KangarooVault.removeCollateral doesn't remove collateral from the EXCHANGE

Lines of code Vulnerability details Impact The owner of the KangarooVault can't receive collateral from EXCHANGE when he wants to remove collateral from the vault. Proof of Concept KangarooVault.removeCollateral doesn't remove collateral from the EXCHANGE. KangarooVault interacts with EXCHANGE, a...

Uneven deduction of performance fee causes some KangarooVault users to lose part of their token value

Lines of code Vulnerability details In KangarooVault.resetTrade, a performanceFee is charged upon closing of all positions, on the premiumCollected. This is inconsistent with getTokenPrice as premiumCollected is factored in the token price computation, while the performanceFee is not. This leads ...

Hedging during liquidation is incorrect

Lines of code Vulnerability details Impact Hedging will not work as expected, and LiquidityPool will lose funds without expectation. Proof of concept 1. When a short position is liquidated in contract Exchange, function liquidate will be triggered. It will burn the power perp tokens and reduce th...

[term-fix] Mitigation Error

Lines of code Vulnerability details Note - The term refactoring has been made for the following reason: Our main KIBT is intended to be backed by 1-year treasury bill tokens, however, a bond issued on 1 Jan 2023 does not have the same amount of seconds compared to a 1-year treasury bill issued on...

[H-3] Any account can mint or burn an unlimited number of vault tokens and drain the Kangaroo Vault.

Lines of code Vulnerability details Impact This is a failure in setting up access control. Anyone could set the vault address to their address and call the mint/burn function to mint and burn vault tokens. The impact is severe since all the funds in Kangaroo vault can be withdrawn by anyone. Proo...

Centralization privileges could cause revenue loss or DDoS

Lines of code Vulnerability details Impact DISCLAIMER: I understand that this was under known issues M-1, and I'm submitting this on another angle which is in case owner is compromised. Namespace and Tray contract allow the owner to execute some privilege actions which give flexibility but at the...

Bio Protocol - tokenURI JSON injection

Lines of code Vulnerability details Impact The Bio Protocol allows users to mint Bio NFTs that represent user's bio. Once NFT is minted anyone can trigger tokenURI to retrieve JSON data with the bio and generated svg image. Example JSON content decoded from Base64: "name": "Bio 1", "description":...

Potential Risk of Accidentally Minting Tokens to Incorrect Accounts

Lines of code Vulnerability details Impact 1. the Intended recipient of the tokens might not receive them, which could lead to a loss of funds or a delay in the intended use of the tokens 2. incorrect account holder could receive the tokens by mistake, leading to a discrepancy in the total token...

Fuse function only allows creation of emoji typed characters, and does not allow creation of other font classes like text.

Lines of code Vulnerability details Impact The fuse function only allows creation of emoji typed characters due to this line in the fuse function: bytes memory charAsBytes = Utils.characterToUnicodeBytes0, tileData.characterIndex, characterModifier;, which only accepts a fontClass of 0 as the fir...

totalFunds update is missing in Liquidity.openShort

Lines of code Vulnerability details Impact totalFunds is not updated in Liquidity.openShort so totalFunds will be wrong. Proof of Concept Liquidity.openShort updates usedFunds only and doesn't update totalFunds. totalFunds should be updated after openShort. Tools Used Manual Review Recommended...

Why does prelaunch checking do only for namespaceNFT case in Tray.burn?

Lines of code Vulnerability details Impact In function Tray.burnid, we can see prelaunchMinted checking. But that part is inside if msg.sender == namespaceNFT. We should take care about it in all cases. Proof of Concept function burnuint256 id external address trayOwner = ownerOfid; if namespaceN...

A user can override a namespace created by another user, using the same name

Lines of code Vulnerability details Impact Let's say: Julian, and Juliet minted separate trays of characters in the Tray contract Julian approves Alice to mint a Namespace subprotocol NFT with the name Ali😀 Juliet also approves Alite to mint a Namespace subprotocol NFT with the name Ali😀 If a...

NonceHolder.setValueUnderNonce does not check if the nonce has been used before

Lines of code Vulnerability details Impact Already used nonces or the nonces less than the specified minimal nonce can be used by the NonceHolder.setValueUnderNonce function. It can lead to some unique conflicts and even replay attacks on some of dapps which are based on the values under nonces...

Incorrect argument passed to "Utils.characterToUnicodeBytes" in "Namespace.fuse"

Lines of code Vulnerability details Impact The function Namespace.fuse uses Utils.characterToUnicodeBytes to get the unicode bytevalue for a given Tile. The first argument of characterToUnicodeBytes is an uint8 value representing the font class. Instead of passing the font class in the tile data,...

External calls can be manipulated

Lines of code Vulnerability details Impact By making external calls to untrusted contracts, the sender might manipulate the contract's state and cause unintended behavior. Proof of Concept In the tokenURI and mint functions, the contract makes external calls to ERC721nftContract.tokenURInftID and...

The "totalRequiredBalance()" function in the TransactionHelper.sol library can compute address(uint160(_transaction.paymaster) as zero address even when _transaction.paymaster is non-zero

Lines of code Vulnerability details Impact A user may provide a non-zero entry for the "transaction.paymaster" field for a transaction to ensure they do not have to pay the gas fees. However, certain values of "transaction.paymaster" = 2^160 can result in addressuint160transaction.paymaster to be...

[Medium - 2] A force deployed contract may be stuck in the constructor forever

Lines of code Vulnerability details Impact The forceDeployOnAddress function in the ContractDeployer contract may be used to redeploy contracts at a specified address. Very useful in the case of precompiles or system contracts upgrades for instance. In the deployment parameters, multiple values c...

Anyone can steal funds in the Contract Deployer

Lines of code Vulnerability details Impact If ContractDeployer.sol ever holds funds, it could potentially be drained via the chained creation of new contracts. Proof of Concept When creating a contract the create/create2 functions will be called inside the contract deployer here: , which after...

Gas check inaccuracy

Lines of code Vulnerability details Impact Since the gas forwarded will be limited to 63/64 of the total gasleft, L1 transactions will be vulnerable of being reverted. To achieve 1:1 partity with the EVM, the ZKEVM should account for 1/64 rule. Please refer to the 1/64 rule here. The actual amoun...

NonceHolder.setValueUnderNonce lack of validation

Lines of code Vulnerability details Impact NonceHolder.setValueUnderNonce can set the nonce value for key has already being used. Proof of Concept Quoting to the document NonceHolder part: It provides a function validateNonceUsage which the bootloader uses to check whether the nonce has been used...

Unchecked return value of call will allow to send messages marked as sent but will fail due to not enough gas

Lines of code Vulnerability details Impact On the sendTol1 function, they are sending the message via the SystemContractHelper: SystemContractHelper.toL1true, bytes32uint256uint160msg.sender, hash; the problem relies on the fact that they are not checking whether the message was actually sent...

Malicious or hacked admin can steal all ETH

Lines of code Vulnerability details Impact In L2EthToken.sol we have transferFromTo It is possible malicious or hacked admin to steal the ETH. Proof of Concept As can be seen from the code snippet below, nothing can stop malicious or hacked admin to steal all ETH. He can use address from and send...

Loss of funds when msg.value > 2**128

Lines of code Vulnerability details Impact When a user try to transfer an amount of ether 2128 an invariant is broken where instead of reverting the transaction the affected code just return. Proof of Concept The following is the affected code where it returns instead of reverting. if value != 0...

Namespace tokenName has only emojis.

Lines of code Vulnerability details Impact The tokenName and image of Namespace should always be the same. The image is correct but the tokenName only consists of emojis. Duplicate names are checked on the tokenName and not on the image. Because of this a tile of font class 1 with character index...

L2EthToken.withdraw can be underflow with little cost

Lines of code Vulnerability details Impact calculating balanceaddressthis within unchecked will cause underflow. Say if balanceaddressthis == 1 and msg.value == 2, after calling withdraw, balanceaddressthis will be typeuint256.max Proof of Concept function underFlowuint a, uint b public pure...

function _nonSystemDeployOnAddress() should try another nonces when getNewAddressCreate() result is in kernel space otherwise some logics would be broken

Lines of code Vulnerability details Impact Function createAccount Deploys a contract account with similar address derivation rules to the EVM's CREATE opcode. the deployed contract address is calculated based on sender deployed nonce. code uses nonSystemDeployOnAddress to deploy the contract to n...

Contracts are susceptible for Head Overflow Bug in Calldata

Lines of code Vulnerability details Impact ABI-encoding a tuple with a statically-sized calldata array in the last component would corrupt 32 leading bytes of its first dynamically encoded component. Proof of Concept The functions are taking input arguments as calldata. Following contracts are...

[H-01] User that fuse more tiles to Namespace NFT pay lesser fusing costs instead of greater

Lines of code Vulnerability details Impact User that fuses more tiles will pay lesser fusing costs to revenueAddress instead of higher cost as intended Proof of Concept Namespace.solL110-L114 /Namespace.sol 110: function fuseCharacterData calldata characterList external 111: uint256 numCharacters...

The call to MsgValueSimulator with non zero msg.value will call to sender itself which will bypass the onlySelf check

Lines of code Vulnerability details Impact First, I need to clarify, there may be more serious ways to exploit this issue. Due to the lack of time and documents, I cannot complete further exploit. The current exploit has only achieved the impact in the title. I will expand the possibility of...

Incorrect usage of EIP-150

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

Here are some potential security vulnerabilities that I have identified in this particular contract (BytecodeCompressor.sol)

Lines of code Vulnerability details Impact 1. Integer overflow: In the publishCompressedBytecode function, the check dictionary.length = 2 16 8 is intended to ensure that the dictionary does not become too large, but it is not sufficient to prevent an integer overflow. If dictionary.length exceed...

Incorrect calculation of gasToPay due to dividing before multiplying, rounding error.

Lines of code Vulnerability details Impact In Solidity, it is an error to divide before multiplying because of lots of rounding errors that can come from that. In this case: uint256 pubdataLen; unchecked pubdataLen = message.length + 31 / 32 32 + 64; uint256 gasToPay = pubdataLen...

deploying contracts with forceDeployOnAddress will break contracts when callConstructor is false

Lines of code Vulnerability details Impact when function forceDeployOnAddress used for deploying contract and callConstructor is false, then contract's bytecodehash would stay in constructing state and calling the contract won't be possible. it can cause protocol and other contracts that are usin...

Unsafe system contract verification

Lines of code Vulnerability details Impact On the following function: function isSystemContractaddress address internal pure returns bool return uint160address = uint160MAXSYSTEMCONTRACTADDRESS; it does check whether an address is a system contract by checking whether it is smaller than...

ProfilePictureData is not stored, which will cause serious logic errors

Lines of code Vulnerability details Impact All data minted by the contract will not be stored, paralyzing the entire contract Proof of Concept code snippet： function mintaddress nftContract, uint256 nftID external uint256 tokenId = ++numMinted; if ERC721nftContract.ownerOfnftID != msg.sender reve...

Wrong block number calculation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The calculation for the block info is currentBlockNumber + 1 BLOCKINFOBLOCKNUMBERPART + newTimestamp. getBlockNumberAndTimestamp, getBlockTimestamp, getBlockNumber all incorrectly calculate the current...

EVM Elliptic Curve Recovery Discrepancy

Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an r, s,...

Unchecked msg.value will lead to losing funs inside the contract

Lines of code Vulnerability details Impact While paying for the transaction, function payForTransaction bytes32, // txHash bytes32, // suggestedSignedHash Transaction calldata transaction external payable ignoreNonBootloader ignoreInDelegateCall //@audit-issue no checks that actulayy there is...

Unsafe cast

Lines of code Vulnerability details Impact In AccountCodeStorage.sol we have function getCodeHash and getCodeSize Due to an insecure cast, it is possible to get an integer overflow. Solidity version 0.8.0 provide SafeMath, but casting operations are not safe and can overflow. Proof of Concept As...

[bootloader] A bytecode hash without the bytecode (preimage) can be marked as known, breaking the prover

Lines of code Vulnerability details This is a report of a finding in bootloader.yul. While the file is out of scope of the contest, the sponsor stated that they would still accept findings in the file and would judge them separately from the contest. Impact A bytecode hash for which the bytecode...

A user can mint a PFP NFT multiple times using the same _nftId

Lines of code Vulnerability details Impact A user might unintentionally "intentionally" try to take advantage of the mint function in ProfilePicture.sol Proof of Concept The pfp mapping stores the pfp data per NFT, L31-32 of Profilepicture.sol /// @notice Stores the pfp data per NFT mappinguint25...

Wrong Implementation of EIP-712

Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...

No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol

Lines of code Vulnerability details Impact The "to" address can be zero address while converting from uint256 to uint160. Proof of Concept // SPDX-License-Identifier: GPL-3.0 pragma solidity ^0.8.0; contract Test uint256 public to = 2160; function check external view assertaddressuint160to ==...

Users pay excessive gas cost for sending bytecode hashes to L1

Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...

My Findings

Lines of code Vulnerability details Impact 1. Integer overflow: In the publishCompressedBytecode function, the check dictionary.length = 2 16 8 is intended to ensure that the dictionary does not become too large, but it is not sufficient to prevent an integer overflow. If dictionary.length exceed...

Division before multiply results in precision loss

Lines of code Vulnerability details Impact Precision loss occurs when division is carried out before multiplication, that can affect gas calculation in terms of publishing the data to L1. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps Recommendation is made for avoiding...

bootloader doesn't add tighter gas limit to the IAccount.validateTransaction call

Lines of code Vulnerability details Impact As mentioned in the competition details: Important, while the bootloader is out of scope, we may reward an additional bounty for valid bugs found in it by our judgement! As mentioned in the dev document, , there are some limitations of the verification a...

DefaultAccount will add system call flag to any call with msg.value

Lines of code Vulnerability details Impact As mentioned in the repo's README.md documentation: isSystem flag. Whether the call intends a system contracts' function. While most of the system contracts' functions are relatively harmless, accessing some with calldata only may break the invariants of...

User may lose ETH

Lines of code Vulnerability details Impact User may lose ETH Proof of Concept If a non-existent function is called , the protocol may enter MsgValueSimulator.fallback.Inside the fallback function ,the protocol will transfer ETH from one address to another. If user calls a function that doesn't...

[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum

Lines of code Vulnerability details Impact According to the Ethereum yellow paper and in the specifications of the ecrecover precompile, it is stated that if the ecrecover doesn't return anything denoted by ∅, then the return should be 0 as well. If we take a look at the current ecrecover...