Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Impact Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations th...

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

Return values of approve() not checked

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Upgraded Q -> 2 from #491 [1701115520323]

Judge has assessed an item in Issue 491 as 2 risk. The relevant finding follows: L-03 While StakedUSDeV2.cooldownDuration is changed from non-zero to zero, stakers should be able to call StakedUSDeV2.unstake to withdraw assets regardless of userCooldown.cooldownEnd File: While...

Upgraded Q -> 2 from #304 [1701018148851]

Judge has assessed an item in Issue 304 as 2 risk. The relevant finding follows: Incorrect minTotalContribution and minContribution Interaction --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #583 [1700600391503]

Judge has assessed an item in Issue 583 as 2 risk. The relevant finding follows: Setting StakedUSDeV2’s cooldownDuration variable from non-zero to zero should remove any existing cooldowns If the admin calls StakedUSDeV2setCooldownDuration to set cooldownDuration to 0, users that have recently...

Improper validation can cause fee error and loss of funds.

Lines of code Vulnerability details Impact If the amount is equal to zero the fee will be equal to zero, there is no check for amount should not be equal to zero the condition passes, it will fetch bondingCurve address then calcutes the price from LinearBondindCurve.sol,fee = priceForOne amount...

The Invariant can be broken as 1 NOTE does not always equal to 1 cNOTE.

Lines of code Vulnerability details Impact users will not be able to redeem their asD tokens for equivalent amount of NOTE because when minting cNOTE, 1 cNOTE doesn't always equal 1 NOTE. Link to site here as of when the image above was taken, you needed exactly 1.0042 NOTES to be able to get 1...

MEV-attack

Lines of code Vulnerability details Impact Tokens trades can be sandwiched for profit. Proof of concept The price of tokens is proportional to the supply with the current LinearBoningCurve. An attacker can therefore sandwich a buy transaction with a buy at the first lower price range followed by ...

Lost fees

Lines of code Vulnerability details Impact Buyers do not get any split of the fees. It is instead to be distributed to holders. But holder splits on successive buys are partially lost to the contract and cannot be recovered. Proof of concept The buyer's rewardsLastClaimedValueidmsg.sender is...

there's missing check for _metadataURI in createNewShare

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept function createNewShare string memory shareName, address bondingCurve, string memory metadataURI external onlyShareCreator returns uint256 id requirewhitelistedBondingCurvesbondingCurve...

platform will get 40 percent of fee if fee are below 100

Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...

Malicious shares can't be paused or stopped after creation, so users will continue use them

Lines of code Vulnerability details Impact In case if share creator is a malefactor he can try to do multiple malicious operations: Pump and Dump attack with price manipulation, artificially increase fees for NFT minting. Proof of Concept Both attacks described in my other reports and unfortunate...

buggy reward calculation

Lines of code Vulnerability details Impact This is very similar to an inflation attack. Rewards increase whenever splitFees is being called which is anywhere buy/sell/mint/burn. The calculation is done like this: shareDataid.shareHolderRewardsPerTokenScaled += shareHolderFee 1e18 / tokenCount;...

asD::withdrawCarry assumes wrong number of decimals returned by exchangeRateCurrent which will cause owner to not be able to withdraw revenue

Lines of code Vulnerability details tl;dr asD::withdrawCarry assumes that the exchange rate returned by the cNote contract will be scaled by 1e28, but in reality it will be only scaled by 1e18. It will cause withdrawCarry to always revert with Integer Underflow, which means that owner won't ever ...

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

Potential Race Condition in Rewards Calculation

Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...

The getPriceAndFee() function performs calculations without implementing reentrancy protection.

Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...

improper validations result in loss of funds.

Lines of code Vulnerability details Impact due the improper validation on amount , the users can pass Amount as 0 the calculated fee will be 0 and safeTranferFrom will pass. function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve =...

wrong implementation cause unfair distribution

Lines of code Vulnerability details Impact wrong implementation cause unfair fee distribution among sharesHolder Proof of Concept In sell and mintNFt ,tokensInCirculation and tokens owned by address is deducted only after split fee is happened .To be fair , user should not get fee from tokens tha...

Unchecked cToken mint in mint() risks imbalance, breaking 1:1 peg reserve backing.

Lines of code Vulnerability details Impact mint does not check return code from cToken.mint. If minting fails, contract could have imbalance between cTokens and minted asD tokens. Attacker mints asD but underlying cToken mint fails. Result is loss of 1:1 peg backing. Proof of Concept In the mint...

fees model is counter-productive

Lines of code Vulnerability details Impact Fees become more and more expensive as there are more buys in the share. Fees are collected when a user buy/sell/mint/burn. As the protocol or the share creator, you would want to earn more rewards which is done if a lot of users are buying in or if a lo...

LACK OF DEADLINE AND SLIPPAGE CHECKS COULD PROMPT THE USERS TO EXECUTE THE BUY AND SELL TRANSACTIONS AT UNFAVOURABLE PRICE POINTS

Lines of code Vulnerability details Impact The Market.sol contract implements four functions which depend on the linear bonding curve to calculate the price and fee amounts associated with their logic execution. These functions are Market.buy, Market.sell, Market.mintNFT and Market.burnNFT. The...

D.O.S due to wrong scaling factor

Lines of code Vulnerability details Impact The cNote token which is a fork of the CToken contract has a scaling method used to handle the exchange rate between CToken and the underlying token. This method helps scale the exchange rate because solidity doesn't handle fixed-point decimals. The...

Price can be easily inflated/deflated by large depositors in the Market contract

Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...

Fees don't always increase as buys increase

Lines of code Vulnerability details Impact To simplify/showcase the situation, let's assume there are only buys in the protocol refer to the poc. There are occurrences where fees will actually be lower of equal to the previous buy, which is contradictory. This suggests that the fees calculation...

Fee for minting the Market Nft token can be manipulated

Lines of code Vulnerability details Impact Fee of minting the Market's NFT is calculated based on total share count tokenCount. Such approach opens a way to collect big fees for fee recipients by deliberately stacking share tokens. address bondingCurve = shareDataid.bondingCurve; uint256...

user can buy when there's no bonding curve set

Lines of code Vulnerability details Impact Users can buy with no bonding curve set Proof of Concept function buyuint256 id, uint256 amount external /// @audit add a check that ensures there's a bonding curve set requireshareDataid.creator != msg.sender, "Creator cannot buy"; uint256 price, uint25...

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

The withdrawCarry() function always reverts because of an incorrect assumption.

Lines of code Vulnerability details Impact The Compound protocol's CTokens have 8 decimal places, but the team mistakenly believed that cNote also had only 8 decimal places. However, it was discovered that cNote actually has 18 decimal places. This discrepancy caused the withdrawCarry function to...

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

withdrawCarry will not work

Lines of code Vulnerability details Description When calculating the amount of interest gathered this calculation is done: asD::withdrawCarry: File: asD/src/asD.sol 73: uint256 exchangeRate = CTokenInterfacecNote.exchangeRateCurrent; // Scaled by 1 10^18 - 8 + Underlying Token Decimals, i.e. 10^2...

Unchecked redeemUnderlying failure allows burning asD without redeeming NOTE, breaking peg.

Lines of code Vulnerability details Impact The burn function does not validate the return code from redeemUnderlying. This means if redeeming fails, asD tokens could be burned without redeeming the underlying NOTE, breaking 1:1 peg. Attacker burns asD tokens and receives NOTE, but contract fails ...

Lack of access control for mint/burn functions

Lines of code Vulnerability details Impact The mint and burn functions allow any caller to mint and burn tokens without restrictions. This could enable malicious actors to arbitrarily inflate or reduce the token supply. An attacker could continuously mint new tokens, effectively devaluing all...

The owner of the asD contract (i.e. the creator) can not withdraw the accrued interest

Lines of code Vulnerability details Impact The asD.withdrawCarry function will always throw an error for all normal totalSupply values due to inappropriate scale factor. So the creator can withdraw the accrued interest only after all users will burn their asD tokens. Proof of Concept The scale...

asD creator's would not be able to claim interest accrued due to wrong calculations of the maximumWithdrawable

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The asD contract implement's withdrawCarry method, which calculates the accrued interest on the users NOTE deposit. The variable maximumWithdrawable gets interest accrued by the deposit by the...

Require statement will allow WhitlistedShareCreators to create a share when share Creation is Restricted

Lines of code Vulnerability details Impact Sharecreators can create new shares even when share creation is restricted. Proof of Concept 1. owner restricts share creation. function restrictShareCreationbool isRestricted external onlyOwner requireshareCreationRestricted != isRestricted, "State...

shareData[_id].shareHolderRewardsPerTokenScaled is updated with wrong value in _splitFees()

Lines of code Vulnerability details Impact Due to wrong decimal adjustment shareHolderRewardsPerTokenScaled in shareData with coresponding ShareId is over valued. Proof of Concept In struct ShareData its clearly state that uint256 shareHolderRewardsPerTokenScaled; // Accrued funds for the share...

Max withdrawable calculation is incorrect in asD contract

Lines of code Vulnerability details Summary The implementation of the max withdrawable amount is incorrect as it divides the calculation by the wrong denominator, leading to an incorrect result and a potential denial of service due to an overflow. Impact In the Application Specific Dollar protoco...

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

Reentrancy in Token Transfers

Lines of code Vulnerability details Impact The mint and burn functions perform ERC20 token transfers without implementing a reentrancy guard. This allows malicious approving contracts to call back into these functions during a transaction and manipulate state. An attacker could steal all approved...

Reentrancy leads to minting/burning/buying without paying the correct amount of fees

Lines of code Vulnerability details Impact Fee calculations depends on shareDataid.tokenCount, which is updated AFTER doing the transfer of token. That means, if the token is an ERC777 compatible token, users can reenter the function paying, for example, less fees on a buy operation. Proof of...

there is rounding error when price is below 10

Lines of code Vulnerability details Impact fee will be zero when price is below in get minting price Proof of Concept uint256 public constant NFTFEEBPS = 1000; function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve = shareDataid.bondingCurve;...

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

Sandwich attack on buy()

Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...

The user has the ability to bypass a fee claim protection for their own benefit while purchasing tokens

Lines of code Vulnerability details Impact User can bypass a fee claim protection for his own benefit by making multiple purchases instead of one, and as the result claim a fee part by part. Due to code documentation: The reward calculation has to use the old rewards value pre fee-split to not...

Unchecked Bonding Curve Lookups in Market validation of _id in buy() and sell() absent.

Lines of code Vulnerability details Impact buy and sell functions pass id to to getBuyPrice/getSellPrice without validating it is a valid share ID. This can cause transactions to revert if invalid ID is provided. Attackers can disrupt trades and deny service by intentionally passing invalid IDs...