Upgraded Q -> 2 from #800 [1675429611496]

Judge has assessed an item in Issue 800 as 2 risk. The relevant finding follows: 1- recordStakingError function doesn't decrease the minipool avaxLiquidStakerAmt value : When the function recordStakingError is called by the multisig it decreases both the total AVAX staking amount and the AVAX...

Incorrect shift in assembly

Lines of code Vulnerability details Impact Shift operators shlx, y, shrx, y, sarx, y in Solidity assembly apply the shift operation of x bits on y and not the other way around, which may be confusing. Check if the values in a shift operation are reversed. Proof of Concept File: Drips.sol 823: val...

AddressRegistry.sol#getCID() may return an nft id that is no longer valid

Lines of code Vulnerability details Impact The inability of AddressRegistry.solgetCID to return a valid value makes the AddressRegistry functionality meaningless. Other contracts that use the cid protocol will get the wrong data, which may produce various abnormal situations and may even lead to...

Upgraded Q -> 2 from #846 [1675451731129]

Judge has assessed an item in Issue 846 as 2 risk. The relevant finding follows: L-2 no way to remove compromised/broken multisigs without upgrading the contract --- The text was updated successfully, but these errors were encountered: All reactions...

User can lose NFT if wrong type is given to add function

Lines of code Vulnerability details Impact If a user when trying to add its NFT to a given subprotocol provide a wrong association type by accident to the add function, the NFT will be transferred to the CidNFT contract but it will not be associated with any protocol type, because of that when th...

_updateReceiverStates CAN WORK INCORRECTLY WHEN CURRENT RECEIVER AND NEW RECEIVER MATCHES WITH UPDATED DRIP TIMES

Lines of code Vulnerability details Impact States can be incorrectly updated. Proof of Concept In updateReceiverStates method of Drips.sol, I noticed a different pattern of Using addDeltaRange when current receiver and new receiver matches with updated drip times. To Remove an existing drip, the...

Upgraded Q -> M from #694 [1675343502331]

Judge has assessed an item in Issue 694 as M risk. The relevant finding follows: there is no check that duration of the Minipool is bigger than 14 days and a malicious node runner can set duration as 0 day and if he fails the calculated slash amount would be 0. --- The text was updated...

Upgraded Q -> H from #694 [1675343512989]

Judge has assessed an item in Issue 694 as H risk. The relevant finding follows: there is no check that duration of the Minipool is less than 365 days and if user by mistake set very high value for duration and fails to run node properly user would lose very large number of his GGP collaterals...

Fee can be transferred to the zero address while subprotocol registeration

Lines of code Vulnerability details Impact Everytime user register a new subprotocol to the registry contract, the registry contract transfer the fee to the cidFeeWallet from the registrar. There is missing vaildation that the transfer should not goes to zero address. If no address has been set f...

Attacker can steal subprotocol NFT from user who use mint and add

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Additionally, CidNFT.add only check ...

An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...

Attacker can frontrun a victim's mint+add transaction to steal NFT

Lines of code Vulnerability details Impact High - an attacker can steal deposited NFTs from victims using the mint + add functionality in CidNFT.sol Proof of Concept One of the core features of CID Protocol is the ability for users to attach Subprotocol NFTs to their CidNFT. The CidNFT contract...

Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.

Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...

Use abi.encode instead of abi.encodePacked to prevent data collisions for object hashing

Lines of code Vulnerability details M-01 Use abi.encode instead of abi.encodePacked Impact hash collisions on the data stored for object hashing Proof of Concept From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft...

[H-01] Reentrancy attack is possible when using ERC777 tokens in DripsHub

Lines of code Vulnerability details H-01 Reentrancy attack is possible when using ERC777 tokens in DripsHub Impact: Some ERC20 tokens implement the EIP 777 interface including the tokensToSend hook, which performs a callback to the user from which tokens will be transferred before the tokens are...

SubprotocolRegistry is vulnerable to malicious names

Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...

cidFeeWallet can be address(0)

Lines of code Vulnerability details Impact TLDR; the cidFeeWallet can be assigned to address0, in which case fees would be burned but otherwise the system operates as expected. In the constructor for both SubprotocolRegistry and CidNFT, a wallet is assigned to which fees will be sent. This applie...

Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds

Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...

DOS mint and add by frontrunning

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Proof of Concept An attacker can DOS...

Unchecked External Call Vulnerability in ownerOf Function Call.

Lines of code Vulnerability details Impact In the worst-case scenario, if the ownerOf function call reverts due to a security vulnerability in the ERC721 contract, the caller's data could be manipulated, and their funds could be at risk. This could lead to a loss of funds for users who have...

ERC721 safeTransferFrom is not enough to safeguard a subprotocol NFT

Lines of code Vulnerability details Proof of Concept There is a safeguard mechanism to ensure that no transfers of the subprotocol NFT happen after said NFT is tied to the CID NFT. Without it, someone could transfer or even burn the subprotocol NFT while it is still associated. // The CID Protoco...

Locked Ether

Lines of code Vulnerability details Description Contract with a payable function, but without a withdrawal capacity. Impact Every Ether sent to LendgineRouter will be lost. Proof of Concept File: src/periphery/LendgineRouter.sol 142: function mintMintParams calldata params external payable...

Economical games that can be played to gain MEV

Lines of code Vulnerability details Disclaimer: Developers did an extremely good job writing the protocol, however, these are some aspects that I think are missed in the design stage and can be considered. Look at it as a food for thought in future designs. Impact How the invariant works The...

Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function

Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...

Everyone can call mint function (no checks for msg.sender)

Lines of code Vulnerability details Impact Everyone can call mint function. There is no checks for msg.sender. I am not sure that this is okay and by method design. Proof of Concept Tools Used Static analytics Recommended Mitigation Steps Think about how to protect method --- The text was updated...

The LiquidityManager.pairMintCallback() might be exploited to steal funding from another user when the factory contract is compromised.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LiquidityManager.pairMintCallback might be exploited to steal funding from another user due to three issues: 1. LiquidityManager.pairMintCallback is a callback function for the addLiquidity, which...

No-check liquidity is != 0

Lines of code Vulnerability details Impact Proof of Concept Tools Used manual Recommended Mitigation Steps --- The text was updated successfully, but these errors were encountered: All reactions...

DIVISION BEFORE MULTIPLICATION ERROR IN CALCULATING INTEREST CAN LEAD TO LARGER PRECISION LOSS

Lines of code Vulnerability details Impact There is a division before multiplication bug in accrueInterest method of Lendgine.sol which may result in loss of interest being accrued due to huge precision loss. There is same error in invariant method of Pair.sol as well which can cause larger...

refundETH has no access control and be called repeatedly or Can be Front runned to steal WETH funds from Contract

Lines of code Vulnerability details Impact The function refundETH has no access control and called be called anyone resulting in a loss of WETH funds if address0 is entered as the recipient for removeLiquidity Proof of Concept Consider the scenario if bob calls removeliquidity which returns WETH...

Precision loss in the invariant function can lead to loss of funds

Lines of code Vulnerability details Impact An attacker can steal the funds without affecting the invariant. Proof of Concept We can say the function Pair.invariant is the heart of the protocol. All the malicious trades should be prevented by this function. Pair.sol 52: /// @inheritdoc IPair 53:...

Unprotected Ether Withdrawal

Lines of code Vulnerability details Description Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account. This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to b...

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

Lack of access control in Lendgine.sol.withdraw()

Lines of code Vulnerability details Impact Because the function does not check if the person has access to it, anyone can call it. After calling the function the malicious user can increase his position. 175: positions.updatemsg.sender, -SafeCast.toInt256size, rewardPerPositionStored; He can then...

Lendgine contract can be drained through mint() function due to lack of Access Control

Lines of code Vulnerability details Impact Anybody can call the mint function on lendgine.sol and enter any amount of collateral. This allows them to mint any number of tokens to their address for free. Proof of Concept The mint function in lendgine.sol is external with no additional modifiers or...

Upgraded Q -> M from #819 [1675276661349]

Judge has assessed an item in Issue 819 as M risk. The relevant finding follows: Scenarios 3 & 4 are basically the same and valid. Duplicate of 569 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #819 [1675276650768]

Judge has assessed an item in Issue 819 as M risk. The relevant finding follows: If we are going with this specific impact, looks like scenario 2 is valid - but does depend on Rialto making that mistake, so would say that is Medium. This is a duplicate, the primary issue being 723 --- The text wa...

Anyone can withdraw contract funds

Lines of code Vulnerability details Impact There is a critical impact that an attacker could drain the entire eth balance of the contract by calling this refundETH function which lacks a modifier. The funds will go always to the caller of the function. Proof of Concept It is not a complex attack ...

Possible Reentrance & Unexpected Behaviour Vulnerabilities

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, for example, the pay function called in the mintCallback function does not check for reentrancy before performing an external call. No checking of return values...

A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits

Lines of code Vulnerability details Impact A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits. The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting...

Lack of slippage protection when swapping on Uniswap v2/v3

Lines of code Vulnerability details Impact Lack of slippage protection when swapping on Uniswap v2/v3. It'll create the potential to be sandwiched by MEV bots and result in user loss. Proof of Concept In the LendgineRouter.mint function, the contract would swap all the token0 to token1 in...

Possibly Susceptible to Reentrancy Attack

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed. Proof of Concept To...

Lendgine#mint gifts the borrower liquidity and both underlying token as well which bricks contract functionality

Lines of code Vulnerability details Impact Borrower of liquidity can just keep borrowing liquidity as he will also get token0 and token1, draining the protocol funds. Proof of Concept Lendginemint calls Pairburn before calling mint to mint the number of ERC20 power tokens. totalLiquidityBorrowed ...

Loss of funds - User has control of the fallback function

Lines of code Vulnerability details Imapct: Lendengine check the balanceBefore and after of token1, after sending tokens via a mintFallback function. During this fallback the user has access to theses tokens so far as it's returned + collateral the fallback is satisfied. A attacker can take out...

First depositor can manipulate the invariant of a pool

Lines of code Vulnerability details Impact someone can call deposit upon pool creation, with a custom liquidity variable and small first deposit to change the behaviour of the pool, as a way to attack the protocol. even if a pool is setup and initialized correctly, there is not guaranteed that th...

Payment multiple functions do not check the caller

Lines of code Vulnerability details Impact Multiple functions in the Payment contract do not check the caller, for example, an attacker can directly call refundETH to transfer assets in the contract function refundETH external payable //@audit if addressthis.balance 0...

No way of transfering Ownership/Wrong use of Interface

Lines of code Vulnerability details Impact From my understanding there is no way to change the owner which can lead to funds can be stuck if an AMM and governance change/upgrade is required. There is risk if the owner keys get compromised - also there is no progressive security if you can't chang...

Unsafe cast on uniswapV3SwapCallback can get all assets in the contract

Lines of code Vulnerability details Unsafe cast on uniswapV3SwapCallback can get all assets in the contract Summary Type cast with overflows doesn't throw an error / revert therefore, value can be transferred out just by calling the method. Contracts that inherit from SwapHelper:...

Unchecked that address to is not 0

Lines of code Vulnerability details Impact Sanity checks checking that funds are not going to the burn address should be done. In this case in the function swap, funds will not burn because you have to return the flashloan but the check should be made Tools Used manual Recommended Mitigation Step...

Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer

Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...

Mint function should have a pause

Lines of code Vulnerability details Impact Even if a market is paused due to insolvency/bugs, there will still be minting going on. This leaves no protection against mining in such case. Tools Used VS code Recommended Mitigation Steps Check in function mint that the market is not paused. For...