Upgraded Q -> 2 from #26 [1685524804490]

Judge has assessed an item in Issue 26 as 2 risk. The relevant finding follows: L-02 Host can reduce rageQuit window --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #5 [1685528763875]

Judge has assessed an item in Issue 5 as 2 risk. The relevant finding follows: L-03 Host that owns Party NFTs can circumvent reentrancy guard --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #26 [1685524775382]

Judge has assessed an item in Issue 26 as 2 risk. The relevant finding follows: L-01 Host can reenter rageQuit --- The text was updated successfully, but these errors were encountered: All reactions...

Possible overflow in PartyGovernance._isUnanimousVotes()

Lines of code Vulnerability details Impact Proposals can't be executed if totalVotes = 8e24. Furthermore, if emergencyExecuteDisabled == true and rageQuitTimestamp == DISABLERAGEQUITPERMANENTLY, users can't take out the funds from the party forever. Proof of Concept In isUnanimousVotes, it...

Rage quitting availability cannot be reliably guaranteed

Lines of code Vulnerability details Impact The host can block specific rage quits, invalidating some of the security offered by the rage quit functionality. Proof of Concept Rage quitting is only allowed before rageQuitTimestamp or if permanently enabled: // Check if ragequit is allowed. uint40...

Rage quit modifications should be limited to provide stronger guarantees to party members

Lines of code Vulnerability details Rage quit modifications should be limited to provide stronger guarantees to party members Party hosts can arbitrarily change the rage quit settings overriding any existing preset. Impact Rage quit is implemented in the PartyGovernanceNFT contract by using a...

The distribution logic will be broken after calling rageQuit()

Lines of code Vulnerability details Impact Malicious users might receive more distributed funds than they should with higher distributionShare. Proof of Concept In PartyGovernanceNFT.sol, there is a getDistributionShareOf function to calculate the distribution share of party NFT. function...

Rage quitter loses his claimable share of distributed tokens

Lines of code Vulnerability details Impact Rage quitter loses his claimable share of distributed tokens. Proof of Concept PartyGovernanceNFT.rageQuit burns a governance NFT and transfers its share of the balance of ETH and tokens: // Burn caller's party card. This will revert if caller is not the...

Users can withdraw more funds if the party has tokens with multiple addresses.

Lines of code Vulnerability details Impact Users can withdraw more funds if the party has tokens with multiple addresses. Proof of Concept Users can burn their party NFTs and take the share of the party's funds. function rageQuit uint256 calldata tokenIds, IERC20 calldata withdrawTokens, address...

Reentrancy guard in rageQuit() can be bypassed

Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...

Governance NFT can be burned to DoS accept()

Lines of code Vulnerability details Impact accept can be DoS'd by burning governance NFTs. Authorities can effectively veto proposals. Proof of Concept The new lastBurnTimestamp reverts PartyGovernance.accept if lastBurnTimestamp == block.timestamp. lastBurnTimestamp is set in...

Burning an NFT can be used to block voting

Lines of code Vulnerability details Burning an NFT can be used to block voting Impact A new validation in the accept function has been introduced in order to mitigate a potential attack to the party governance. By burning an NFT, a party member can reduce the total voting power of the party just...

Users can bypass distributions fees by ragequitting instead of using a formal distribution

Lines of code Vulnerability details Impact Distribution fees can be bypassed by ragequitting instead of distributing Proof of Concept address payable feeRecipient = feeRecipient; uint16 feeBps = feeBps; if tokenType == ITokenDistributor.TokenType.Native return distributor.createNativeDistribution...

Tokens with multiple entry points can lead to loss of funds in rageQuit()

Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...

Host can bypass reentrancy guard in rageQuit()

Lines of code Vulnerability details Impact Host can bypass reentrancy guard in rageQuit. Proof of Concept In PartyGovernanceNFT.rageQuit there is a reentrancy guard: // Check if ragequit is allowed. uint40 currentRageQuitTimestamp = rageQuitTimestamp; if currentRageQuitTimestamp !=...

Fairness should be denominated in mintedVotingPower rather than totalVotingPower

Lines of code Vulnerability details Impact Rage quitter receives too little. Proof of Concept The rage quitter receives a share votingPowerByTokenIdtokenId 1e18 / totalVotingPower of each token balance. However the sum of votingPowerByTokenIdtokenId over all tokenId, i.e. mintedVotingPower, may b...

Upgraded Q -> 2 from #11 [1685422294441]

Judge has assessed an item in Issue 11 as 2 risk. The relevant finding follows: L-03:getReward It is recommended to add balance0 before executing transfer getReward will do a transfer on rewaredsToken Since the rewards are from convex, we can't be sure what kind of token it is. we can't be sure...

accept() can be delayed or gas-griefed by burning a governance NFT

Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...

CrossDomainMessenger relayMessage Vulnerability

Lines of code Vulnerability details Impact The vulnerability allows an attacker to manipulate the sender address sender parameter when relaying a message from Layer 2 L2 to Layer 1 L1 in a cross-domain scenario. The issue arises due to the use of the L2CrossDomainMessenger contract address...

Host can instantly set rageQuitTimestamp and prevent members from rage quitting

Lines of code Vulnerability details Impact A malicious Host can front-run rage-quitting members and setRageQuitTimestamp to a time in the past and disable rageQuit. Proof of Concept Ragequit serves as a protective measure for members of a Party to do an emergency withdrawal of their assets in cas...

Upgraded Q -> 2 from #19 [1685157301242]

Judge has assessed an item in Issue 19 as 2 risk. The relevant finding follows: 1. The first staker of the wxETH can get all the unlocked rewards immediately in the same block. code lines: For the first staker of the wxETH, the totalSupply of the wxETH is 0. So he can wrap the xETH to wxETH as 1:...

Risk assessment of the finalizeETHWithdrawal function in the bridge contract

Lines of code Vulnerability details Summary The finalizeBridgeETH function: function finalizeETHWithdrawal address from, address to, uint256 amount, bytes calldata extraData external payable finalizeBridgeETHfrom, to, amount, extraData; is a public function, which means that anyone can call it...

Recovery transaction can be replayed after a cancellation

Lines of code Vulnerability details Recovery transaction can be replayed after a cancellation The recovery transaction can be replayed after a cancellation of the recovery procedure, reinstating the recovery mechanism. Impact The Ambire wallet provides a recovery mechanism in which a privilege ca...

Current design won't allow to update reference implementation without breaking counterfactuality

Lines of code Vulnerability details Current design won't allow to update reference implementation without breaking counterfactuality The current design of the Ambire wallet doesn't allow to update the reference implementation as doing so will break counterfactuality. Impact Ambire wallets are...

It is possible that recovery transaction cannot be performed even if signer still controls address that is an address of recoveryInfo.keys

Lines of code Vulnerability details Impact When a signer's privileged address is compromised, this signer can call the following AmbireAccount.execute function with sigMode being SIGMODERECOVER by using a signature signed by an address of recoveryInfo.keys that is still controlled by such signer ...

Project may fail to be deployed to chains not compatible with Shanghai hardfork

Lines of code Vulnerability details Project may fail to be deployed to chains not compatible with Shanghai hardfork Current settings may produce incompatible bytecode with some of the chains supported by the protocol. Impact The Ambire wallet supports and targets different chains, such as Ethereu...

AmbireAccount implementation can be destroyed by privileges

Lines of code Vulnerability details AmbireAccount implementation can be destroyed by privileges The AmbireAccount implementation can be destroyed, resulting in the bricking of all associated wallets. Impact The AmbireAccount contract has a constructor that setups privileges, these are essentially...

Requirement for having timelocks on recovery transactions is not enforceable

Lines of code Vulnerability details Impact When calling the following AmbireAccount.execute function with sigMode being SIGMODERECOVER, a recovery transaction can be scheduled if requireprivilegessignerKeyToRecover == recoveryInfoHash, 'RECOVERYNOTAUTHORIZED' and requireisIn,...

deployAndExecute() function in Factory should be payable

Lines of code Vulnerability details deployAndExecute function in Factory should be payable The deployAndExecute function fails to consider ETH payments that may need to be forwarded to the wallet's execute function. Impact The deployAndExecute function present in the AmbireAccountFactory can be...

SignatureValidator.recoverAddrImpl for mode Multisig checks only the last value is different to zero address

Lines of code Vulnerability details Description Current implementation when mode == SignatureMode.Multisig only checks that the last time signer is calculated is different from zero address. The variable signer is overwritten with a new value, based on the previous value and the current signature...

Attacker can force the failure of transactions that use tryCatch

Lines of code Vulnerability details Attacker can force the failure of transactions that use tryCatch An attacker or malicious relayer can force the failure of transactions that rely on tryCatch by carefully choosing the gas limit. Impact The tryCatch function present in the AmbireAccount contract...

Fallback handlers can trick users into calling functions of the AmbireAccount contract

Lines of code Vulnerability details Fallback handlers can trick users into calling functions of the AmbireAccount contract Selector clashing can be used to trick users into calling base functions of the wallet. Impact Fallback handlers provide extensibility to the Ambire wallet. The main idea her...

AmbireAccount.isValidSignature() does not cover recovery signatures

Lines of code Vulnerability details Impact A recovery key can sign for a recovery but cannot get isValidSignature to return that it is valid. Proof of Concept AmbireAccount.isValidSignature is implemented as follows function isValidSignaturebytes32 hash, bytes calldata signature external view...

execute() replay RECOVER after cancel

Lines of code Vulnerability details Impact Maliciously replay a recover transaction that has been cancelled and execute it Proof of Concept The user can cancel the transactions already in scheduledRecoveries by using SIGMODECANCEL. The code is as follows: function executeTransaction calldata txns...

TEST M

Lines of code Vulnerability details TEST Assessed type call/delegatecall --- The text was updated successfully, but these errors were encountered: All reactions...

test with new label

Lines of code L1 Vulnerability details test Assessed type CanAuto --- The text was updated successfully, but these errors were encountered: All reactions...

new finding

Lines of code L2 Vulnerability details test Assessed type Decimal --- The text was updated successfully, but these errors were encountered: All reactions...

H-100 Unmitigated

Lines of code L1 Vulnerability details test Assessed type call/delegatecall --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #928 [1684820150232]

Judge has assessed an item in Issue 928 as 2 risk. The relevant finding follows: L4 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #964 [1684819958119]

Judge has assessed an item in Issue 964 as 2 risk. The relevant finding follows: L1 --- The text was updated successfully, but these errors were encountered: All reactions...

Mutexes can be tampered with to increase gas costs

Lines of code Vulnerability details Impact An attacker can set mintedAmount and reservedRate to 0 which incurs greater gas fees when calling payParams. In the worst case this might cause the transaction to revert if the gas limit was tightly set to the expected gas cost. Proof of Concept...

Check if the token of projectId matches the projectToken of the JBXBuybackDelegate

Lines of code Vulnerability details Impact At line 202, the amountReceived returned by the swap function is based on the projectToken defined in JBXBuybackDelegate. This will incorrectly trigger the mint function and because there is no verification of projectToken, it will mistakenly mint...

Incorrect setting of sqrtPriceLimitX96 in protocol

Lines of code Vulnerability details Impact The pool.swap function in the swap attempts to execute a swap. As the code below ,The sqrtPriceLimitX96 is set based on the value of projectTokenIsZero. If projectTokenIsZero is true, sqrtPriceLimitX96 is set to TickMath.MAXSQRTRATIO - 1; otherwise, it i...

[M-01] Access control in *payParams* function

Lines of code Vulnerability details Impact Anyone can call this function and change mutex parameters. In this case we have a potential risk that malicious user can try to send several transactions: one from terminal and parallel one from other address and try front-run them to play for example wi...

Upgraded Q -> 2 from #42 [1684786437801]

Judge has assessed an item in Issue 42 as 2 risk. The relevant finding follows: While the "division before multiplication" issues described in M-01 have been mitigated in the proposed changeset, there are other cases which should be addressed too. Technical Details In SafEth::stake the calculatio...

Contributors will be unable to fund a project if UNISWAP token swapping is recommended over minting in JBXBuybackDelegate data source

Lines of code Vulnerability details Impact A core function of the juice-buyback contract, which is to maximise the project tokens received by the contributor, won't work whenever a swap from Uniswap V3 pool provides more tokens over minting because the transaction will revert. This can cause the...

TEST Med

Lines of code L1 Vulnerability details test medium Assessed type Access Control --- The text was updated successfully, but these errors were encountered: All reactions...

Partial fill when swapping can cause ETH amount that is difference between _delegateAllocation.amount and _amountToSend to be locked in JBXBuybackDelegate contract

Lines of code Vulnerability details Impact When calling the following JBPayoutRedemptionPaymentTerminal31.pay function, if delegateAllocations.length != 0 is true, delegateAllocation.delegate.didPayvalue: payableValuedata can be executed, which sends delegateAllocation.amount as msg.value to the...

TEST Med 2

Lines of code L1 Vulnerability details test medium Assessed type Access Control --- The text was updated successfully, but these errors were encountered: All reactions...

Improper configuration in JBXBuybackDelegate can cause swaps to fail everytime

Lines of code Vulnerability details Impact Improperly configured direction of swap in JBXBuybackDelegate can cause the calls to swap tokens in Uniswap V3 pool to fail everytime. So if the ideal path is token swap over minting, swaps will fail and new project token will be minted instead Proof of...