The owner is a single point of failure and a centralization risk

Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the specification...

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

test

Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...

plsss

Lines of code L12 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps...

Missing onlyOwner Modifier Will Give Access To Any Malicious User To Change UnwrapFee Immediately

Lines of code Vulnerability details Impact Any address can call the function changeUnwrapFee and modify or influence the unwrap fee, compromising the intended governance structure and allowing malicious users or entities to favourably adjust fees to their advantage for token unwrapping. Proof of...

[H-01] Ocean contract and onERC1155Received function is vulnerable to read only reentrancy

Lines of code Vulnerability details Impact The Ocean contract and onERC1155Received function is vulnerable to read only reentrancy when read from another contract. The order of function execution when called externally from the onERC1155Received function in the Ocean contract is as follows. The...

OverInflation or OverDeflation of Value of ERC20 tokens with unequal Wrap and Unwrap Token Decimal

Lines of code Vulnerability details Impact Due to wrong parameter arrangement of convertDecimals... function call during the course of wrap and unwrap of erc20 token function call, OverInflation or OverDeflation of Value of ERC20 tokens with unequal Wrap and Unwrap Token Decimal which would cause...

Upgraded Q -> 2 from #677 [1702060237936]

Judge has assessed an item in Issue 677 as 2 risk. The relevant finding follows: L-04 Deposited amounts in the EigenLayer strategy should be checked before updating the strategy for the asset Users deposit in this protocol and the protocol deposits these funds to EigenLayer strategy contracts...

Issue with Decimal Conversion in Shell Protocol

Lines of code Vulnerability details Impact The identified issue within the convertDecimals function in the Shell Protocol could lead to a loss of value due to decimal truncation during token conversions. This situation is particularly critical in the context of Shell Protocol's operations, which...

Division by Zero and Precision Loss in computeOutputAmount Function

Lines of code Vulnerability details Impact The vulnerability can cause a runtime exception due to division by zero, leading to contract execution reverting. Additionally, precision loss may occur in calculations due to truncation of remainders, Proof of Concept When unwrapFeeDivisor unexpectedly...

Insecure and Inflexible Forwarder Approval Mechanism (Full Access Grant)

Lines of code Vulnerability details Impact The current implementation of the onlyApprovedForwarder modifier in the Ocean smart contract has several negative impacts: 1. Security Risk: Users are exposed to a significant security risk if their forwarder is compromised. An attacker can exploit full...

Incorrect indexing in constructor of Curve Adapters causes both contracts to assume xToken and lpToken to be the same token

Lines of code Vulnerability details Impact Curve Adapter contracts are unusable, as the protocol won't be able to tell the difference between which token USDC/USDT or lpToken is intended on being used for the transaction. Vulnerability details In the constructors of the Curve2PoolAdapter.sol and...

doInteraction() won't mint tokens to user if interaction.specifiedAmount less than 10**12 and has certain conditions

Lines of code Vulnerability details Impact If the user calls doInteraction and executes Interaction with specifiedAmount less than 10 12 and a big difference in token decimals, the user won't get any tokens. Proof of Concept Core external functions like doInteraction will call the internal...

Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function

Lines of code Vulnerability details Impact The contract contains a bug in the determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type...

Ocean.doMultipleInteractions() cannot wrap ether

Lines of code Vulnerability details Bug Description doMultipleInteractions in Ocean.sol attempts to wrap ether but reverts due to a logical error. The internal helper function, doMultipleInteractions, includes the following: if msg.value != 0 balanceDeltas.increaseBalanceDeltaWRAPPEDETHERID,...

imbalanced or invalid liquidity additions/removals could happen

Lines of code Vulnerability details Impact Potential for loss of funds or manipulation of the pool prices. Specifically: • By allowing deposit from only one of the xToken or yToken, it enables manipulating the price ratio between the tokens in the pool. This could benefit one token over the other...

Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

Lines of code Vulnerability details Impact An attacker can : Exceed the per address allowance in Fixed Price Sale, Exponential Descending Sale and Linear Descending Sale modes. Cause a loss for another user in Burn-to-Mint mode by accepting an offer when onERC721Received is triggered. Proof of...

_doMultipleInteractions - User can use more wrapped tokens than they own

Lines of code Vulnerability details Impact User can use more wrapped tokens than they own. Proof of Concept When wrapped tokens are used by an Adaptor or Primitive through computeOutputAmount, it does not check if the user has enough tokens. Therefore, when calling computeOutputAmount, you need t...

Potential Gas and Overflow Issues with Decimal Shift Left in _convertDecimals Function

Lines of code Vulnerability details Impact The exponentiation operation in the decimal shift left scenario can lead to high gas consumption and potential integer overflow. The gas cost and risk of overflow increase with the value of the exponent, which could make the function expensive or even...

Limited functionality due to Primitive's balance being decreased before it is called

Lines of code Vulnerability details Impact In the current implementation, the balance of a primitive is decreased burned before it is called. This requires the primitive to hold outputAmount of outputToken before a transaction, which severely restricts the functionality it can provide and has no...

Users can unwrap assets in batches and avoid paying fees to protocol

Lines of code Vulnerability details Impact Users can unwrap their assets from The Ocean and evade paying fees to the protocol when the requested amount is smaller than the fee divisor. This happens due to a truncation of the result in the fee calculation. Proof of Concept This affects the...

NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

Lines of code Vulnerability details Impact The reentrancy vulnerability in the NextGenMinterContract::mint function allows an attacker to bypass the restriction of minting only one NFT per period. The reentrencies can be achieved from the safeMint in the function NextGenCore::mintProcessing to ca...

Users can add 6 decimal token funds for free

Lines of code Vulnerability details There is a logic error in convertDecimals function which means wrapping interactions for tokens with less than 18 decimals are processed incorrectly. The below is triggered in convertDecimals where the input parameter decimals is less than 18. If amountToConver...

convertedAmount set to zero because of bad math arithmetic

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The pool will be able to give an outputAmount corresponding to the rawInputAmount = 0 Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant...

Lack of Slippage Protection in CurveTricryptoAdapter::primitiveOutputAmount and Curve2PoolAdapter::primitiveOutputAmount

Lines of code Vulnerability details Impact Due to the lack of slippage protection in the CurveTricryptoAdapter::primitiveOutputAmountand Curve2PoolAdapter::primitiveOutputAmount, user deposits and withdrawals are vulnerable to being sandwich attacked. Proof of Concept...

Front-Running

Lines of code Vulnerability details Impact Visible computed input amounts could be susceptible to front-running by malicious actors. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used...

Invalid WETH inclusion for Curve's Tricrypto pools.

Lines of code Vulnerability details Impact For some of Curve's Tricrypto pools, CurveTricryptoAdapter will not be working. Proof of Concept address wethAddress = ICurveTricryptoprimitive.coins2; zToken = calculateOceanIdaddress0x4574686572, 0; // hexadecimalascii"Ether" indexOfzToken = 2;...

_determineTransferAmount does't support low decimal tokens.

Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...

Lack of Validation and Potential Overflow in _fetchInteractionId Function

Lines of code Vulnerability details Impact The lack of validation on interactionType could allow invalid values, potentially leading to unexpected interaction IDs. Additionally, if interactionType exceeds 8 bits, it could cause an overflow issue, potentially altering the token address within the...

High risk in integrating Ocean with Curve TriCrypto pool on Arbitrum

Lines of code Vulnerability details Impact The Curve TriCrypto adapter contract enables swapping, adding liquidity, and removing liquidity for the USDT-WBTC-ETH pool on Arbitrum. However, this pool has been flagged for potential exploit risks. Curve Finance issued a warning: This pool might be at...

No slippage check while removing liquidity from Curve Pool

Lines of code Vulnerability details Impact The hardcoded value of 0 for the minamount parameter in the removeliquidityonecoin function of the Curve pool can have significant effects on user funds. When users are removing liquidity from the curve pool, the minamount parameter represents the minimu...

Ocean cannot _mintBatch() as onERC1155BatchRecieved() not implemeneted on the Ocean contract when batch transferring to itself

Lines of code Vulnerability details The comment @ Ocean L348 states: The Ocean never initiates ERC1155 Batch Transfers. This is untrue, note the following callstack: Ocean.doMultipleInteractions | Ocean.forwardedDoMultipleInteractions Ocean.doMultipleInteractions calls mintBatch @ L560...

An attacker can mint more than they are allowed due to MinterContract.sol#mint() reentrancy vulnerability

Lines of code Vulnerability details Bug Description mintProcessing in NextGenCore.sol calls OpenZeppelin’s safeMint from their ERC721 contract to mint a token. safeMint checks if the target address is a contract by calling checkOnERC721Received to ensure it supports receiving NFTs. If the target...

Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address

Lines of code Vulnerability details Impact The mint function in NextGenCore.sol doesn't follow the checks-effects-interactions pattern and can be reentered through the onERC721Received function, if the receiver is a contract. The state variables written after the call are...

Core function of Ocean contract like doInteraction | doMultipleInteractions | forwardedDoInteraction may revert under certain conditions

Lines of code Vulnerability details Impact Core functions like doInteraction, forwardedDoInteraction, doMultipleInteractions, forwardedDoMultipleInteractions etc, will always revert under certain conditions due to overflow in calculations. Proof of Concept Core external functions like doInteracti...

Slippage Handling

Lines of code Vulnerability details Impact The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool. Proof ...

Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit

Lines of code Vulnerability details Impact Lack of reentrancy protection and code not follow Checks, Effects, Interactions pattern guideline. Here are the Effects stuff happen after Interactions affected by reentrancy: tokensMintedAllowlistAddress: tracking presale minted NFT per address...

Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable

Lines of code Vulnerability details Impact Loss of fund due to replay attacks. Approvals made on one chain could be replayed when there is a fork without owner's consent. Proof of Concept The issue is in the ERC1155PermitSignatureExtension.sol which is inherited by the OceanERC1155.sol and...

Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits

Lines of code Vulnerability details Impact Multiple re-entrancy issues exist in the codebase, that break core functionality and allow stealing of user funds. In AuctionDemo.sol contract re-entrancy in cancelBid and cancelAllBids allows stealing of user funds. There are multiple attack surfaces,...

Unwrapping function emits event with incorrect values.

Lines of code Vulnerability details Impact The etherUnwrap function in the smart contract does not correctly emit the EtherUnwrap event. The issue arises when calculating and emitting the fee and transfer amounts. The current implementation deducts the fee, transfers the calculated amount, and...

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

REDUNDANT ERC1155 OCEAN TOKEN BALANCE UPDATE OF THE OceanAdapter CONTRACT COULD LEAD TO DoS OF THE Ocean._computeOutputAmount TRANSACTION

Lines of code Vulnerability details Impact The Ocean.computeOutputAmount function is used to compute the output amount of an output token when the input token and input token amount is given. The Ocean.computeOutputAmount function mutates the ERC1155 token ledger amounts for the primitives and al...

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

Unbounded Approval

Lines of code Vulnerability details Impact The adapter may approve an unlimited amount of tokens to be spent by the Ocean protocol and the Curve pool, which could be risky if those contracts are compromised. Proof of Concept The adapter may approve an unlimited amount of tokens to be spent by the...

[H-02] The Ocean contract and the onERC721Received function is vulnerable to read-only re-entrancy

Lines of code Vulnerability details Impact The contract.function called Ocean.onERC721Received is vulnerable to read-only re-entrancy. The read-only re-entrancy is possible if the contract function is called externally from another contract. What follows are the functions that are traversed throu...

Unverified Primitives

Lines of code Vulnerability details Impact Interacting with unverified or malicious Ocean primitives could result in loss of funds or incorrect computations. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates...

Potential Issues with Address Casting and Validation in _calculateOceanId Function

Lines of code Vulnerability details Impact The use of abi.encodePacked without padding might introduce ambiguity in situations where input lengths are not fixed. Additionally, assuming tokenId can be any uint256 value without enforcing constraints could lead to unexpected behavior if constraints...

ERC721 and ERC1155 Reentrancy Guard is Incomplete and Wrongly Implemented

Lines of code Vulnerability details Impact Whether there is a ERC721 and ERC1155 Interaction clash or not, or if there is an inadequate transfer callback, all this would not matter as reversion would not occur due to absence of proper validation during wrap of ERC721 and ERC1155 in the Ocean.sol...

Upgraded Q -> 3 from #534 [1702060375162]

Judge has assessed an item in Issue 534 as 3 risk. The relevant finding follows: L-03 Consider use stETH/UDS oracle Issue Description: The sponsor has confirmed their choice of Chainlink as an oracle to fetch prices. Since all other LST price feeds are 18 decimal places, they will most likely use...