Upgraded Q -> 3 from #867 [1675460716325]

Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...

AddressRegistry might have non-actual record

Lines of code Vulnerability details Impact AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers. Proof of Concept To register favorite NFT user calls register function from AddressRegistry. Then he sold this NFT to...

[M-01] emitUserMetadata function may fail due to exceed gas limit

Lines of code Vulnerability details Impact The function emitUserMetadata in DripsHub may fail due to unbounded loop over userMetadata can be very large due to the user input. However, function could be called only from drivers, it's still public and large array could be passed. And the loop in...

Support for fee-on-transfer tokens

Lines of code Vulnerability details Impact The AddressDriver.sol do not support fee-on-transfer tokens. If the asset is a fee-on-transfer token, tokens received from users could be less then the amount specified in the transfer. The protocol could suffer a loss of funds. Proof of Concept function...

UNEXPECTED DATA LOSS IS POSSIBLE DUE TO UNSAFE DOWN CASTING OF UINT40 TO UINT32

Lines of code Vulnerability details Impact In the dripsRange function of the Drips.sol contract variable end is declared as of type uint40. After the arithmetic operations and conditional checks have been performed, the end variable is returned as uint32end thus down casting it unsafely. Proof of...

DIVISION BY _AMT_PER_SEC_MULTIPLIER AT EACH STEP OF THE ARITHMETIC OPERATION BEFORE MULTIPLICATION RESULTS IN ROUNDING ERROR

Lines of code Vulnerability details Impact In the drippedAmt function of the Drips.sol contract, the assembly is used to calculate the amount dripped over a time range. Inside the assembly amtPerCycle is calculated by multiplying cycleSecs and amtPerSec and dividing by AMTPERSECMULTIPLIER to remo...

Unsafe casting of an int128 to uint128 can cause wrong accounting in _receiveDripsResult

Lines of code Vulnerability details Impact Unsafe casting of int128 to uint128 is dangerous and makes user receive more assets than they should. Proof of Concept state.amtDeltascycle can be a negative value. The delta value at each point is simply the relative change from the previous cycle. If...

CidNFT#add will break if _type is not passed in correctly

Lines of code Vulnerability details Impact CIDNFT holders that wants to add subprotocols to their NFT will not be able to anymore because the subprotocol NFT will be stuck in the CidNFT.sol contract. Proof of Concept When a CIDNFT holder wants to add subprotocols to their NFT, he will call...

Split vulnerable to preimage attack

Lines of code Vulnerability details Impact A motivated attacker could invest the resources to craft a malicious SplitsReceiver to steal all of a users' pending funds. Proof of Concept This is a non-practical implementation of the attack, but shows by extending the SplitsReceiver array by any numb...

Upgraded Q -> 2 from #867 [1675460709593]

Judge has assessed an item in Issue 867 as 2 risk. The relevant finding follows: L-01, ProtocolDAO.sol lines 209 - 216: upgradeExistingContract mistakenly removes the address value of the new contract if the new contract’s name is the same as the old one. This can be easily fixed with unregisteri...

Caller.callBatched doesn't enforce msg.value is equal to sum of call values

Lines of code Vulnerability details For each call in callBatched, we pass a value to be sent along with the call: for uint256 i = 0; i calls.length; i++ Call memory call = callsi; returnDatai = callsender, call.to, call.data, call.value; The sum of the values of the calls should be equal to...

Upgraded Q -> 2 from #260 [1675460942583]

Judge has assessed an item in Issue 260 as 2 risk. The relevant finding follows: L2 Withdrawable minipool can be finished before funds are withdrawn --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #508 [1675443058277]

Judge has assessed an item in Issue 508 as 2 risk. The relevant finding follows: New address and existing address inputs can be the same in upgradeExistingContract --- The text was updated successfully, but these errors were encountered: All reactions...

nftAddress can be a malicious NFT

Lines of code Vulnerability details Impact In the subprotocolregistry contract, users are allowed to register any subprotocols. As long as the supportsinterface condition is met. The validity of the nftaddress address is not checked. function register bool ordered, bool primary, bool active,...

Reentrancy in callBatched

Lines of code Vulnerability details Proof of Concept The Caller contract implements callBatched function in order to execute a batch of calls within one call. The function has payable declaration to be able to send ETH inside the call. The NATSPEC is also provided in parallel; /// @notice Execute...

Upgraded Q -> 2 from #800 [1675429611496]

Judge has assessed an item in Issue 800 as 2 risk. The relevant finding follows: 1- recordStakingError function doesn't decrease the minipool avaxLiquidStakerAmt value : When the function recordStakingError is called by the multisig it decreases both the total AVAX staking amount and the AVAX...

Multiple addresses can point to the same cidNFTID

Lines of code Vulnerability details Impact During AddressRegistry.register there is no check to ensure that a cidNFTID has been registered to an address. As CID NFT is transferrable, this means that the same CID NFT can be registered by multiple addresses. This could cause troubles for Dapps that...

Upgraded Q -> 2 from #748 [1675439377792]

Judge has assessed an item in Issue 748 as 2 risk. The relevant finding follows: L MultisigManager doesn't have unregister function MultisigManager.sol contains a hard limit of MULTISIGLIMIT to 10. Meanwhile in the contract, there are functions like registerMultisig, enableMultisig, and...

Signature replay attacks possible if deployed on multiple chains

Lines of code Vulnerability details Caller.callSigned operates using an EIP-712 signature which verifies the signed data to be used in a call on behalf of the signer. The problem with this method lies in the fact that it doesn't specify the chain ID, and thus if the contract is ever deployed to...

Upgraded Q -> 2 from #338 [1675444014859]

Judge has assessed an item in Issue 338 as 2 risk. The relevant finding follows: L-07 It should be possible to assign Minipool to a new Multisig MinipoolManager.sol 1 --- The text was updated successfully, but these errors were encountered: All reactions...

User may charge any amount of fees when registering a subprotocol

Lines of code Vulnerability details Impact When registering a subprotocol, the user may enter any amount of fees. There are no checks implemented. Proof of Concept The register function does not have a check for the fee. A limit may be imposed otherwise a user can register a subprotocol with any...

Squeezing drips from a sender can be front-run and prevented by the sender

Lines of code Vulnerability details Squeezing drips from a sender requires providing the sequence of drips configurations see NatSpec description in L337-L338: /// It can start at an arbitrary past configuration, but must describe all the configurations /// which have been used since then includi...

RETURNS EMPTY UINT256 configs MEMORY ARRAY SINCE THE UPDATED MEMORY ARRAY IS NOT RETURNED

Lines of code Vulnerability details Impact buildConfigs function inside the Drips.sol is required to build a preprocessed list of drips configurations from receivers. Thus in its function implementation it initialized the uint256 memory configs array and send it as an argument to the addConfig...

A Theoretical-Gaming Vulnerability

Lines of code Vulnerability details Impact There is a theoretical-gaming vulnerability in the project. Currently, users are able to set up a graph in which money should flow from one vertex to another. The user sets the split configuration on their account and there is a public function...

Upgraded Q -> 2 from #846 [1675451731129]

Judge has assessed an item in Issue 846 as 2 risk. The relevant finding follows: L-2 no way to remove compromised/broken multisigs without upgrading the contract --- The text was updated successfully, but these errors were encountered: All reactions...

DoS with block gas limit in squeezeDrips

Lines of code Vulnerability details Squeezing drips requires verifying the entire history of that drip. This means iterating over an unbounded loop of the size of the history for uint256 i = 0; i dripsHistory.length; i++ DripsHistory memory drips = dripsHistoryi; bytes32 dripsHash =...

SubprotocolRegistry accepts empty string as protocol name

Lines of code Vulnerability details Impact The input sanitization statements in SubprotocolRegistry.sol's register function are: function register bool ordered, bool primary, bool active, address nftAddress, string calldata name, uint96 fee external // ... if !ordered || primary || active revert...

Upgraded Q -> 2 from #365 [1675443623313]

Judge has assessed an item in Issue 365 as 2 risk. The relevant finding follows: L-4 Misleading comments - Multisig are still managing pool --- The text was updated successfully, but these errors were encountered: All reactions...

## Mathematical Modelling Cause a Significant Roundoff Error

Lines of code Vulnerability details Mathematical Modelling Cause a Significant Roundoff Error Function drippedAmt calculates the ended cycles. when calculating ended cycles it takes two divisions which cause round off error. Let's consider this scenario. Deposited token - WBTC amtPerSec = 1000000...

MinipoolManager: node operator can avoid being slashed

Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...

Upgraded Q -> 2 from #783 [1675429188655]

Judge has assessed an item in Issue 783 as 2 risk. The relevant finding follows: restakeGGP doesn't have whenNotPaused modifier At line 319 stakeGGP has whenNotPaused modifier, while restakeGGP has not. Suggest to add the same modifier to restakeGGP. --- The text was updated successfully, but the...

Upgraded Q -> 2 from #615 [1675442567749]

Judge has assessed an item in Issue 615 as 2 risk. The relevant finding follows: 3:upgradeExistingContract need unregisterContract first and then registerContract. Avoid newAddr==existingAddr. unregisterContract remove newAddr function upgradeExistingContract address newAddr, string memory newNam...

_transferFromCaller is not compatible with USDT and similar tokens

Lines of code Vulnerability details transferFromCaller is not compatible with USDT and similar tokens Summary Setting directly typeuint256.max won't work for USDTTether. This is done at both transferFromCaller: NFTDriver.solL289 AddressDriver.solL174 Description Some tokens like USDT do not work...

Multiple people can register the same cidNFTID

Lines of code Vulnerability details Impact Multiple people can register the same cidNFT in a way that the same "canonical on-chain identity" can be shared accross multiple real-life identities. Proof of Concept cidNFTs can be transfered as any ERC721 token. After each transfer the new owner can...

Locked Ether

Lines of code Vulnerability details Impact Contract with a payable function, but without a withdrawal capacity. Every Ether sent to Caller will be lost. Proof of Concept File: Caller.sol function callAsaddress sender, address to, bytes memory data public payable returns bytes memory returnData...

Griefing risk in mint

Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...

Upgraded Q -> 2 from #653 [1675442664703]

Judge has assessed an item in Issue 653 as 2 risk. The relevant finding follows: 1. Funds are locked if Rialto use function finishFailedMinipoolByMultisig Detail Function finishFailedMinipoolByMultisig did not transfer any funds or doing any data change, only updating state of minipool to Finishe...

Upgraded Q -> 2 from #338 [1675444008015]

Judge has assessed an item in Issue 338 as 2 risk. The relevant finding follows: L-04 Staking.restakeGGP function should have whenNotPaused modifier Staking.sol 1 --- The text was updated successfully, but these errors were encountered: All reactions...

Anyone can call the DripsHub.split function to frontrun the DripsHub.setSplits function call of the trusted user who owns the splittable funds

Lines of code Vulnerability details Impact As mentioned by the following DripsHub.split function's comment, the user, who owns the splittable funds, needs to be trusted by the receivers for such splittable funds. Yet, when this trusted user wants to call the DripsHub.setSplits function below to...

AddressRegistry can associate same CID to different addresses at the same time

Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...

Upgraded Q -> 2 from #508 [1675443068820]

Judge has assessed an item in Issue 508 as 2 risk. The relevant finding follows: Cannot add additional Multisig when 10 Multisig addresses are registered --- The text was updated successfully, but these errors were encountered: All reactions...

_updateReceiverStates CAN WORK INCORRECTLY WHEN CURRENT RECEIVER AND NEW RECEIVER MATCHES WITH UPDATED DRIP TIMES

Lines of code Vulnerability details Impact States can be incorrectly updated. Proof of Concept In updateReceiverStates method of Drips.sol, I noticed a different pattern of Using addDeltaRange when current receiver and new receiver matches with updated drip times. To Remove an existing drip, the...

User can do registration of one CID NFT many times

Lines of code Vulnerability details Impact User can do registration one CID NFT repeatedly, and event CIDNFTAdded will be emited again and again. No checks, that user already registerd. When willl be some logic on frontend, which use this event, it could break, when get one more events CIDNFTAdde...

Drips that end after the current cycle but before its creation can allow users to profit from squeezing

Lines of code Vulnerability details Impact By creating a drip that ends after the current cycle but before its creation time and immediately removing it, the sender doesn't have to put in any assets but the receiver can still squeeze this drip. By setting a receiver that the sender controls, the...

Upgraded Q -> 2 from #854 [1675461747744]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: When the protocol is paused, all the multisigs are disabled:, However, it is still possible to call startRewardsCycle in the RewardsPool, however, the execution will revert because the enabled count is 0: --- The tex...

BURN any ERC721 tokens in DRIFT NFT protocol by just sending the tokenID on the public burn function

Lines of code Vulnerability details Impact Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens, and in some cases, compromise ...

Multiple accounts can have the same identity

Lines of code Vulnerability details Users can register their on-chain identity ie their CID NFT by calling AddressRegistry.register File: src/AddressRegistry.sol 42: function registeruint256 cidNFTID external 43: if ERC721cidNFT.ownerOfcidNFTID != msg.sender 44: // We only guarantee that a CID NF...

Upgraded Q -> 2 from #65 [1675444463774]

Judge has assessed an item in Issue 65 as 2 risk. The relevant finding follows: Unusual multisig logic --- The text was updated successfully, but these errors were encountered: All reactions...

Lack of nonReentrant modifier when using _safeMint function

Lines of code Vulnerability details Impact The safeMint function implementation can allow a contract to reenter the the calling contract. Proof of Concept the safeMint function can be reentered through the safeMint function. function safeMintaddress to, UserMetadata calldata userMetadata public...

Reentrancy due to lack of check-effect-interact pattern by valid Driver users

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...