10190 matches found
## Significant roundoff error in melt() function
Lines of code Vulnerability details Significant roundoff error in melt function Significant roundoff error is caused when calculating numPeriods. Also frequent calling of this function caused sever error. Proof of Concept 70 function melt external notPausedOrFrozen 71 if uint48block.timestamp 0...
early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work
Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...
Missing Function Definition in tryPrice() leading to contract failure.
Lines of code Vulnerability details Impact basketRange in the contract. The function tryPrice calls the function basketRange from the library RecollateralizationLibP1, which is not defined in the contract. As a result, when tryPrice is executed, it will cause the contract to revert and throw an...
user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero
Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...
User funds can be locked in RToken contract for a long time
Lines of code Vulnerability details Impact Unnecessary delay on the first issuance will lock the first issuer's deposit and other following deposits. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals. The protocol is designed to limit issuance by some rate and t...
melt() calculates lastPayoutBal wrongly
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. melt calculates lastPayoutBal wrongly since it calls rToken.meltamount later. Proof of Concept melt calculates lastPayoutBal wrongly since it calls rToken.meltamount later. Therefore, lastPayoutBal shou...
function withdraw() in StRSR won't update contract state (totalDrafts) in all cases which can cause wrong fund distribution and fund stucking in the contract
Lines of code Vulnerability details Impact Function withdraw complete an account's unstaking. it transfers user draft withdrawals and updates totalDrafts. but when calculated rsrAmount is 0 code returns and won't updates totalDrafts which can cause wrong calculations as those draft items removed...
Rounding error in distribute() function
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The distribute function might suffer from serious rounding error since it calculates tokensPerShare that has a division rounding error, and then use uint256 transferAmt = tokensPerShare numberOfShares; ...
A transfer-on-fee token or a deflationary/rebasing token, causing the received amount to be less than the accounted amount. For instance, a deflationary tokens might charge a certain fee for every safetransfer() or safetransferFrom().
Lines of code Vulnerability details Impact ALice calls stakeamount = 100 deflationary Tokens. Because the token has a fee upon transfer, StRSR receives only 99 tokens and staked that amount to mint but user thought that receives 100 tokens . But reality token received for stRSR only 99 . Proof of...
Possible Unauthorized Redemption of Collateral ERC20 Tokens due to Lack of Proper Check in redeem() Function
Lines of code Vulnerability details Impact An attacker who is not authorized by the smart contract could potentially redeem more tokens than they are entitled to. This could cause a loss of funds for the smart contract and its users, as well as potentially destabilizing the overall ecosystem...
High Severity Reentrancy Vulnerability in stateTransition Modifier
Lines of code Vulnerability details Impact Lack of reentrancy protection in the stateTransition modifier occurs in the following line of code. modifier stateTransitionTradeStatus begin, TradeStatus end requirestatus == begin, "Invalid trade state"; status = TradeStatus.PENDING; ; assertstatus ==...
Overflow vulnerability in worstCasePrice variable.
Lines of code Vulnerability details Impact // == Economic parameters // This trade is on behalf of origin. Only origin may call settle, and the buy tokens // from this trade's acution will all eventually go to origin. address public origin; IERC20Metadata public sell; // address of token this tra...
Withdraw someone elses funds
Lines of code Vulnerability details Impact In the withdraw function: function withdrawaddress account, uint256 endId external notPausedOrFrozen anyone can input another user address and the funds will be withdrawn to the user. While funds are not stolen, this breaks the entire project because use...
RecollateralizationLib: Flaw in basket range calculation leads to early basket compromise and loss to RToken holders
Lines of code Vulnerability details Impact This report deals with how the recollateralization algorithm underestimates the number of baskets it can hold by calculating unnecessary costs for collateral that does not need to be traded. When this number of baskets it thinks it can hold is reached -...
Stealing money from protocol
Lines of code Vulnerability details Impact Parameters address from,uint256 amount passed in the function call distribute not checked , attacker can specify any address approved to distrutor and any amount to steal asset Proof of Concept function distribute IERC20 erc20, address from, uint256 amou...
abi.encodePacked Allows Hash Collision
Lines of code Vulnerability details Impact From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked"a", "bc" ==...
OracleLib: Price can be negative
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...
Cross-chain replay attacks are possible with delegateBySig
Lines of code Vulnerability details If a user does a delegateBySig using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the wintermute gnosis safe attack, where the attacker can create the same address that the user tried to, and steal the fund...
[NAZ-M4] Missing isRegistered Check in sweepRewards()
Lines of code Vulnerability details Impact In the sweepRewardsSingle function there is a check to see if the ERC20 token to be swept is registered or not. While in the sweepRewards function that sweeps multiple ERC20 tokens instead of just one, this check is missing. With that in mind, sweepRewar...
stRSR.seizeRSR() should check whether the basket of collateral is defaulted
Lines of code Vulnerability details Impact Backing Manager can seize RSR anytime and not within reason. RSR stakers will lose their funds. Proof of Concept Protocol states that staked RSR can be seized in the case of a collateral default, in a process that is entirely mechanistic based on on-chai...
attacker can make stakeRate to be 1 in the StRSR contract and users depositing tokens can lose funds because of the big rounding error
Lines of code Vulnerability details Impact code calculates amount of stake token and rsr token based on stakeRate and if stakeRate was near 1e18 then division error is small but attacker can cause stakeRate to be 1 and that can cause users to loss up to 1e18 token during stake and unstake. Proof ...
Missing require statement for sellAmount in init() function leading to potential loss of funds.
Lines of code Vulnerability details Impact init function is missing a require statement to check if the input variable sellAmount is less than or equal to the contract's balance of sell tokens. This means that the contract is allowing the user to initiate an auction with a sell amount greater tha...
redeem() should be possible when protocol is Paused but to be able to redeem function grantRTokenAllowance() should be called for any basket tokens and it can only be called when protocol is not paused
Lines of code Vulnerability details Impact Function redeem in RToken contract, redeems RToken for basket collateral and it's callable when protocol is paused. but function redeem transfers basket tokens from BackingManager contract to redeemer and it requires spending allowance of the BackingMang...
Fee on transfer based collateral is not considered.
Lines of code Vulnerability details Impact It has following impacts. 1. backingManager would be transferred with lesser than deposits 2. Recorded liabilities will be more 3. collateral deposited into the RToken contract would be lesser than deposits Proof of Concept Any one can mint RToken by...
RToken issuers are not protected from slippage
Lines of code Vulnerability details Impact Users can get loss from the slippage due to various potential reasons. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals using the function issue. The function issue has two parameters specifying the recipient and...
Small amounts of funds can be stolen during recollateralization
Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted but shows a similar exploit can be done if a user isn't a whale, stealing a smaller amount of funds. This is potentially a "high" risk depending on how easy you think execution is. I think it's...
Wrong check isContract for Permit
Lines of code Vulnerability details Impact In function: requireSignature. The validation to check whether the msg.sender is a smart contract is not enough in this case. Anyone could bypass that check by calling that function from the constructor of a newly deployed contract. Therefore not the rig...
ERC20Permit should include chainId and address to avoid replay attacks
Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...
Lack of proper input validation in fulfillOrder function
Lines of code Vulnerability details Impact function fulfillOrder Order calldata order, bytes32 fulfillerConduitKey external payable returns bool fulfilled; fulfillOrder function is designed to fulfill orders on the marketplace, however, the code provided does not clearly define what fields the...
Lack of proper input validation in fulfillBasicOrder function.
Lines of code Vulnerability details Impact function fulfillBasicOrder BasicOrderParameters calldata parameters external payable returns bool fulfilled; fulfillBasicOrder function is designed to fulfill basic orders on the marketplace, however, the code provided does not clearly define what fields...
RSR will stuck + Withdrawal wont work
Lines of code Vulnerability details Impact Withdrawals will not work once seizeRSR is called. Also this will cause some RSR to become unusable as shown in POC Proof of Concept 1. Lets say 3 unstakes were made for stakeRSR 20,30,40 using unstake function by User A, B, C 2. This calls the pushDraft...
Redemptions during undercollateralization can be hot-swapped to steal all funds
Lines of code Vulnerability details Impact During recollateralization/a switch basket/when the protocol collateral isn't sound, a user can have almost their entire redemption transaction hot swapped for nothing. For example, trying to redeem 1M collateral for 1M rTokens could have the user end up...
Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals
Lines of code Vulnerability details Impact Adversary can maliciously disable cToken collateral to cause loss to rToken during restructuring Proof of Concept if referencePrice 0: / if redeemTokensIn 0 / We calculate the exchange rate and the amount of underlying to be redeemed: redeemTokens =...
Compilation Error: Undefined function 'shiftl_toFix' in CTokenFiatCollateral Contract
Lines of code Vulnerability details Impact return shiftltoFixrate, shiftLeft; It should be noted that the function "shiftltoFix" is not defined in the contract and not imported from any library, this means that the compiler will throw an error when trying to deploy the contract and this function...
Deletion on mapping containing a structure
Lines of code Vulnerability details Impact A deletion in a structure containing a mapping will not delete the mapping. The remaining data may be used to compromise the contract. Proof of Concept BasketHandler.sol: 219: delete config.targetAmtsconfig.erc20si; 220: delete...
Inadequate Maximum Orders Value in Determining Minimum Buy Amount Per Order
Lines of code Vulnerability details Impact The MAXORDERS constant is defined as a uint96, which has a maximum value of 2^96-1. This means that the maximum number of orders that the contract is able to handle is 2^96-1. However, if the number of orders exceeds this maximum value, the calculation f...
Battery discharge mechanism doesn't work correctly for first redemption
Lines of code Vulnerability details Impact The RTokenP1 contract implements a throttling mechanism using the RedemptionBatteryLib library. The library models a "battery" which "recharges" linearly block by block, over roughly 1 hour. RToken.sol function redeemuint256 amount external notFrozen //...
A staker might drain the stRST contract slowly
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...
ISCOLLATERAL FUNCTION IS ALWAYS RETURNING FALSE
Lines of code Vulnerability details Impact isCollateral in Asset.sol is a critical function updating the caller if the asset is an instance of ICollateral or not. However, it is noted that this function is always returning false, making all associated require statements to revert with this...
Governance manipulation through signatures
Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...
Function stake() and unstake() doesn't have correct rounding, they both round up when calculating caller funds and stakers lose funds slowly and contract rewards acting users
Lines of code Vulnerability details Impact Functions stake and unstake in StRSR contract is used for depositing RSR tokens and withdrawing them. but calculations in those functions is always rewarding caller as it rounds up when calculating caller amount. This can give attacker opportunity to sta...
Unchecked return price > 0 oracle
Lines of code Vulnerability details Impact In the function price, there is no check that the return price that chainlink sends is 0. uint80 roundId, int256 p, , uint256 updateTime, uint80 answeredInRound = chainlinkFeed .latestRoundData; if updateTime == 0 || answeredInRound timeout revert...
Real Furnace and StRSR addresses can be added to the Distributor
Lines of code Vulnerability details Impact RToken may be distributed to StRSR and frozen. RSR may be distributed to Furnace and frozen. Proof of Concept Both Furnace and StRSR are added to the destinations of Distributor in DistributorP1init: function initIMain main, RevenueShare calldata dist...
Baited by redemption during undercollateralization (no issuance, just transfer)
Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted, but also shows a similar exploit can be done if a user isn't a whale, and isn't issuing anything. A user can send a redeem TX and an evil actor can make it so they get almost nothing back during...
[High - 1] StaticATokenLM depositors are loosing tokens by depositing AToken directly
Lines of code Vulnerability details Impact In the StaticATokenLM contract, users are allowed to deposit either AToken yield bearing tokens from AAVE, or their underlying tokens. The amount is converted to shares systematically, even if the depositor deposits shares. As shares are usually worth mo...
A malicious user can call transferWithdrawReserve() multiple times to modify s.withdrawReserve
Lines of code Vulnerability details Impact The function PublicVault.soltransferWithdrawReserve is meants to transfers funds from the PublicVault to the WithdrawProxy. However, this function has no access control, anyone can call it multiple times to modify the withdrawReserve value Proof of Conce...
Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...
Inconsistent min deposit
Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...
Purchaser of a lien token may not receive payments
Lines of code Vulnerability details Impact A purchaser who buys out an existing lien via buyoutLien will not receive future payments made to that lien holder if the seller had changed the lien payee via setPayee and if they do not change it themselves after buying. buyoutLien does not reset...
commitToLien() can create LienToken for any holder
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...