Upgraded Q -> 3 from #508 [1675443043181]

Judge has assessed an item in Issue 508 as 3 risk. The relevant finding follows: L-05 Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. The...

_squeezeDrips() passed the amount argument in place of amtPerSec for the _addDeltaRange, causing either underflow or the sender losing lots of fund!

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. squeezeDrips passes the amount argument in place of amtPerSec for its callee addDeltaRange in the following line addDeltaRangestate, cycleStart, cycleStart + 1, -int256amt AMTPERSECMULTIPLIER; The last...

AddressRegistry.sol#getCID() may return an nft id that is no longer valid

Lines of code Vulnerability details Impact The inability of AddressRegistry.solgetCID to return a valid value makes the AddressRegistry functionality meaningless. Other contracts that use the cid protocol will get the wrong data, which may produce various abnormal situations and may even lead to...

Hacked or malicious owner can steal all tokens

Lines of code Vulnerability details Tokens for all active drips are stored in the DripsHub contract. Since DripsHub is an upgradeable ERC1967Proxy, a malicious or hacked owner can simply upgrade the contract to include e.g., the following function: function stealTokensIERC20 token, address to,...

Misuse of a Boolean constant

Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...

Deletion on mapping containing a structure

Lines of code Vulnerability details Impact A deletion in a structure containing a mapping will not delete the mapping see the Solidity documentation. The remaining data may be used to compromise the contract. Proof of Concept File: Drips.sol struct AmtDelta /// @notice Amount delta applied on thi...

Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.

Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...

SubprotocolRegistry is vulnerable to malicious names

Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...

Use abi.encode instead of abi.encodePacked to prevent data collisions for object hashing

Lines of code Vulnerability details M-01 Use abi.encode instead of abi.encodePacked Impact hash collisions on the data stored for object hashing Proof of Concept From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft...

Unchecked External Call Vulnerability in ownerOf Function Call.

Lines of code Vulnerability details Impact In the worst-case scenario, if the ownerOf function call reverts due to a security vulnerability in the ERC721 contract, the caller's data could be manipulated, and their funds could be at risk. This could lead to a loss of funds for users who have...

Upgraded Q -> H from #694 [1675343512989]

Judge has assessed an item in Issue 694 as H risk. The relevant finding follows: there is no check that duration of the Minipool is less than 365 days and if user by mistake set very high value for duration and fails to run node properly user would lose very large number of his GGP collaterals...

Attacker can frontrun a victim's mint+add transaction to steal NFT

Lines of code Vulnerability details Impact High - an attacker can steal deposited NFTs from victims using the mint + add functionality in CidNFT.sol Proof of Concept One of the core features of CID Protocol is the ability for users to attach Subprotocol NFTs to their CidNFT. The CidNFT contract...

ERC721 safeTransferFrom is not enough to safeguard a subprotocol NFT

Lines of code Vulnerability details Proof of Concept There is a safeguard mechanism to ensure that no transfers of the subprotocol NFT happen after said NFT is tied to the CID NFT. Without it, someone could transfer or even burn the subprotocol NFT while it is still associated. // The CID Protoco...

An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...

cidFeeWallet can be address(0)

Lines of code Vulnerability details Impact TLDR; the cidFeeWallet can be assigned to address0, in which case fees would be burned but otherwise the system operates as expected. In the constructor for both SubprotocolRegistry and CidNFT, a wallet is assigned to which fees will be sent. This applie...

Upgraded Q -> M from #694 [1675343502331]

Judge has assessed an item in Issue 694 as M risk. The relevant finding follows: there is no check that duration of the Minipool is bigger than 14 days and a malicious node runner can set duration as 0 day and if he fails the calculated slash amount would be 0. --- The text was updated...

DOS mint and add by frontrunning

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Proof of Concept An attacker can DOS...

Attacker can steal subprotocol NFT from user who use mint and add

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Additionally, CidNFT.add only check ...

Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds

Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...

[H-01] Reentrancy attack is possible when using ERC777 tokens in DripsHub

Lines of code Vulnerability details H-01 Reentrancy attack is possible when using ERC777 tokens in DripsHub Impact: Some ERC20 tokens implement the EIP 777 interface including the tokensToSend hook, which performs a callback to the user from which tokens will be transferred before the tokens are...

Fee can be transferred to the zero address while subprotocol registeration

Lines of code Vulnerability details Impact Everytime user register a new subprotocol to the registry contract, the registry contract transfer the fee to the cidFeeWallet from the registrar. There is missing vaildation that the transfer should not goes to zero address. If no address has been set f...

No-check liquidity is != 0

Lines of code Vulnerability details Impact Proof of Concept Tools Used manual Recommended Mitigation Steps --- The text was updated successfully, but these errors were encountered: All reactions...

The LiquidityManager.pairMintCallback() might be exploited to steal funding from another user when the factory contract is compromised.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LiquidityManager.pairMintCallback might be exploited to steal funding from another user due to three issues: 1. LiquidityManager.pairMintCallback is a callback function for the addLiquidity, which...

Unsafe cast on uniswapV3SwapCallback can get all assets in the contract

Lines of code Vulnerability details Unsafe cast on uniswapV3SwapCallback can get all assets in the contract Summary Type cast with overflows doesn't throw an error / revert therefore, value can be transferred out just by calling the method. Contracts that inherit from SwapHelper:...

First liquidity provider will suffer from revert or fund loss

Lines of code Vulnerability details Impact The first liquidity depositor should supply three input values amount0Min, amount1Min, liquidity via AddLiquidityParams but these three values should meet an accurate relationship, or else the depositor will suffer from revert or fund loss Proof of Conce...

Unchecked that address to is not 0

Lines of code Vulnerability details Impact Sanity checks checking that funds are not going to the burn address should be done. In this case in the function swap, funds will not burn because you have to return the flashloan but the check should be made Tools Used manual Recommended Mitigation Step...

Possibly Susceptible to Reentrancy Attack

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed. Proof of Concept To...

mint() function logic will break with fee-on-transfer(deflationary) tokens

Lines of code Vulnerability details Impact with deflationary token mint function never succeed Proof of Concept mint function checking if balanceAfter totalLiquidity revert CompleteUtilizationError; // next check is for the case when liquidity is borrowed but then was completely accrued if...

refundETH has no access control and be called repeatedly or Can be Front runned to steal WETH funds from Contract

Lines of code Vulnerability details Impact The function refundETH has no access control and called be called anyone resulting in a loss of WETH funds if address0 is entered as the recipient for removeLiquidity Proof of Concept Consider the scenario if bob calls removeliquidity which returns WETH...

Upgraded Q -> M from #819 [1675276661349]

Judge has assessed an item in Issue 819 as M risk. The relevant finding follows: Scenarios 3 & 4 are basically the same and valid. Duplicate of 569 --- The text was updated successfully, but these errors were encountered: All reactions...

Locked Ether

Lines of code Vulnerability details Description Contract with a payable function, but without a withdrawal capacity. Impact Every Ether sent to LendgineRouter will be lost. Proof of Concept File: src/periphery/LendgineRouter.sol 142: function mintMintParams calldata params external payable...

ERC20 TRANSFER AND TRANSFERFROM ARE NOT CHECKING FOR THE ZERO ADDRESS OF to AND from, DURING EXECUTION

Lines of code Vulnerability details Impact ERC20 standard tokens check for the != address0 condition in the transfer and transferFrom functions for the to address and from address in order to make sure funds are not transfered to zero address and balance is not updated in the balanceOf mapping fo...

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

No way of transfering Ownership/Wrong use of Interface

Lines of code Vulnerability details Impact From my understanding there is no way to change the owner which can lead to funds can be stuck if an AMM and governance change/upgrade is required. There is risk if the owner keys get compromised - also there is no progressive security if you can't chang...

Lendgine#mint gifts the borrower liquidity and both underlying token as well which bricks contract functionality

Lines of code Vulnerability details Impact Borrower of liquidity can just keep borrowing liquidity as he will also get token0 and token1, draining the protocol funds. Proof of Concept Lendginemint calls Pairburn before calling mint to mint the number of ERC20 power tokens. totalLiquidityBorrowed ...

Everyone can call mint function (no checks for msg.sender)

Lines of code Vulnerability details Impact Everyone can call mint function. There is no checks for msg.sender. I am not sure that this is okay and by method design. Proof of Concept Tools Used Static analytics Recommended Mitigation Steps Think about how to protect method --- The text was updated...

Mint to without check for zero address

Lines of code Vulnerability details Impact Mint to without check for zero address. This can lead to lost of token Proof of Concept Tools Used Recommended Mitigation Steps add check to be sure that address to is not empty --- The text was updated successfully, but these errors were encountered: Al...

Unprotected Ether Withdrawal

Lines of code Vulnerability details Description Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account. This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to b...

Unchecked that the to address is nto the address of the tokens

Lines of code Vulnerability details Impact In the swap function, it is unchecked that the to address is not the address of the tokens. This will not lead to a loss of funds because the flashloan will actually revert, but sanity checks like this one should be made following for instance uniswap...

A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits

Lines of code Vulnerability details Impact A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits. The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting...

Fee on transfer tokens will not behave as expected

Lines of code Vulnerability details Impact In Numoen, it does not specifically restrict the type of ERC20 collateral used for borrowing. If fee on transfer tokens is/are entailed, it will specifically make mint revert in Lendgine.sol when checking if balanceAfter balanceBefore + collateral. Proof...

No-check taht amounts are less than reserves

Lines of code Vulnerability details Impact There is no check that the amount for the flashloan is actually available in the contract. It is checked that it should be 0 but not than reserves. Eventually, the function will revert because the funds are not there and the funds are not in the contract...

Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer

Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...

Payment multiple functions do not check the caller

Lines of code Vulnerability details Impact Multiple functions in the Payment contract do not check the caller, for example, an attacker can directly call refundETH to transfer assets in the contract function refundETH external payable //@audit if addressthis.balance 0...

Upgraded Q -> M from #819 [1675276650768]

Judge has assessed an item in Issue 819 as M risk. The relevant finding follows: If we are going with this specific impact, looks like scenario 2 is valid - but does depend on Rialto making that mistake, so would say that is Medium. This is a duplicate, the primary issue being 723 --- The text wa...

Precision loss in the invariant function can lead to loss of funds

Lines of code Vulnerability details Impact An attacker can steal the funds without affecting the invariant. Proof of Concept We can say the function Pair.invariant is the heart of the protocol. All the malicious trades should be prevented by this function. Pair.sol 52: /// @inheritdoc IPair 53:...

Lack of access control in Lendgine.sol.withdraw()

Lines of code Vulnerability details Impact Because the function does not check if the person has access to it, anyone can call it. After calling the function the malicious user can increase his position. 175: positions.updatemsg.sender, -SafeCast.toInt256size, rewardPerPositionStored; He can then...

First depositor can manipulate the invariant of a pool

Lines of code Vulnerability details Impact someone can call deposit upon pool creation, with a custom liquidity variable and small first deposit to change the behaviour of the pool, as a way to attack the protocol. even if a pool is setup and initialized correctly, there is not guaranteed that th...

Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function

Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...

TOKEN BALANCE OF A PARTICULAR ADDRESS IS NOT CHECKED AGAINST THE REQUESTED TRANSFER AMOUNT INSIDE TRANSFER AND TRANSFERFROM FUNCTIONS IN ERC20.sol CONTRACT

Lines of code Vulnerability details Impact transfer and transferFrom functions do not check for the available erc20 token balance of the from address and the msg.sender respectively against the requested transfer amount. Hence if the balanceOffrom and balanceOfmsg.sender in the transferFrom and...