MuteBond.sol: price discount can be manipulated which undermines its purpose of reflecting demand

Lines of code Vulnerability details Impact The bondPrice in the MuteBond contract increases linearly during the epochDuration from startPrice in the beginning to maxPrice in the end. The bondPrice determines how many MUTE tokens a user receives for bonding his LP tokens. The higher the bondPrice...

deposit function of WstEth not working correctly

Lines of code Vulnerability details Impact The deposit function doesnt seem to work at all, or correctly at all. Its missing some code, etc. Please see my natspec notes below for more clarity: Apologies, this is 10mins before contest ends, so I'm just going to copy my NatSpec notes here: function...

All the FRX_ETH tokens of SfrxEth contract can be drained by a malicious user.

Lines of code Vulnerability details Impact The impact of this finding is severe, as it can result in the complete loss of FRXETH tokens held by the SfrxEth contract. This could lead to a significant financial loss for the contract and its users. Proof of Concept For demonstration purpose, Alice i...

Incorrect parameter in withdraw function

Lines of code Vulnerability details Impact An incorrect parameter is used in the withdraw function in SfrxEth.sol. The amount variable is used when the frxEthBalance variable should be used to calculate minOut. The amount that gets swapped at the FRXETHCRVPOOLADDRESS is the frxEthBalance, not the...

User should be able to set the slippage amount willing to pay

Lines of code Vulnerability details Impact The impact of this finding is that users may be required to pay higher transaction fees than necessary due to the absence of an adjustable slippage feature. This could discourage users from using the SafEth contract and negatively impact its adoption...

A staker might be still be able to stake after staking is over.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A staker might be still be able to stake after staking is over. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrate...

Hardcoded poolFee in deposit() Function Cause Liquidity Depth Issue for Swap

Lines of code Vulnerability details Impact In deposit function we are using the hardcoded value of poolFee as 500 which limits the ability of liquidity providers to select the appropriate fee tier, potentially reducing the returns for liquidity providers. IWETHWETHADDRESS.depositvalue: msg.value;...

First stake inflation attack

Lines of code Vulnerability details Impact The first staker can steal the next staked funds. Proof of Concept As the first one to stake, the attacker stakes minAmount ETH, for which minAmount or slightly less due to slippage SafEth tokens are minted. The attacker immediately unstakes the entire...

Ether Locked when Attempting to Call stake() during Setup

Lines of code Vulnerability details Impact During the period between the deployment of the SafEth contract and the addition of derivatives, there is a possibility for users to send Ether to the contract using the stake payable function. In this scenario, the funds will become locked and...

All the STeth balance of WstEth contract can be drained by a malicious user.

Lines of code Vulnerability details Impact The impact of this finding is severe, as it can result in the complete loss of STeth tokens held by the WstEth contract. This could lead to a significant financial loss for the contract and its users. Proof of Concept For demonstration purpose, Alice is...

Reth.poolCanDeposit checks only two out of three conditions

Lines of code Vulnerability details Impact Staking is blocked. Proof of Concept When staking the deposit of each derivative is called. Reth.deposit deposits in the Rocket Pool directly if possible. To decide if this is possible it uses Reth.poolCanDeposit which returns whether the deposit pool si...

In stake() function shares increase exponentially for the same amount of deposit as the totalSupply() increases, causing the loss for the initial stakers relative to later ones.

Lines of code Vulnerability details Impact Stake function don not allocate the safEth according to the totalShares, instead as more user deposit, later depositers get higher share of the value as compared to ealy depositers. Proof of Concept Consider Alice, Bob and Jenny want to stake their eth...

poolPrice() is vulnerable to price manipulation

Lines of code Vulnerability details Impact The output of poolPrice, which is used to determine the price of rETH, can be manipulated to become extremely small or large. An attacker abuse this to gain large amounts of SafETH during staking. Vulnerability Details In the Reth contract, poolPrice...

sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH

Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...

the depositor can get sanwich attack when call stake in SafEth and deposit in RETH

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...

Adding a new derivate will splits new user's underlying shares in the new derivate to older users

Lines of code Vulnerability details Vulnerability details Impact After a derivate is added to the protocol. Older users will take some new user's share in the new derivate. The addDerivative function add a new derivate to the protocol. The newly added derivate has zero underlying balance. Users w...

Swap deadline for Reth derivative cannot be specified and used for staking

Lines of code Vulnerability details Impact When calling the following Reth.deposit function, uint256 amountSwapped = swapExactInputSingleHopWETHADDRESS, rethAddress, 500, msg.value, minOut can be executed. Calling the Reth.swapExactInputSingleHop function below then calls...

Derivative Pool Issue can Lead to Loss User Funds when Unstaking

Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...

Upgradeability completely breaks decentralization

Lines of code Vulnerability details Impact Owner of SafEth can steal all staked funds. Proof of Concept SafEth is an upgradeable ERC20 contract that handles the conversion between ETH and whatever derivatives that are implemented. But it also has access to the staked funds through the derivatives...

poolPrice in Reth.sol can overflow and revert

Lines of code Vulnerability details Impact To determine the value of sqrtPriceX96 that will cause an overflow, we need to analyze the calculation in the function: sqrtPriceX96 uintsqrtPriceX96 1e18 96 2 The maximum value for a uint256 is 2^256 - 1. An overflow occurs when the result of the...

MuteBond.sol: deposit function reverts if remaining payout is very small due to >0 check in dMute.LockTo function

Lines of code Vulnerability details Impact I will show in this report how the MuteBond.deposit function can experience a temporary DOS. The attacker or just any other user by mistake or by not knowing about it can receive a payout from the deposit function that puts the payoutTotal of the current...

Ether trapped in contract if no derivates exist

Lines of code Vulnerability details Ether can get stuck in staking contract if there are no derivatives Impact If the SafEth contract is deployed and there are no derivatives added to the contract and a user tries to call the stake function, then this could result in a loss of funds for the user...

An attacker can front-run setMaxPayout() and freeze deposit() and the whole protocol from progressing in epochs.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When the owner calls setMaxPayout to decrease maxPayout to newMaxPayout, an attacker can front-run it and deposit so that termsepoch.payoutTotal newMaxPayout. This will freeze deposit and the whole...

DOS attack to RedeemTo() and GetUnderlyingTokens(), leading to loss of funds.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An attacker can launch a DOS attack to RedeemTo and GetUnderlyingTokens so that it will always fail for a particular account, say Bob. In this way, Bob will not be able to redeem the MuteToken locked...

Upgraded Q -> 3 from #74 [1679875886032]

Judge has assessed an item in Issue 74 as 3 risk. The relevant finding follows: Exchange Rate can be manipulated if positions are big enough for a long enough time --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #60 [1679803414194]

Judge has assessed an item in Issue 60 as 3 risk. The relevant finding follows: LiquidityPool.sol: The deposit queue processing in processDeposits reads the price of the liquidity token only once at the start of the loop so this means that some queued deposits may not incur price slippage dependi...

Upgraded Q -> 3 from #88 [1679874647648]

Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-2 Invalid and stale prices from Synthethix are not validated --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #211 [1679800480796]

Judge has assessed an item in Issue 211 as 2 risk. The relevant finding follows: L-4 LiquidityPool processWithdraws overwrites returnedAmount for withdrawals processed in multiple steps The returnedAmount field in the QueuedWithdraw struct is incorrectly overwritten when the withdraw is processed...

Upgraded Q -> 2 from #60 [1679803335439]

Judge has assessed an item in Issue 60 as 2 risk. The relevant finding follows: LiquidityPool.sol: If the fee recipient is not set then all LP operations such as deposits and withdrawals will fail. Consider making fee transfers optional depending on whether a fee recipient and percentage is set -...

Upgraded Q -> 2 from #88 [1679874664641]

Judge has assessed an item in Issue 88 as 2 risk. The relevant finding follows: L-6 Spamming deposit and withdraw queues --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #83 [1679850012658]

Judge has assessed an item in Issue 83 as 2 risk. The relevant finding follows: L-02 There is no way to disapprove a collateral --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #87 [1679862910687]

Judge has assessed an item in Issue 87 as 2 risk. The relevant finding follows: Uninitialized variables --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #215 [1679863603573]

Judge has assessed an item in Issue 215 as 2 risk. The relevant finding follows: L1 + L2 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #83 [1679850055838]

Judge has assessed an item in Issue 83 as 2 risk. The relevant finding follows: L-05 PauseModifier is not used in KangarooVault --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #88 [1679874611177]

Judge has assessed an item in Issue 88 as 2 risk. The relevant finding follows: L-1 Vault assignment in VaultToken can be frontrunned --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #39 [1679850456945]

Judge has assessed an item in Issue 39 as 2 risk. The relevant finding follows: N-05 Fees are not being set in the constructor --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #179 [1679871876484]

Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 3 from #88 [1679874652791]

Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-3 KangarooVault.removeCollateral doesn't remove the collateral from the position --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #211 [1679804504433]

Judge has assessed an item in Issue 211 as 2 risk. The relevant finding follows: L-8 VaultToken setVault initialization can be front-runned --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #229 [1679864317254]

Judge has assessed an item in Issue 229 as 2 risk. The relevant finding follows: L-05 VaultToken.setVault can be front-run --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #99 [1679874011180]

Judge has assessed an item in Issue 99 as 2 risk. The relevant finding follows: 02 VaultToken.setVault FUNCTION IS CALLABLE BY ANYONE, AND DEV TEAM'S VaultToken.setVault TRANSACTION CAN BE FRONTRUN BY MALICIOUS ACTOR --- The text was updated successfully, but these errors were encountered: All...

Upgraded Q -> 2 from #98 [1679803209669]

Judge has assessed an item in Issue 98 as 2 risk. The relevant finding follows: QA-01 PauseModifier is implemented in the KangarooVault.sol contract but isn't used due to not being apart of core functionality --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #215 [1679863647530]

Judge has assessed an item in Issue 215 as 2 risk. The relevant finding follows: NC1 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #29 [1679672352018]

Judge has assessed an item in Issue 29 as 2 risk. The relevant finding follows: M-02 Division before multiplication incurs unnecessary precision loss 29 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #773 [1679568911031]

Judge has assessed an item in Issue 773 as 2 risk. The relevant finding follows: LACK OF SLIPPAGE PROTECTIONS FOR EOA IN FUNCTIONS LIKE ReaperVaultERC4626.deposit, ReaperVaultERC4626.mint, ReaperVaultERC4626.withdraw, AND ReaperVaultERC4626.redeem --- The text was updated successfully, but these...

LiquidityPool.sol#L657 : setFees() could be abused to steal the funds when there is huge transacion is happening.

Lines of code Vulnerability details Impact Set fee functions can be set to any arbitrary value when the transaction is happening. There are more possibility that user could lose most of all of their hard earned funds. Proof of Concept Below functions can be called by autheraised person to fix the...

Attacker can artificially inflate the token price and and gets more profit

Lines of code Vulnerability details Impact Attacker can cause the artificial inflation in token price and gets more profit Proof of Concept Let assume the inital values totalFunds = 10000000000 , VAULTTOKEN.totalSupply = 100000000000 , totalQueuedWithdrawals= 1000000 function initiateDepositaddre...

No access control in mint function

Lines of code Vulnerability details Impact Canto Bio Protocol: Should allow the association of a single biography to an identity address The mint function does not have any access control mechanism in place, allowing anyone to mint multiple Bio NFTs. This could lead unwanted minting of bios. Tool...

(Pseudo) Random Number Generator can be gamed, allowing a user to target desirable NFT traits

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The iteratePRNG function in the Utils.sol library is used in Tray.sol:drawing, which is used to determine the tile data that a user gets when they purchase an NFT in Tray.sol:buy. An attacker can exploi...

Unprotected setVault function can be frontrun to set the attacker controlled vault address

Lines of code Vulnerability details Impact Unprotected setVault function from VaultToken.sol can be frontrun to set the attacker controlled vault address. Once attacker controlled vault address is set as a vault, attacker can mint large amount of tokens for himself and also able to burn other use...