Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details Impact latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Impact Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having ...

Return values of approve() not checked

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Upgraded Q -> 2 from #491 [1701115520323]

Judge has assessed an item in Issue 491 as 2 risk. The relevant finding follows: L-03 While StakedUSDeV2.cooldownDuration is changed from non-zero to zero, stakers should be able to call StakedUSDeV2.unstake to withdraw assets regardless of userCooldown.cooldownEnd File: While...

Upgraded Q -> 2 from #304 [1701018148851]

Judge has assessed an item in Issue 304 as 2 risk. The relevant finding follows: Incorrect minTotalContribution and minContribution Interaction --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #583 [1700600391503]

Judge has assessed an item in Issue 583 as 2 risk. The relevant finding follows: Setting StakedUSDeV2’s cooldownDuration variable from non-zero to zero should remove any existing cooldowns If the admin calls StakedUSDeV2setCooldownDuration to set cooldownDuration to 0, users that have recently...

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

Unchecked cToken mint in mint() risks imbalance, breaking 1:1 peg reserve backing.

Lines of code Vulnerability details Impact mint does not check return code from cToken.mint. If minting fails, contract could have imbalance between cTokens and minted asD tokens. Attacker mints asD but underlying cToken mint fails. Result is loss of 1:1 peg backing. Proof of Concept In the mint...

Reentrancy leads to minting/burning/buying without paying the correct amount of fees

Lines of code Vulnerability details Impact Fee calculations depends on shareDataid.tokenCount, which is updated AFTER doing the transfer of token. That means, if the token is an ERC777 compatible token, users can reenter the function paying, for example, less fees on a buy operation. Proof of...

LACK OF DEADLINE AND SLIPPAGE CHECKS COULD PROMPT THE USERS TO EXECUTE THE BUY AND SELL TRANSACTIONS AT UNFAVOURABLE PRICE POINTS

Lines of code Vulnerability details Impact The Market.sol contract implements four functions which depend on the linear bonding curve to calculate the price and fee amounts associated with their logic execution. These functions are Market.buy, Market.sell, Market.mintNFT and Market.burnNFT. The...

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

Reentrancy in Token Transfers

Lines of code Vulnerability details Impact The mint and burn functions perform ERC20 token transfers without implementing a reentrancy guard. This allows malicious approving contracts to call back into these functions during a transaction and manipulate state. An attacker could steal all approved...

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

improper validations result in loss of funds.

Lines of code Vulnerability details Impact due the improper validation on amount , the users can pass Amount as 0 the calculated fee will be 0 and safeTranferFrom will pass. function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve =...

buggy reward calculation

Lines of code Vulnerability details Impact This is very similar to an inflation attack. Rewards increase whenever splitFees is being called which is anywhere buy/sell/mint/burn. The calculation is done like this: shareDataid.shareHolderRewardsPerTokenScaled += shareHolderFee 1e18 / tokenCount;...

Sandwich attack on buy()

Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...

D.O.S due to wrong scaling factor

Lines of code Vulnerability details Impact The cNote token which is a fork of the CToken contract has a scaling method used to handle the exchange rate between CToken and the underlying token. This method helps scale the exchange rate because solidity doesn't handle fixed-point decimals. The...

user can buy when there's no bonding curve set

Lines of code Vulnerability details Impact Users can buy with no bonding curve set Proof of Concept function buyuint256 id, uint256 amount external /// @audit add a check that ensures there's a bonding curve set requireshareDataid.creator != msg.sender, "Creator cannot buy"; uint256 price, uint25...

Malicious shares can't be paused or stopped after creation, so users will continue use them

Lines of code Vulnerability details Impact In case if share creator is a malefactor he can try to do multiple malicious operations: Pump and Dump attack with price manipulation, artificially increase fees for NFT minting. Proof of Concept Both attacks described in my other reports and unfortunate...

Require statement will allow WhitlistedShareCreators to create a share when share Creation is Restricted

Lines of code Vulnerability details Impact Sharecreators can create new shares even when share creation is restricted. Proof of Concept 1. owner restricts share creation. function restrictShareCreationbool isRestricted external onlyOwner requireshareCreationRestricted != isRestricted, "State...

Price can be easily inflated/deflated by large depositors in the Market contract

Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...

wrong implementation cause unfair distribution

Lines of code Vulnerability details Impact wrong implementation cause unfair fee distribution among sharesHolder Proof of Concept In sell and mintNFt ,tokensInCirculation and tokens owned by address is deducted only after split fee is happened .To be fair , user should not get fee from tokens tha...

The owner of the asD contract (i.e. the creator) can not withdraw the accrued interest

Lines of code Vulnerability details Impact The asD.withdrawCarry function will always throw an error for all normal totalSupply values due to inappropriate scale factor. So the creator can withdraw the accrued interest only after all users will burn their asD tokens. Proof of Concept The scale...

fees model is counter-productive

Lines of code Vulnerability details Impact Fees become more and more expensive as there are more buys in the share. Fees are collected when a user buy/sell/mint/burn. As the protocol or the share creator, you would want to earn more rewards which is done if a lot of users are buying in or if a lo...

Fees don't always increase as buys increase

Lines of code Vulnerability details Impact To simplify/showcase the situation, let's assume there are only buys in the protocol refer to the poc. There are occurrences where fees will actually be lower of equal to the previous buy, which is contradictory. This suggests that the fees calculation...

Max withdrawable calculation is incorrect in asD contract

Lines of code Vulnerability details Summary The implementation of the max withdrawable amount is incorrect as it divides the calculation by the wrong denominator, leading to an incorrect result and a potential denial of service due to an overflow. Impact In the Application Specific Dollar protoco...

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

Creator can earn holder fee

Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...

MEV-attack

Lines of code Vulnerability details Impact Tokens trades can be sandwiched for profit. Proof of concept The price of tokens is proportional to the supply with the current LinearBoningCurve. An attacker can therefore sandwich a buy transaction with a buy at the first lower price range followed by ...

there is rounding error when price is below 10

Lines of code Vulnerability details Impact fee will be zero when price is below in get minting price Proof of Concept uint256 public constant NFTFEEBPS = 1000; function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve = shareDataid.bondingCurve;...

The user has the ability to bypass a fee claim protection for their own benefit while purchasing tokens

Lines of code Vulnerability details Impact User can bypass a fee claim protection for his own benefit by making multiple purchases instead of one, and as the result claim a fee part by part. Due to code documentation: The reward calculation has to use the old rewards value pre fee-split to not...

Unchecked redeemUnderlying failure allows burning asD without redeeming NOTE, breaking peg.

Lines of code Vulnerability details Impact The burn function does not validate the return code from redeemUnderlying. This means if redeeming fails, asD tokens could be burned without redeeming the underlying NOTE, breaking 1:1 peg. Attacker burns asD tokens and receives NOTE, but contract fails ...

there's missing check for _metadataURI in createNewShare

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept function createNewShare string memory shareName, address bondingCurve, string memory metadataURI external onlyShareCreator returns uint256 id requirewhitelistedBondingCurvesbondingCurve...

Cannot withdraw 1:1

Lines of code Vulnerability details function testX public uint256 mintAmount = 10e18; NOTE.mintalice, mintAmount; vm.startPrankalice; NOTE.approveaddressasdToken, mintAmount; asdToken.mintmintAmount; uint256 newExchangeRate = 1.1e28; cNOTE.setExchangeRatenewExchangeRate; vm.startPrankowner;...

There is potential underflow and overflow issues in arithmetic operations in the _getRewardsSinceLastClaim function

Lines of code Vulnerability details Impact There are potential underflow and overflow issues in arithmetic operations. Not being able to verify that subtracting lastClaimedValue from shareDataid.shareHolderRewardsPerTokenScaled would result in a negative value. This could lead to affecting the...

Unchecked Bonding Curve Lookups in Market validation of _id in buy() and sell() absent.

Lines of code Vulnerability details Impact buy and sell functions pass id to to getBuyPrice/getSellPrice without validating it is a valid share ID. This can cause transactions to revert if invalid ID is provided. Attackers can disrupt trades and deny service by intentionally passing invalid IDs...

The Invariant can be broken as 1 NOTE does not always equal to 1 cNOTE.

Lines of code Vulnerability details Impact users will not be able to redeem their asD tokens for equivalent amount of NOTE because when minting cNOTE, 1 cNOTE doesn't always equal 1 NOTE. Link to site here as of when the image above was taken, you needed exactly 1.0042 NOTES to be able to get 1...

initialization of amount without permission

Lines of code Vulnerability details Impact if users want to pass the input value as 0 which user can pass because there is no require checks for that. in line number 79 amount = maximumWithdrawable this override the amount variable and make it equals to uint256 maximumWithdrawable =...

The getPriceAndFee() function performs calculations without implementing reentrancy protection.

Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

Not enough check for getPriceAndFee

Lines of code Vulnerability details Impact Edge cases for getPriceAndFee can cause incorrect price to be returned and in turn cause incorrect tokens to be sent to the user. This can occur in the buy and sell function. Proof of Concept In the buy function the function getBuyPrice is called through...

shareData[_id].shareHolderRewardsPerTokenScaled is updated with wrong value in _splitFees()

Lines of code Vulnerability details Impact Due to wrong decimal adjustment shareHolderRewardsPerTokenScaled in shareData with coresponding ShareId is over valued. Proof of Concept In struct ShareData its clearly state that uint256 shareHolderRewardsPerTokenScaled; // Accrued funds for the share...

Fee for minting the Market Nft token can be manipulated

Lines of code Vulnerability details Impact Fee of minting the Market's NFT is calculated based on total share count tokenCount. Such approach opens a way to collect big fees for fee recipients by deliberately stacking share tokens. address bondingCurve = shareDataid.bondingCurve; uint256...

The withdrawCarry() function always reverts because of an incorrect assumption.

Lines of code Vulnerability details Impact The Compound protocol's CTokens have 8 decimal places, but the team mistakenly believed that cNote also had only 8 decimal places. However, it was discovered that cNote actually has 18 decimal places. This discrepancy caused the withdrawCarry function to...

Unhandled contract ownership states can lead to unexpected behaviour

Lines of code Vulnerability details Impact OpenZeppelin's Ownable2step library's ownership states can lead unexpected behavior in certain functions Proof of Concept The ownable2step contract includes a pendingOwner entity which defines an address ownership has been transferred to but has not...

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

withdrawCarry will not work

Lines of code Vulnerability details Description When calculating the amount of interest gathered this calculation is done: asD::withdrawCarry: File: asD/src/asD.sol 73: uint256 exchangeRate = CTokenInterfacecNote.exchangeRateCurrent; // Scaled by 1 10^18 - 8 + Underlying Token Decimals, i.e. 10^2...