A staker with verified over-commitment can potentially bypass slashing completely

Lines of code Vulnerability details Description In EigenLayer, watchers submit over-commitment proof in the event a staker's balance on the Beacon chain falls below the minimum restaked amount per validator. In such a scenario, stakers’ shares are decreased by the restaked amount. Note that when ...

Upgraded Q -> 3 from #421 [1683219158450]

Judge has assessed an item in Issue 421 as 3 risk. The relevant finding follows: 1. Unchecked Cast May Overflow As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint324294967300 will result in 4 without reversion. Consider using OpenZepplin's SafeCast...

Medium Access Control Unauthorized access to restricted functions

Lines of code Vulnerability details Impact compromising the owner or whitelister roles could allow an attacker to manipulate critical whitelist and configuration logic, potentially damaging the use of the protocol. By taking control of privileged access, the attacker could enable rapid withdrawal...

The value of MAX_WITHDRAWAL_DELAY_BLOCKS is constant which shouldn't be

Lines of code Vulnerability details Impact The value of MAXWITHDRAWALDELAYBLOCKS is constant which shouldn't be. It is stated that at the moment MAXWITHDRAWALDELAYBLOCKS is 50400 and it is adjustable, but it isn't in this case as it is constant and once deployed it can't be change Proof of Concep...

Slashing can be frontrunned

Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...

Overflow Excessive claims could overwhelm storage _userWithdrawals mapping

Lines of code Vulnerability details Impact By submitting an excessive number of claims through a compromised user, an attacker could theoretically overwhelm the storage used for mapping users to their delayed withdrawals. If critical data is overwritten, the contract would be rendered unusable...

Loss of funds on deposit when totalShares > 0 && priorTokenBalance == 0

Lines of code Vulnerability details Impact Withdrawing one's shares may return far less tokens than one deposited. Proof of Concept Shares returned when depositing is calculated in StrategyBase.deposit as if totalShares == 0 newShares = amount; else uint256 priorTokenBalance = tokenBalance -...

Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)

Lines of code Vulnerability details Impact Since this is a vulnerability which involves multiple in-scope contracts and leads to more than one impact, let's start with a bug desciption from bottom to top. Library Merkle The methods verifyInclusionSha256proof, root, leaf, index and...

Upgraded Q -> 3 from #306 [1683219251927]

Judge has assessed an item in Issue 306 as 3 risk. The relevant finding follows: L-01 Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256 In the function buy and sell of the contract PrivatePool.sol the function first set the variables...

Temporary blocking withdrawals because of slashQueuedWithdrawal function incorrectness

Lines of code Vulnerability details Temporary blocking withdrawals because of slashQueuedWithdrawal function incorrectness Impact The incorrectness of the slashQueuedWithdrawalcan block withdraw operations till queuedWithdrawal argument will be changed to exclude strategies with PAUSEDWITHDRAWALS...

Function trigering

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The redeemPayment funtion does not check if the payment token being transferred to the delegation terms contract is approved by the sender. This can allow an attacker to call this function and transfer...

Upgraded Q -> 3 from #853 [1683219256548]

Judge has assessed an item in Issue 853 as 3 risk. The relevant finding follows: LC-02 USE THE SAFECAST LIBRARY FOR CASTING VALUES TO AVOID OVERFLOW/UNDERFLOW File: virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -= uint128weightSum; --- The...

StrategyBase.underlyingToShares() cannot be overridden to intended mutability

Lines of code Vulnerability details Impact An implementation of underlyingToShares, as inherited from StrategyBase.sol, cannot contrary to intentions make state modifications. This implies that StrategyBase.sol may become useless as a base contract to inherit from. Proof of Concept StrategyBase.s...

High Reentrancy Withdrawals can be frontrun

Lines of code Vulnerability details Impact A reentrancy attack on the withdrawal functions could allow an attacker to drain the contract of all funds by repeatedly calling the functions faster than transactions can complete. By calling completeQueuedWithdrawal and withdrawBeaconChainETH multiple...

Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false

Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...

Context not implemented as per need of the code

Lines of code Vulnerability details Impact Logical and mathematical flaws might occur due to lack of the check . Proof of Concept As per comment in: //check if the withdrawal occured after mostRecentWithdrawalBlockNumber but no check is involved in the code which would cause mathematical flaws in...

Upgraded Q -> 2 from #200 [1683080702977]

Judge has assessed an item in Issue 200 as 2 risk. The relevant finding follows: L-03 KangarooVaultminDepositAmount should be a fairly high number to prevent 0 deposits or dust deposits that may affect the deposit/withdrawal process --- The text was updated successfully, but these errors were...

Upgraded Q -> 3 from #407 [1683102761347]

Judge has assessed an item in Issue 407 as 3 risk. The relevant finding follows: L01 Unsafe downcasting On PrivatePool.solL230-L231 there are two unsafe downcasting from uint256 to uint128; virtualBaseTokenReserves += uint128netInputAmount - feeAmount - protocolFeeAmount; virtualNftReserves -=...

Upgraded Q -> 2 from #898 [1683143849953]

Judge has assessed an item in Issue 898 as 2 risk. The relevant finding follows: Royalty receiver will not get correct royalty as saleprice is not calculated properly uint256 salePrice = outputAmount / sellsi.tokenIds.length; Here the salesprice for an nft is calculated by using the above formula...

Upgraded Q -> 2 from #225 [1683100933057]

Judge has assessed an item in Issue 225 as 2 risk. The relevant finding follows: uint256 exponent = baseToken == address0 ? 18 - 4 : ERC20baseToken.decimals - 4; will revert since ERC20baseToken.decimals - 4; causes an underflow --- The text was updated successfully, but these errors were...

Updating a submission - testing is i can add a submission by team that was originally an issue for a single warden.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps testings...

Upgraded Q -> 3 from #878 [1683053134023]

Judge has assessed an item in Issue 878 as 3 risk. The relevant finding follows: L-7 Potential overflow while updating reserves values in PrivatePool contract - --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #543 [1683017069535]

Judge has assessed an item in Issue 543 as 2 risk. The relevant finding follows: changeFeeQuote assumes all base tokens will be of decimals of at 4 decimals. However this would lead to issues whereby baseToken is of 2 decimal place. --- The text was updated successfully, but these errors were...

Upgraded Q -> 3 from #222 [1683017474019]

Judge has assessed an item in Issue 222 as 3 risk. The relevant finding follows: L-02 Downcasting uint or int may result in overflow Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows. Instances: 2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

Upgraded Q -> 2 from #882 [1683052827510]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: changeFeeQuote reverts for tokens with decimals less than 4 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #882 [1683052832814]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: In changeFeeQuote if changeFee == 0 protocolFeeAmount becomes 0 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #878 [1683053139232]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-8 Zero amount ERC20 token transfers may fail some implementations - --- The text was updated successfully, but these errors were encountered: All reactions...

Testing Issue Type

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps testing...

Upgraded Q -> 2 from #215 [1683053585771]

Judge has assessed an item in Issue 215 as 2 risk. The relevant finding follows: QA10 Both EthRouterbuy and EthRoutersell do not check whether recipient == address0, as a result, they might send royalty fees to the zero address - loss of funds. --- The text was updated successfully, but these...

Upgraded Q -> 2 from #198 [1683053533286]

Judge has assessed an item in Issue 198 as 2 risk. The relevant finding follows: L2 - Royalty payment is unfair --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #854 [1683053416481]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: L-07 Malicious collection owner could steal all base tokens by updating royalty during calls 1 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #854 [1683053410661]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: L-01 Reorg attack possibility in pool factory 1 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #878 [1683053128185]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-3 Potential loss of funds when paying royalties - --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #882 [1683052816154]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: If royaltyFee 0 and recipient == address0 users will be overcharged --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #878 [1683053122687]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-2 Royalties are paid assuming all NFTs in the batch are equally priced - --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #198 [1683053528122]

Judge has assessed an item in Issue 198 as 2 risk. The relevant finding follows: L1 - The pool takes more royalty fee than it spends --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #680 [1683016846473]

Judge has assessed an item in Issue 680 as 2 risk. The relevant finding follows: D. FlashFee is a flat amount, meaning the cost to flash loan an NFT at floor price is the same as one worth 5x the floor price. FlashFee should instead be based on the weigh of the NFT being flashloaned, with more...

Upgraded Q -> 3 from #284 [1683017290576]

Judge has assessed an item in Issue 284 as 3 risk. The relevant finding follows: NFT tokens sent to the EthRouter contract by mistake can be drained by pool contracts. When someone calls sell, deposit or change functions on EthRouter contract, the contract gives the particular pool full approval...

Upgraded Q -> 2 from #245 [1683017351880]

Judge has assessed an item in Issue 245 as 2 risk. The relevant finding follows: L-05 PrivatePoolMetadata.tokenURI is not compliant with EIP721 It implements PrivatePoolMetadata.tokenURI , a function overriding ERC721's tokenURI. This function returns the metadata URI of the provided token ID The...

Upgraded Q -> 2 from #740 [1683013961460]

Judge has assessed an item in Issue 740 as 2 risk. The relevant finding follows: Royalty receiver can reject, unsupported, or be blacklisted to receive royalty fee token and can result in the whole transaction be reverted. --- The text was updated successfully, but these errors were encountered:...

Upgraded Q -> 2 from #240 [1683052133668]

Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: LOW‑11 tokenURI does not follow EIP-721 The EIP states that tokenURI "Throws if tokenId is not a valid NFT", which the code below does not do. If the NFT has not yet been minted, tokenURI should revert Proof Of Conce...

Upgraded Q -> 2 from #680 [1683016840166]

Judge has assessed an item in Issue 680 as 2 risk. The relevant finding follows: A. Fee structure is inconsistent for buys/changes. In buy and sell function protocolFee is based on a percentage of the input/output amount but in change the fee is based on the pool fee not the input amount. It shou...

Upgraded Q -> 2 from #882 [1683052810426]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: Attacker can front-run create to steal tokens sent to predetermined address --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #882 [1683052821779]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: In function buy and sell if one royalty recipients reverts whole transaction will fail --- The text was updated successfully, but these errors were encountered: All reactions...

DNSRegistrar does not support domain trees which is key functionality for DNS

Lines of code Vulnerability details Description In DNS it is exceedingly common to have paths such as a.b.c or a.b.c.d. However, the DNSRegistrar fails to support it. enableNode verifies the parent domain is a valid public suffix. function enableNodebytes memory domain public returns bytes32 node...

DNS wire format AND DNS label-sequence format ARE USED INTERCHANGABLY TO REPRESENT DOMAIN NAMES DURING RRSet VALIDATION

Lines of code Vulnerability details Impact @param name The name to claim, in DNS wire format. above format is used in DNSRegistrar.proveAndClaim and DNSRegistrar.proveAndClaimWithResolver functions @param name The name of the RRSIG record, in DNS label-sequence format. above format is used in...

Offchain name resolution would fail despite the located DNS resolver being fully functional

Lines of code Vulnerability details Description In OffchainDNSResolver, resolveCallback parses resource records received off-chain and extracts the DNS resolver address: // Look for a valid ENS-DNS TXT record address dnsresolver, bytes memory context = parseRR iter.data, iter.rdataOffset,...

HexUtils.hexStringToBytes32 successfully processes data with invalid input indexes

Lines of code Vulnerability details Impact The HexUtils.hexStringToBytes32 never validates the idx and lastIdx input index values. function hexStringToBytes32 bytes memory str, uint256 idx, uint256 lastIdx internal pure returns bytes32 r, bool valid valid = true; assembly // check that the index ...

Incorrect implementation of RecordParser.readKeyValue()

Lines of code Vulnerability details Impact RecordParser.readKeyValue returns a wrong value if the terminator not found. This is a fundamental library and any contract using it may experience unexpected errors and problems due to this bug. Proof of Concept The implementation logic of...

Malicious users can exploit NameEncoder vulnerability to forge arbitrary names

Lines of code Vulnerability details Impact A malicious user can spoof NameEncoder.dnsEncodeName by forging a name to impersonate any other name, which can lead to faulty contract logic or even theft of someone else's name. Proof of Concept The function NameEncoder.dnsEncodeName is used to convert...