact The functions insertSDPrice and getMedianValue manipulate arrays of uint256 values without explicitly checking for integer overflow or underflow. If the array lengths or calculations exceed the maximum or minimum values of uint256, it can result in...

Problem with Day values

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated. 7200 was referred to as 24 hours and was used...

Lack of claimRewards when manageToken in RevenueTrader

Lines of code Vulnerability details There is a dev comment in the Assert.sol: DEPRECATED: claimRewards will be removed from all assets and collateral plugins The claimRewards is moved to the TradingP1.claimRewards/claimRewardsSingle. But when the RevenueTraderP1 trade and distribute revenues by...

Anyone Can selfdestruct The VaultProxy Contract.

Lines of code Vulnerability details Vulnerability Details -Since the initialise function is missing initializer modifier as it's inteded to be not protected as per ETHx smart contract functions documentation , And Since VaultFactory contract doesn't initialize the VaultProxy upon its initializati...

Both consensus layer rewards and "32 bonded ETH" will be distributed via ValidatorWithdrawalVault.distributeRewards() as rewards

Lines of code Vulnerability details Impact totalRewards can be a value than staderConfig.getRewardsThreshold in ValidatorWithdrawalVault.distributeRewards. As a result both ETH balances belonging to rewards and staked ETH will be distributed. Proof of Concept Both consensus layer rewards and "32...

Loss of airdropped Token or NFT in NFT Bridge

Lines of code Vulnerability details Impact Loss of airdropped Token or NFT in NFT Bridge and Token Bridge Proof of Concept Contract L1ERC721Bridge is for bridging NFTs from L1 to L2 and it holds all the bridged NFTs. Most of the NFT projects would airdrop new NFTs for previous owners or drop ERC2...

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

Underpaying Optimism l2gas(_minGasLimit) may lead to loss of funds

Lines of code Vulnerability details Impact The contract L1StandardBridge.sol is susceptible to a vulnerability where underpaying the l2Gashere in all contract, it used as "minGasLimit" value provided by users can result in a potential loss of funds. This vulnerability exists in the depositERC20 a...

A trusted node has the ability to submit the ExchangeRate multiple times for a single reportingBlockNumber.

Lines of code Vulnerability details Impact In this code, a trusted node can submit data several times. The trusted node can submit ExchangeRateData and then it can submit different data again about same reportingBlockNumber. This will occur mess of staderOracle contract, so it will be needed to b...

EVENT EMITTED WITHOUT ACTION

Lines of code Vulnerability details Impact A malicious validator can remain in the system after exceeding it's exit penalty threshold. This poses a risk to users and a possible reputation risk to the protocol. Proof of Concept In the updateTotalPenaltyAmount... function, when the validators...

Risk of losing admin access if updateAdmin set with same current admin address

Lines of code Vulnerability details N.B : This bug is different that the other one titled "The admin address used in initialize function, can behave maliciously". Both issues are related to access control, but the impact, root cause and bug fix are different, so DO NOT mark it as dupliate of the...

The claim() function has a reentrancy vulnerability

Lines of code Vulnerability details Impact The claim function has a reentrancy vulnerability . In the function, the UtilLib.sendValue function is called before emitting the Claimed event. This violates the "check-effect-interaction" model, which is a best practice for secure smart contract...

User with large stacked ETH can deny other stacker from withdrawing.

Lines of code Vulnerability details Description The withdraw flow of Stader splitted in two steps, first the user has to requestWithdraw by passing his owned ETHx amount which add a new record to userWithdrawRequestsnextRequestId, second, finalizeUserWithdrawalRequest got called by any user to...

UNJUSTIFIED ZERO INDEX VALIDATION HINDERS INDEX VALUE OF 0

Lines of code Vulnerability details Impact SocializingPool.verifyProof currently incorporates a zero index check which blocks the entry of an index value of 0. While this check is designed to prevent the use of invalid index values, it inadvertently prohibits the valid index value of 0. This may...

Tokens can be lost when trying to deposit in SDCaollateral.depositSDAsCollateral() or trying to withdraw SDCaollateral.withdraw()

Lines of code Vulnerability details Impact Some tokens do not return the success of the token submission. Because Since we don’t know for sure how the SD token is implemented, we need to take this into account. Proof of Concept A detailed example is listed in: Tools Used Manual audit Recommended...

Individual nodes can manipluate sdPriceInETH to be any value inside StaderOracle#submitSDPrice

Lines of code Vulnerability details Trusted nodes can submit their attested ethereum price by calling StaderOraclesubmitSDPrice. Once a 66% majority of nodes submit a price for a specific block number, the new sdPriceData will be set to the median of the submitted prices. function...

LES (Light Ethereum Subprotocol) doesn't forward the transaction to the sequencer

Lines of code Vulnerability details Impact LES Light Ethereum Subprotocol doesn't forward the transaction to the sequencer when receiving it over RPC. Proof of Concept When a user submits a transaction to op-geth node validator/verfier mode, the node sends the transaction to the sequencer, if no...

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards. This means th...