Risk of reentrancy attacks in the claimRewards function

Lines of code Vulnerability details Impact The claimRewards function in the MultiRewardStaking contract is used by users to claim token rewards, but because the function does not contain a nonReentrant modifier and does not implement the CEI standard check-effect-interact it can be subject to...

inital share manipulation attack possible in Vault

Lines of code Vulnerability details Description This is the classic share inflation attack described here: The popcorn Vault is an abstraction on top of other vaults which acts like adapters to wrap other yield bearing protocols. Hence the asset in Vault are the shares in this adapter. An early...

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of supplierDelta

Lines of code Vulnerability details Impact Reward deltaIndex in accrueRewards is multiplied by 10decimals but eventually divided by rewards.ONE which is equal to 10IERC20MetadataaddressrewardToken.decimals in accrueUser. If the number of decimals in MultiRewardEscrow share token differs from the...

First depositor for the Vault can be front-run and have part of their deposit stolen

Lines of code Vulnerability details Description The first deposit with a totalSupply of zero shares will mint shares equal to the deposited amount. File: src/vault/Vault.sol 298: supply == 0 299: ? assets 300: : assets.mulDivsupply, totalAssets, Math.Rounding.Down; Link to Code File:...

Does not support non-18 decimals token

Lines of code Vulnerability details Impact Hardcode 1e18 for calculating fees and rewards, can make the template protocoal non flexiable for the calculating...

Wrong first parameter for _calcRewardsEnd when changing reward speed

Lines of code Vulnerability details Impact The function calcRewardsEnd is called with the previousEndTime as first parameter in MultiRewardStaking.changeRewardSpeed, which leads to wrong calculation of the new rewardsEndTimestamp, causing it to be later than it should be. This will lead to more...

Use safeTransferFrom and safeApprove foe the reward tokens in Vault Controller instead of transferFrom and approve functions

Lines of code Vulnerability details Impact In 3 functions return values of ERC20 contracts either approve or transferFrom are not checked : fundStakingRewards ; addStakingRewardsTokens and handleInitialDeposit. This is especially dangerous in the addStakingRewardsTokens function, because in this...

MultiRewardStaking._accrueRewards can lead to loss of rewards for lower decimal tokens

Lines of code Vulnerability details Rewards accrual is computed in the following way: 406: deltaIndex = accrued.mulDivuint25610decimals, supplyTokens, Math.Rounding.Down.safeCastTo224; This can lead to truncation for low decimal tokens: Consider an instance with DAI as the asset, with a total of...

Re-entrancy in MultiRewardStaking.claimRewards

Lines of code Vulnerability details Impact If an ERC-777 token is used as reward token for any Staking contract in the system, that reward token can be completely drained from the Staking contract. Proof of Concept Re-entrancy can be done in the MultiRewardStaking.claimRewards function because of...

Unchecked revert causes to

Lines of code Vulnerability details Impact In AdapterBase.Sol when harvesting and exchanging all tokens using Pool2SingleAssetCompounder.SolL44 harvest can harvest all tokens but not swap them for underlying currency. In contract Pool2SingleAssetCompounder...

Inflation attacks with virtual shares and assets

Lines of code Vulnerability details Impact When the BaseAdapter is empty. Someone can frontrun a user to steal his funds by an inflation attack. Senario Lets say Alice wants to deposit 1 token with decimal 18, so 1e18 units to the vault calling deposit. This is how the attack would unfold. The...

Upgraded Q -> 3 from #621 [1675724753994]

Judge has assessed an item in Issue 621 as 3 risk. The relevant finding follows: L1 - Owner could withdraw all unclaimed tokens while some still should be claimable withdrawRemainingTokens function in the Erc1155Quest contract allows the owner to withdraw all remaining tokens, including unclaimed...

Upgraded Q -> 2 from #615 [1675724239375]

Judge has assessed an item in Issue 615 as 2 risk. The relevant finding follows: Unbounded gas usage in claim function of Quest contract The claim function has an unbounded gas usage that traverses different arrays many times. The call to RabbitHoleReceipt.getOwnedTokenIdsOfQuest iterates all...

Upgraded Q -> 3 from #599 [1675723538994]

Judge has assessed an item in Issue 599 as 3 risk. The relevant finding follows: L-01 Erc1155Quest's tokens can be withdrawn before every reward has been claimed Impact The owner can withdraw all the remaining tokens after the Quest endTime. Thus, users who have not claimed their reward at the en...

Upgraded Q -> 2 from #621 [1675724705438]

Judge has assessed an item in Issue 621 as 2 risk. The relevant finding follows: L2 - mintReceipt function lacks a check to verify if the quest has already ended mintReceipt function missing check for ended quest. This could result in a scenario where a receipt is minted after the quest has ended...

Upgraded Q -> 3 from #619 [1675724566035]

Judge has assessed an item in Issue 619 as 3 risk. The relevant finding follows: The function withdrawRemainingTokens can be changed in a safer way to handle the withdraw from the owner and the protocol fee as well. This prevent risks allocated with the protocol fees. By the docs this function is...

Upgraded Q -> 2 from #670 [1675726386915]

Judge has assessed an item in Issue 670 as 2 risk. The relevant finding follows: L-03 DoS if address owns too many receipts With time it is viable for users to acquire thousands and tens of thousands of receipts. This may happen as a result of buying receipts for example, which was highlighted as...

Upgraded Q -> 2 from #648 [1675725337760]

Judge has assessed an item in Issue 648 as 2 risk. The relevant finding follows: 2. Unbounded Array Vulnerability in Claim Function Link : Summary: The claim function in the Quest contract has an unbounded array vulnerability that could lead to an Out-of-Gas OOG error and make the contract...

Upgraded Q -> 3 from #648 [1675725284542]

Judge has assessed an item in Issue 648 as 3 risk. The relevant finding follows: 1. Incorrect Minter Address Validation in Mint Function Link : Summary: The mint function in the RabbitHoleReceipt contract does not correctly check the msg.sender address for minter permissions. The onlyMinter...

Upgraded Q -> 3 from #664 [1675726078144]

Judge has assessed an item in Issue 664 as 3 risk. The relevant finding follows: L-1 ERC20 Quest: withdrawFee function should only be able to be called once instead of multiple times Issue: The withdrawFee function can be called multiple times by admin after a quest ends, resulting in more than t...

Upgraded Q -> 2 from #619 [1675724616184]

Judge has assessed an item in Issue 619 as 2 risk. The relevant finding follows: L-06 In contract Quest the function claim shouldn't only set the receipt as claimed, but to burn it as well. As this problem brings the risk, where users can sell already claimed receipts to other people The function...

Upgraded Q -> 2 from #670 [1675726426987]

Judge has assessed an item in Issue 670 as 2 risk. The relevant finding follows: L-04 Changing rabbitholeReceiptContract in QuestFactory will break currently running quests rabbitHoleReceiptContract must be the same in QuestFactory and Quest contracts for quests to function correctly. If there is...

Upgraded Q -> 2 from #619 [1675724510983]

Judge has assessed an item in Issue 619 as 2 risk. The relevant finding follows: L-02 The function mintReceipt should check if the quest has expired on-chain as well The main function mintReceipt responsible for minting receipts lacks an important check to ensure the quest end time hasn't finishe...

Upgraded Q -> 3 from #664 [1675726122175]

Judge has assessed an item in Issue 664 as 3 risk. The relevant finding follows: L-2 ERC1155 Quest: withdrawRemainingTokens should factor in total number of receipts minted before withdrawal Issue: There may be users with unredeemed receipts who will not be able to claim if all the remaining toke...

Upgraded Q -> 3 from #154 [1675567996775]

Judge has assessed an item in Issue 154 as 3 risk. The relevant finding follows: Erc20Quest.withdrawFee can be called against a quest more than once function withdrawFee public onlyAdminWithdrawAfterEnd IERC20rewardToken.safeTransferprotocolFeeRecipient, protocolFee; The withdrawFee function does...

Upgraded Q -> 2 from #117 [1675572860639]

Judge has assessed an item in Issue 117 as 2 risk. The relevant finding follows: Description If a single address has certain amount of RabbitHoleReceipt tokens receipts - according to tests 1050, when he tries to call claim function from Quest.sol it will always revert with 'Transaction ran out o...

Upgraded Q -> 2 from #329 [1675575934658]

Judge has assessed an item in Issue 329 as 2 risk. The relevant finding follows: Reentrancy issue on claim for Erc1155Quest There is a reentrancy issue when claiming ERC1155 tokens, that will you reenter before redeemedTokens is updated. Here is the callback Quest.solL114 Stick to the check effec...

Upgraded Q -> 2 from #251 [1675573596034]

Judge has assessed an item in Issue 251 as 2 risk. The relevant finding follows: L-03 The claim function might use an amount of gas greater than the block gas limit. Description: The claim function at the Quest.sol contract can consume an amount of gas greater than the block gas limit if the user...

Code breaks if first user is not expected user

Lines of code Vulnerability details Code breaks if first user is not expected user Summary Rather than iterate and continue if user is not the expected one, this code breaks all the execution if first user is userId Vulnerability Detail Execution is broke most of the times at first iteration for ...

Same identity can be assigned to multiple users

Lines of code Vulnerability details Impact In the contest details it is mentioned that identity can be transferable even if it's currently assigned to address in AddressRegistry. However, I would assume that if another address registers it, the identity should be removed from the previous owner...

Lack of double step transfer in admin modification in a upgradeable contract is dangerous

Lines of code Vulnerability details Lack of double step transfer in admin modification in a upgradeable contract is dangerous Summary Double step transfer of admin / ownership should be a must in upgradeable contracts Vulnerability Detail Admin is changed with changeAdmin that calls changeAdmin,...

Solmate safeTransfer and safeTansferFrom does not check the code size of the token address

Lines of code Vulnerability details Impact The safeTransfer and safeTransferFrom don't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safeTransfer and...

CidNFT: Broken tokenURI function

Lines of code Vulnerability details CidNFTtokenURI does not convert the uint256 id argument to a string before interpolating it in the token URI: /// @notice Get the token URI for the provided ID /// @param id ID to retrieve the URI for /// @return tokenURI The URI of the queried token path to a...

Potential DOS in Contract Inheriting UUPSUpgradeable.sol

Lines of code Vulnerability details Impact There is a contract which inherit UUPSUpgradeable.sol, namely; Managed.sol . The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls t...

Some ERC20 tokens deduct a fee on transfer

Lines of code Vulnerability details Impact Some ERC20 token implementations have a fee that is charged on each token transfer. This means that the transferred amount isn't exactly what the receiver will get. A call to ERC20token.transferrecipient, 100 with a fee-on-transfer of 5% will entitle the...

setDrips may distribute the drip too fast if the time hints are not good enough

Lines of code Vulnerability details Impact The setDrips function is used to configure a drip. It can either be withdrawing it, adding a new one, or even managing an existing one by updating the configuration. Internally, it account for the drips that are yet to be distributed to refund them to th...

Incorrect shift in assembly

Lines of code Vulnerability details Impact Shift operators shlx, y, shrx, y, sarx, y in Solidity assembly apply the shift operation of x bits on y and not the other way around, which may be confusing. Check if the values in a shift operation are reversed. Proof of Concept File: Drips.sol 823: val...

callSigned() can be front-runned

Lines of code Vulnerability details Impact Attacker able to bypass check present in callSigned by passing a proper valid sender address as parameter to callSigned function Proof of Concept For signature check following function checks requiresigner == sender, "Invalid signature"; Where sender...

_receiveDripsResult() overcounts amtPerCycle

Lines of code Vulnerability details Impact Drips results will be accounted for wrongly and hence users will receive more drips than they should. Proof of Concept According to the whitepaper, amtDeltas stored at each cycle is the value relative to the previous cycle. The stored delta for a cycle i...

Admin role lockout possible

Lines of code Vulnerability details Impact Admin of contracts is controlled by Managed contract, and implements a transfer of admin privilege in a single step. A malicious admin or an error in the new address when calling changeAdmin can prevent all admin activities on all the contracts forever...

Upgraded Q -> 2 from #769 [1675429128999]

Judge has assessed an item in Issue 769 as 2 risk. The relevant finding follows: L-1 requireNextActiveMultisig always returns the 1st enabled Multisig Relevant code: As the name suggested, MultisigManager.requireNextActiveMultisig should return the next enabled Multisig. However, it actually alwa...

Proxy admin of DripsHub, AddressDriver, NFTDriver and ImmutableSplitsDriver can steal users' tokens by upgrading the contract

Lines of code Vulnerability details Impact Proxy admin of DripsHub, AddressDriver, NFTDriver and ImmutableSplitsDriver can perform different malicious actions through upgrading, all can lead to users' assets being stolen. Proof of Concept An upgradable proxy contract can be upgraded with arbitrar...

User can lose NFT if wrong type is given to add function

Lines of code Vulnerability details Impact If a user when trying to add its NFT to a given subprotocol provide a wrong association type by accident to the add function, the NFT will be transferred to the CidNFT contract but it will not be associated with any protocol type, because of that when th...

The users can't add traits for their CidNFT's

Lines of code Vulnerability details Proof of Concept The CidNFT contract implements the add function for the users to add traits/subprotocol Id's to their CidNFT's. During calling add function, it validates whether the user is the owner of the provided CiDNFT and the user is approved by the owner...

If no association type matched, user will end up paying fee for nothing

Lines of code Vulnerability details Impact Users can add a new entry for the given subprotocol to the provided CID NFT. There are possible three different association types ordered, primary, active that can be used to model different types of associations between the CID NFT and subprotocol. For...

Upgraded Q -> 2 from #862 [1675430218943]

Judge has assessed an item in Issue 862 as 2 risk. The relevant finding follows: L-1 Function requireNextActiveMultisig always returns the first Multisig Affected code MultisigManager.requireNextActiveMultisig is supposed to return the next enabled Multisig. However it always returns the first...

Other users cannot help a CIDNFT holder add subprotocols to the NFT

Lines of code Vulnerability details Impact Other users cannot approve and help CIDNFT holders add subprotocols to the NFT, breaking protocol specifications. Proof of Concept In the video walkthrough, around the 8 minute mark, it is mentioned that users can help NFT holders add subprotocols to the...

Upgraded Q -> 2 from #836 [1675451857205]

Judge has assessed an item in Issue 836 as 2 risk. The relevant finding follows: Underflow error when redeeming to 0 after minting some rewards --- The text was updated successfully, but these errors were encountered: All reactions...

[M-04] Balance manipulation when contract is paused

Lines of code Vulnerability details Impact State-changing methods missing the whenNotPaused modifier, is a security hole. Even when contract is paused increaseTotalBalance and decreaseTotalBalance methods can be called internally. Therefore, medium severity matches. Proof of Concept function...

int128 cast underflow in _receiveDripsResult()

Lines of code Vulnerability details Impact In receiveDripsResult, the type cast of uint128 could underflow, and result in wrong receivedAmt. The impacts could be: wrong amount being transferred to users and drain the protocol fund inaccurate transfer amount, some users lose fund and some receive...