attacker can make stakeRate to be 1 in the StRSR contract and users depositing tokens can lose funds because of the big rounding error

Lines of code Vulnerability details Impact code calculates amount of stake token and rsr token based on stakeRate and if stakeRate was near 1e18 then division error is small but attacker can cause stakeRate to be 1 and that can cause users to loss up to 1e18 token during stake and unstake. Proof ...

Deployer will deploy proxies that cannot be upgraded

Lines of code Vulnerability details Impact In contrast to the Test File, in which you're deploying the proxies directly, the setup from Deployer will keep the Proxy Admin to a zero value. Meaning nobody will be able to upgrade them after the deployment. See POC below to show that the admin slot i...

RecollateralizationLib: Flaw in basket range calculation leads to early basket compromise and loss to RToken holders

Lines of code Vulnerability details Impact This report deals with how the recollateralization algorithm underestimates the number of baskets it can hold by calculating unnecessary costs for collateral that does not need to be traded. When this number of baskets it thinks it can hold is reached -...

Lack of proper input validation in fulfillOrder function

Lines of code Vulnerability details Impact function fulfillOrder Order calldata order, bytes32 fulfillerConduitKey external payable returns bool fulfilled; fulfillOrder function is designed to fulfill orders on the marketplace, however, the code provided does not clearly define what fields the...

Withdraw someone elses funds

Lines of code Vulnerability details Impact In the withdraw function: function withdrawaddress account, uint256 endId external notPausedOrFrozen anyone can input another user address and the funds will be withdrawn to the user. While funds are not stolen, this breaks the entire project because use...

Governance manipulation through signatures

Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...

Compilation Error: Undefined function 'shiftl_toFix' in CTokenFiatCollateral Contract

Lines of code Vulnerability details Impact return shiftltoFixrate, shiftLeft; It should be noted that the function "shiftltoFix" is not defined in the contract and not imported from any library, this means that the compiler will throw an error when trying to deploy the contract and this function...

Small amounts of funds can be stolen during recollateralization

Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted but shows a similar exploit can be done if a user isn't a whale, stealing a smaller amount of funds. This is potentially a "high" risk depending on how easy you think execution is. I think it's...

Missing require statement for sellAmount in init() function leading to potential loss of funds.

Lines of code Vulnerability details Impact init function is missing a require statement to check if the input variable sellAmount is less than or equal to the contract's balance of sell tokens. This means that the contract is allowing the user to initiate an auction with a sell amount greater tha...

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

[NAZ-M4] Missing isRegistered Check in sweepRewards()

Lines of code Vulnerability details Impact In the sweepRewardsSingle function there is a check to see if the ERC20 token to be swept is registered or not. While in the sweepRewards function that sweeps multiple ERC20 tokens instead of just one, this check is missing. With that in mind, sweepRewar...

Unchecked return price > 0 oracle

Lines of code Vulnerability details Impact In the function price, there is no check that the return price that chainlink sends is 0. uint80 roundId, int256 p, , uint256 updateTime, uint80 answeredInRound = chainlinkFeed .latestRoundData; if updateTime == 0 || answeredInRound timeout revert...

Cross-chain replay attacks are possible with delegateBySig

Lines of code Vulnerability details If a user does a delegateBySig using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the wintermute gnosis safe attack, where the attacker can create the same address that the user tried to, and steal the fund...

ERC20Permit should include chainId and address to avoid replay attacks

Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...

Overflow vulnerability in worstCasePrice variable.

Lines of code Vulnerability details Impact // == Economic parameters // This trade is on behalf of origin. Only origin may call settle, and the buy tokens // from this trade's acution will all eventually go to origin. address public origin; IERC20Metadata public sell; // address of token this tra...

Missing Function Definition in tryPrice() leading to contract failure.

Lines of code Vulnerability details Impact basketRange in the contract. The function tryPrice calls the function basketRange from the library RecollateralizationLibP1, which is not defined in the contract. As a result, when tryPrice is executed, it will cause the contract to revert and throw an...

A transfer-on-fee token or a deflationary/rebasing token, causing the received amount to be less than the accounted amount. For instance, a deflationary tokens might charge a certain fee for every safetransfer() or safetransferFrom().

Lines of code Vulnerability details Impact ALice calls stakeamount = 100 deflationary Tokens. Because the token has a fee upon transfer, StRSR receives only 99 tokens and staked that amount to mint but user thought that receives 100 tokens . But reality token received for stRSR only 99 . Proof of...

Rounding error in distribute() function

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The distribute function might suffer from serious rounding error since it calculates tokensPerShare that has a division rounding error, and then use uint256 transferAmt = tokensPerShare numberOfShares; ...

Real Furnace and StRSR addresses can be added to the Distributor

Lines of code Vulnerability details Impact RToken may be distributed to StRSR and frozen. RSR may be distributed to Furnace and frozen. Proof of Concept Both Furnace and StRSR are added to the destinations of Distributor in DistributorP1init: function initIMain main, RevenueShare calldata dist...

early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work

Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...

Unauthorized Access in _verifySignature function due to improper use of msg.sender.

Lines of code Vulnerability details Impact if unmaskedAddressComparisonofferer, msg.sender return; If an attacker is able to call this function and make the msg.sender match the offerer, they will bypass the signature verification check and may be able to execute the contract's functionality as i...

abi.encodePacked Allows Hash Collision

Lines of code Vulnerability details Impact From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked"a", "bc" ==...

OracleLib: Price can be negative

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

redeem() should be possible when protocol is Paused but to be able to redeem function grantRTokenAllowance() should be called for any basket tokens and it can only be called when protocol is not paused

Lines of code Vulnerability details Impact Function redeem in RToken contract, redeems RToken for basket collateral and it's callable when protocol is paused. but function redeem transfers basket tokens from BackingManager contract to redeemer and it requires spending allowance of the BackingMang...

Function stake() and unstake() doesn't have correct rounding, they both round up when calculating caller funds and stakers lose funds slowly and contract rewards acting users

Lines of code Vulnerability details Impact Functions stake and unstake in StRSR contract is used for depositing RSR tokens and withdrawing them. but calculations in those functions is always rewarding caller as it rounds up when calculating caller amount. This can give attacker opportunity to sta...

ISCOLLATERAL FUNCTION IS ALWAYS RETURNING FALSE

Lines of code Vulnerability details Impact isCollateral in Asset.sol is a critical function updating the caller if the asset is an instance of ICollateral or not. However, it is noted that this function is always returning false, making all associated require statements to revert with this...

Inadequate Maximum Orders Value in Determining Minimum Buy Amount Per Order

Lines of code Vulnerability details Impact The MAXORDERS constant is defined as a uint96, which has a maximum value of 2^96-1. This means that the maximum number of orders that the contract is able to handle is 2^96-1. However, if the number of orders exceeds this maximum value, the calculation f...

RToken issuers are not protected from slippage

Lines of code Vulnerability details Impact Users can get loss from the slippage due to various potential reasons. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals using the function issue. The function issue has two parameters specifying the recipient and...

Stealing money from protocol

Lines of code Vulnerability details Impact Parameters address from,uint256 amount passed in the function call distribute not checked , attacker can specify any address approved to distrutor and any amount to steal asset Proof of Concept function distribute IERC20 erc20, address from, uint256 amou...

Wrong check isContract for Permit

Lines of code Vulnerability details Impact In function: requireSignature. The validation to check whether the msg.sender is a smart contract is not enough in this case. Anyone could bypass that check by calling that function from the constructor of a newly deployed contract. Therefore not the rig...

Baited by redemption during undercollateralization (no issuance, just transfer)

Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted, but also shows a similar exploit can be done if a user isn't a whale, and isn't issuing anything. A user can send a redeem TX and an evil actor can make it so they get almost nothing back during...

A staker might drain the stRST contract slowly

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...

Deletion on mapping containing a structure

Lines of code Vulnerability details Impact A deletion in a structure containing a mapping will not delete the mapping. The remaining data may be used to compromise the contract. Proof of Concept BasketHandler.sol: 219: delete config.targetAmtsconfig.erc20si; 220: delete...

[High - 1] StaticATokenLM depositors are loosing tokens by depositing AToken directly

Lines of code Vulnerability details Impact In the StaticATokenLM contract, users are allowed to deposit either AToken yield bearing tokens from AAVE, or their underlying tokens. The amount is converted to shares systematically, even if the depositor deposits shares. As shares are usually worth mo...

Lack of proper input validation in fulfillBasicOrder function.

Lines of code Vulnerability details Impact function fulfillBasicOrder BasicOrderParameters calldata parameters external payable returns bool fulfilled; fulfillBasicOrder function is designed to fulfill basic orders on the marketplace, however, the code provided does not clearly define what fields...

Redemptions during undercollateralization can be hot-swapped to steal all funds

Lines of code Vulnerability details Impact During recollateralization/a switch basket/when the protocol collateral isn't sound, a user can have almost their entire redemption transaction hot swapped for nothing. For example, trying to redeem 1M collateral for 1M rTokens could have the user end up...

User funds can be locked in RToken contract for a long time

Lines of code Vulnerability details Impact Unnecessary delay on the first issuance will lock the first issuer's deposit and other following deposits. Proof of Concept Users can issue new RTokens by depositing the necessary collaterals. The protocol is designed to limit issuance by some rate and t...

function withdraw() in StRSR won't update contract state (totalDrafts) in all cases which can cause wrong fund distribution and fund stucking in the contract

Lines of code Vulnerability details Impact Function withdraw complete an account's unstaking. it transfers user draft withdrawals and updates totalDrafts. but when calculated rsrAmount is 0 code returns and won't updates totalDrafts which can cause wrong calculations as those draft items removed...

Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals

Lines of code Vulnerability details Impact Adversary can maliciously disable cToken collateral to cause loss to rToken during restructuring Proof of Concept if referencePrice 0: / if redeemTokensIn 0 / We calculate the exchange rate and the amount of underlying to be redeemed: redeemTokens =...

Battery discharge mechanism doesn't work correctly for first redemption

Lines of code Vulnerability details Impact The RTokenP1 contract implements a throttling mechanism using the RedemptionBatteryLib library. The library models a "battery" which "recharges" linearly block by block, over roughly 1 hour. RToken.sol function redeemuint256 amount external notFrozen //...

## Significant roundoff error in melt() function

Lines of code Vulnerability details Significant roundoff error in melt function Significant roundoff error is caused when calculating numPeriods. Also frequent calling of this function caused sever error. Proof of Concept 70 function melt external notPausedOrFrozen 71 if uint48block.timestamp 0...

stRSR.seizeRSR() should check whether the basket of collateral is defaulted

Lines of code Vulnerability details Impact Backing Manager can seize RSR anytime and not within reason. RSR stakers will lose their funds. Proof of Concept Protocol states that staked RSR can be seized in the case of a collateral default, in a process that is entirely mechanistic based on on-chai...

melt() calculates lastPayoutBal wrongly

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. melt calculates lastPayoutBal wrongly since it calls rToken.meltamount later. Proof of Concept melt calculates lastPayoutBal wrongly since it calls rToken.meltamount later. Therefore, lastPayoutBal shou...

RSR will stuck + Withdrawal wont work

Lines of code Vulnerability details Impact Withdrawals will not work once seizeRSR is called. Also this will cause some RSR to become unusable as shown in POC Proof of Concept 1. Lets say 3 unstakes were made for stakeRSR 20,30,40 using unstake function by User A, B, C 2. This calls the pushDraft...

Fee on transfer based collateral is not considered.

Lines of code Vulnerability details Impact It has following impacts. 1. backingManager would be transferred with lesser than deposits 2. Recorded liabilities will be more 3. collateral deposited into the RToken contract would be lesser than deposits Proof of Concept Any one can mint RToken by...

Infinite Loop Vulnerability in endIdForWithdraw() Function.

Lines of code Vulnerability details Impact While loop within the endIdForWithdraw function. while left time test = left + right / 2; // left test right because left right - 1 if queuetest.availableAt = time left = test; else right = test; This loop can cause an infinite loop if the loop invariant...

ERC4626Cloned.previewMint() causes malicious users to can exclusive access to vault

Lines of code Vulnerability details Impact exclusive access to vault,Other users will not be able to mint Proof of Concept In the previewMint method, if the first user mint, no matter how many shares the user passes in, only 10e18 assets are needed function previewMintuint256 shares public view...

settleAuction() Check for status errors

Lines of code Vulnerability details Impact ClearingHouse.safeTransferFrom to execute successfully even if there is no bid Proof of Concept settleAuction is called at the end of the auction and will check if the status is legal function settleAuctionuint256 collateralId public if...

A malicious user can call transferWithdrawReserve() multiple times to modify s.withdrawReserve

Lines of code Vulnerability details Impact The function PublicVault.soltransferWithdrawReserve is meants to transfers funds from the PublicVault to the WithdrawProxy. However, this function has no access control, anyone can call it multiple times to modify the withdrawReserve value Proof of Conce...

totalStakes is not updated in seizeRSR()

Lines of code Vulnerability details Impact when RSR is seized in the function seizeRSR stakeRSR is update but totalStakes is not updated so after seizeRSR is called when stake is called the line 225 uint256 stakeAmount = newTotalStakes - totalStakes; will underflow and revert because totalStakes ...