Overflow/Underflow in interest calculation caused by lack of timestamp validation in _getInterest() & _getRemainingInterest() function

Lines of code Vulnerability details Impact An attacker could manipulate the last timestamp of a lien in the stack struct to cause an underflow or overflow in the interest calculation. This could result in an incorrect interest amount being calculated, which could lead to incorrect payments being...

User can lose 10 ethers to Vault

Lines of code Vulnerability details Impact If a user or a contract that has a large allowance 10 ethers or max on an ERC4626Cloned based Vault that has not yet received any deposits, calls mint with 0 share argument, will have a 10 ethers of the asset transferred to the Vault with no way to recla...

PublicVault Contract Allows Minting Tokens to a Null Address

Lines of code Vulnerability details Impact The PublicVault contract allows the minting of tokens to a null address. When the redeemFutureEpoch function is called with a null address as the receiver, the function will still proceed with the minting of the underlying asset, but the tokens will not...

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...

Front-run Initializer

Lines of code Vulnerability details Impact In function: function initialize Authority AUTHORITY, ICollateralToken COLLATERALTOKEN, ILienToken LIENTOKEN, ITransferProxy TRANSFERPROXY, address VAULTIMPL, address SOLOIMPL, address WITHDRAWIMPL, address BEACONPROXYIMPL, address CLEARINGHOUSEIMPL...

Comparison Of Different Types Might Lead to Inconsistent Behavior

Lines of code Vulnerability details Impact Comparison Of Different Types Might Lead to Inconsistent Behavior Proof of Concept The comparison here compares two different types , i.e. uint88 withdrawReserve and uint256 withdrawBalance. This type of mismatched might induce unwanted behavior If a bug...

IRREVERSIBLE SHUTDOWN FUNCTION

Lines of code Vulnerability details Impact The abstract contract VaultImplementation is inherited by Vault.sol and PublicVault.sol. Its shutdown can be called by the strategist to make loadVISlot.isShutdown = true. This will make the modifier whenNotPaused revert, rendering commitToLien and...

commitment.lienRequest.strategy.vault can be dffierent from the actual vault

Lines of code Vulnerability details Impact The protocol doesn't check that commitment.lienRequest.strategy.vault is equal to the actual vault. The problem with this is that commitment.lienRequest.strategy.vault and vault might be using 2 different tokens. The borrower gets the token of the actual...

ClearingHouse can pass in a malicious payment token

Lines of code Vulnerability details Impact vault loss assets Proof of Concept When the auction is successful the NFT is transferred to the bidder and seaport calls ClearingHouse.safeTransferFrom to trigger the repayment of the debt through the conduit mechanism ClearingHouse.safeTransferFrom -...

Potential issue with Vault.depost function

Lines of code Vulnerability details Impact Contract Vault is a private vault which only allows the owner also the strategist to deposit. However, Vault.deposit uses an unnecessary complicated logic requires.allowListmsg.sender && receiver == owner; to allow only owner to deposit actually the...

LienToken.transferFrom There is a possibility of malicious attack

Lines of code Vulnerability details Impact Corrupt multiple key properties of public vault, causing vault not to function properly Proof of Concept When LienToken.makePayment/buyoutLien/payDebtViaClearingHouse If it corresponds to PublicVault, it will make multiple changes to the vault, such as:...

WithdrawProxy calculation error for tokens with decimals != 18 leads to claim reverting

Lines of code Vulnerability details withdrawRatio has 18 decimals 314: s.liquidationWithdrawRatio = proxySupply 315: .mulDivDown1e18, totalSupply 316: .safeCastTo88; 317: 318: currentWithdrawProxy.setWithdrawRatios.liquidationWithdrawRatio; But in WithdrawProxy.claim, transferAmount divides...

[M-01] Public Vault cannot be reactivated after Shutdown.

Lines of code Vulnerability details Impact If the strategist who created the vault is compromised/hacked or accidentally/intentionally shutdown the vault by call shutdown the public vault cannot be resumed. There is no function that sets isShutdown = false. Unintentional shutdown of a large publi...

FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION

Lines of code Vulnerability details Impact This is a common attack vector involving shares based liquidity pool contracts. An early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share. Note:...

Wrong implementations in ERC4626RouterBase contract

Lines of code Vulnerability details The ERC4626RouterBase contract contains a set of functions that act as wrappers for a ERC4626 contract, providing a base periphery functionality around a ERC4626 vault. There are a number of different flaws in the wrapped implementations of mint, deposit,...

commitToLien() can create LienToken for any holder

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...

Manipulate the price per share value and unfair share of future users' deposits'

Lines of code Vulnerability details Impact Most of the share based vault implementation will face this issue. The vault is based on the ERC4626 where the shares are calculated based on the deposit value. By depositing large amount as initial deposit, initial depositor can influence the future...

A user can use the same proof for a commitment more than 1 time

Lines of code Vulnerability details Impact A user can use the same commitment signature and merkleData more than 1 time to obtain another loan. Proof of Concept A user needs to make some procedures to take a loan against an NFT. Normally the user calls commitToLiens in AstariaRouter.sol providing...

WithdrawProxy will break if there is a fee-on-transfer underlying

Lines of code Vulnerability details PublicVault.transferWithdrawReserve will increase WithdrawProxy.withdrawReserveReceived by withdrawBalance. The issue is that if the token has a fee-on-transfer, withdrawBalance will be greater than the amount received by withdrawProxy 384:...

Incorrect Trade Settlement in settleTrade() function

Lines of code Vulnerability details Impact /// Settle a single trade, expected to be used with multicall for efficient mass settlement /// @custom:refresher function settleTradeIERC20 sell external; This function takes in only a single IERC20 token as a parameter, with no other information about...

Interest is much lower than what it should be

Lines of code Vulnerability details Protocol interest calculation is said in the docs to be as follow: To convert a standard annualized simple interest rate to an Astaria-compatible interest per second value, divide by 3153600031536000 seconds per year and multiply by 10^18 This is not what is...

Basket range formula is inefficient, leading the protocol to unnecessary haircut

Lines of code Vulnerability details Impact The BackingManager.manageTokens function checks if there's any deficit in collateral, in case there is, if there's a surplus from another collateral token it trades it to cover the deficit, otherwise it goes for a 'haircut' and cuts the amount of basket...

Attacker can fake an ERC20 token as the paymentToken and call ClearingHouse.safeTransferFrom() to prematurely settle the auction, preventing the actual auction from completing

Lines of code Vulnerability details Impact ClearingHouses are deployed for each new loan and settle payments between Seaport auctions and Astaria Vaults if a liquidation occurs. However, due to the lack of proper data validation in the current implementation, anyone can fake a token and transfer ...

INCORRECT FUNCTION CALLS

Lines of code Vulnerability details Impact In Vault.sol, WithdrawProxy.sol and PublicVault.sol, name is making an incorrect external call to return its output variable. Apparently, it is calling ERC20asset.symbol instead of ERC20asset.name. Devoid of an accurate name description, this could lead ...

Proper use of dependecy

Lines of code Vulnerability details Impact Using safeTransferFrom of solmate. There is no checking the token address is exist Proof of Concept After consulting the dev, the only check for making sure the token exist is a list on the UI/fontend side. A highly motivated attacker can easily disable...

ERC4626Cloned deposit and mint logic differ on first deposit

Lines of code Vulnerability details The ERC4626Cloned contract is an implementation of the ERC4626 used for vaults. The standard contains a deposit function to deposit a specific amount of the underlying asset, and a mint function that will calculate the amount needed of the underlying token to...

Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...

Inconsistent min deposit

Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...

_buyoutLien() does not properly validate the liquidationInitialAsk

Lines of code Vulnerability details Impact Illegal liquidationInitialAsk, resulting in insufficient bids to cover the debt Proof of Concept buyoutLien will validate against liquidationInitialAsk, but incorrectly uses the old stack for validation function buyoutLien LienStorage storage s,...

refPerTok() for one asset might revert and break the protocol

Lines of code Vulnerability details Impact It turns out that function refPerTok might revert for some assets. For example for CTokenFiatCollateral an external call might revert. As a result refPerTok also reverts. Function refPerTok is called in a loop for all assets inside...

Solmate's ERC20 does not check for token contract's existence

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in the codes. Proof of Concept Provide direct links to all...

Reentrancy Vulnerability in stake() and unstake() functions.

Lines of code Vulnerability details Impact An attacker can repeatedly call these functions and manipulate the state of the contract, potentially leading to a loss of funds for the users of the contract. For example, an attacker could repeatedly call the stake function, causing the attacker to...

makePayment() may increase the user's debt

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept makePayment will be called when the user needs to repay the money, in two cases. 1. If the repayment amount = borrowed amount + interest, then the loan is paid off and the corresponding...

createLien() The first LienToken does not check for liquidationInitialAsk and maxPotentialDebt

Lines of code Vulnerability details Impact Illegal liquidationInitialAsk and maxPotentialDebt may result in bids amount do not cover the debt Proof of Concept With the current implementation, the first LienToken does not check liquidationInitialAsk and maxPotentialDebt function appendStack...

LienToken: Lender and liquidator can collude to block auction and seize collateral

Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...

[M-02] Strategist has full control over Public Vault it can be risky for depositors

Lines of code Vulnerability details Impact The strategist has full control over all key functions. If the strategist is compromised or hacked he will be able to manipulate the vault. For example, increase the depositCap modifyDepositCapuint256 newCap, add a depositor to the whitelist...

commitToLien() can pass in an illegal payment token

Lines of code Vulnerability details Impact Stealing vault assets Proof of Concept There are currently two ways to create new Liens in the system 1. user call AstariaRouter.commitToLiens, the internal implementation of this is through VaultImplementation.commitToLien to create 2. user can call...

First ERC4626 deposit can break share calculation

Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...

Transfer of assets should come before deleting and burning the collateral id

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Clldata id is burnt and deleted before transfer Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...

Reentrancy in safeTransferFrom() in ClearingHouse.sol allows the attacker to withdraw the collateral, while still owning the borrowed assets.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Calling the function safeTransferFrom and passing in a custom, attacker controlled payment token allows the malicious actor to perform reentrancy. the following function clears the attacker of all debt,...

Purchaser of a lien token may not receive payments

Lines of code Vulnerability details Impact A purchaser who buys out an existing lien via buyoutLien will not receive future payments made to that lien holder if the seller had changed the lien payee via setPayee and if they do not change it themselves after buying. buyoutLien does not reset...

The calculation logic for the currentEpochStartTimestamp in the constructor of the CashManager.sol is wrong

Lines of code Vulnerability details Impact This wrong calculation logic for the currentEpochStartTimestamp lead to the situation the currentEpoch that the wrong result is assigned will be stored into the storages in the several functions in the CashManager.sol. Proof of Concept Epoch parameters...

exchangeRateDeltaLimit can be exceeded with overrideExchangeRate() and remain unpaused

Lines of code Vulnerability details Impact The CashManger has a safety feature that limits the maximum change in the exchange rate between epochs. in setMintExchangeRate it is checked that this limit is not exceeded but there is no check in overrideExchangeRate. Proof of Concept An epoch could ha...

Centralization risk

Lines of code Vulnerability details Impact MANAGERADMIN can set a very high value for minimumRedeemAmount which will ensure that all attempt to redeem amount simply fails Proof of Concept 1. User A wants to redeem amount 100000 using the requestRedemption function 2. Before User A can do so,...

If completeRedemptions is called multiple times to redeem one epoch, the complex calculation may result in incorrect redemptions

Lines of code Vulnerability details Impact When MANAGERADMIN calls the completeRedemptions function, it requires that both redeemers and refundees have KYC. If the redeemer loses KYC, the redeemer's address will not appear in redeemers and refundees, otherwise completeRedemptions will fail...

Future Epoch Pending Redemption Balance Set Vulnerability

Lines of code Vulnerability details Impact The setPendingRedemptionBalance function allows an admin to set the balance of a user's pending redemption for a specific epoch. However, it does not properly check that the epoch being set is in the past and not in the future. An attacker could...

Incorrect Authorization in setPendingRedemptionBalance function can lead receiving more collateral

Lines of code Vulnerability details Impact An attacker to exploit the setPendingRedemptionBalance function if they are able to gain the MANAGERADMIN role. In the provided code, the function allows the MANAGERADMIN to set the pending redemption balance of a user for a specific epoch. If an attacke...

setPendingRedemptionBalance() fails to modify currentRedeemAmount when epoch == currentEpoch

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. setPendingRedemptionBalance fails to modify currentRedeemAmount when epoch == currentEpoch. This is necessary since when epoch == currentEpoch, if redemptionInfoPerEpochepoch.addressToBurnAmtuser is...

CASH token cannot be transferred among users and accounts

Lines of code Vulnerability details Impact Since the CASH token cannot be transferred unless it is explicitly allowed, the users cannot send tokens between accounts, trade it on DEXes, or integrate it into their protocols. This is a non-standard behavior that should be reported to them. Proof of...

Possiblity of storage collision

Lines of code Vulnerability details Impact There is a possibility of storage collision, when you upgrade the implementation contract in the . This could happen because the storage in the smart contract is stored the storage value from the left to the right, and if you add a new var to the storage...