setPlotsAvailablePerSize does not work correctly

Lines of code Vulnerability details Impact The function setPlotsAvailablePerSize can be used for two things: 1. Decreasing the number of plots that is available for a certain size 2. Increase the number of plots that is available for a certain size However, in both cases it can introduce errors...

ownerMintUsingTokenId can brick the whole contract

Lines of code Vulnerability details Impact With the function ownerMintUsingTokenId, it is possible for the owner to mint a token with an arbitrary token ID. However, this can brick the whole contract and cause a situation where no more mints / buys are possible. This happens when a token ID is...

Potential DOS in removeCollateral

Lines of code Vulnerability details Impact Function removeCollateral may fail under certain circumstances, potentially causing DOS to user trying to withdraw their collateral asset. This action may be time critical and may cause the user to lose funds due to price change etc. Proof of Concept Cal...

function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval

Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...

Operator can buy papr with PaprController as the debtor.

Lines of code Vulnerability details Impact This requires that an NFT is in auction. When an operator calls purchaseLiquidationAuctionNFT the price variable is determined by a call to purchaseNFTAndUpdateVaultIfNeeded which calls purchaseNFT which calls safeTransferFrom on the auctionAssetContract...

code doesn't check that the Uniswap pool is not exist and if attacker creates the uniswap pool before hand with calculatable papr address and underlying address and exact fee amount, then the deployment transaction would fail always

Lines of code Vulnerability details Impact attacker can perform DOS and prevent contract from getting deployed. the address of papr can be calculate by attacker before its deployment and the address of the underlyingUSDC and the fee is known, attacker can create uniswap pool before-hand and cause...

Users may be liquidated right after taking maximal debt

Lines of code Vulnerability details Impact Since there's no gap between the maximal LTV and the liquidation LTV, user positions may be liquidated as soon as maximal debt is taken, without leaving room for collateral and Papr token prices fluctuations. Users have no chance to add more collateral o...

Extensive permissions for owner

Lines of code Vulnerability details Impact & Proof Of Concepts / Implications Some privileged functions are often unavoidable in smart contracts. However, in these contracts, the privileges are unnecessarily very extensive and without checks on the smart contract side: 1. He can use ownerMint or...

Reentrancy attack allows to get loan for free

Lines of code Vulnerability details Impact Reentrancy attack allows to get loan for free when startLiquidationAuction is called on last collateral token. Proof of Concept When user has a bad debt, then anyone can start auction for his nft. To purchase token, liquidator can call...

purchaseLiquidationAuctionNFT() may incorrectly returned the Auction funds to the liquidated user

Lines of code Vulnerability details Impact may incorrectly returned the Auction funds to the liquidated user in purchaseLiquidationAuctionNFT, After someone purchases the auction NFT, the amount of the auction received will be distributed. In the existing logic, when the amount of the auction is...

PaprController.removeCollateral() only takes the price of the first collateral to determine whether the NFTs can be withdrawn

Lines of code Vulnerability details Impact Unintended leniency of protocol will be taken advantage by users. Users can withdraw NFTs even if their debt of a particular NFT is higher than intended. Proof of Concept When a user wants to removeCollateral, he calls removeCollateral which loops each...

Start an auction without an NFT

Lines of code Vulnerability details Impact Requires that the account being liquidated has more than one NFT in PaprController. When an operator calls purchaseLiquidationAuctionNFT the price variable is determined by a call to purchaseNFTAndUpdateVaultIfNeeded which calls purchaseNFT which calls...

PaprController.onERC721Received() assigns collateral to operator's vault instead of the nft owner's one

Lines of code Vulnerability details Impact The collateral is assigned to the operator's vault because of a parameter mismatch. This impacts the ability of third parties to integrate the PaprController contract. You're not able to create an intermediary contract that adds collateral to a user's...

Collateral NFT deposited to a wrong address, when transferred directly to PaprController

Lines of code Vulnerability details Impact Users will lose collateral NFTs when they are transferred to PaprController by an approved address or an operator. Proof of Concept The PaprController allows users to deposit NFTs as collateral to borrow Papr tokens. One of the way of depositing is by...

PUNK does not conform to ERC721 standard hence safeTransferFrom from solmate does not work

Lines of code Vulnerability details Impact Since protocol's intended NFT target is PUNK currently, the protocol will be hugely affected. Proof of Concept Attempts to transfer the NFT is done in 2 places. 1. removeCollateral 2. purchaseNFT Firstly, this means that once a collateral is added to the...

Wrong implemention of ERC721TokenReceiver interface leads to incorrect collateral ownership and NFT loss

Lines of code Vulnerability details Impact To add a collateral, one could send the NFT directly to the contract, onERC721Received is called then to handle adding the collateral to the vault. However, if the user sends the NFT via an operator then the ownership of the collateral will be assigned t...

Early NFT collections such as CryptoPunks and MoonCats can not be used as a collateral

Lines of code Vulnerability details Impact Early NFT collections such as CryptoPunks, EtherRocks and MoonCats are not compliant with ERC721 standard. therefore, they can not be used as a collateral since transferring will fail. I beleive it would be a huge advantage for the protocol to support su...

NFT operators of OpenZeppelin-based NFTs can issue debt

Lines of code Vulnerability details Description The Papr protocol allows NFT owners to issue debt against NFTs they deposit, denominated in papr. The solmate contracts that are used as imports for the project do not allow an operator on the NFT to participate in debt-creation; the ERC721 contract...

Misunderstanding operator with from

Lines of code Vulnerability details Author: rotcivegaf Impact The owner of the ERC721 token could approve an operator to manage his tokens With the misunderstanding of operator with from in the onERC721Received function the benefits of this function goes to the operator instead of the fromowner:...

PaprController is vulnerable to reentrancy attacks

Lines of code Vulnerability details Impact Malicious users can steal PAPR tokens through reentrancy attacks. Proof of Concept Function PaprController.purchaseLiquidationAuctionNFT may trigger a reentrancy becase it calls ERC721.safeTransferFrom in NFTEDA.purchaseNFT:...

Oracle may return a stale price that is not resistant to flash crashes

Lines of code Vulnerability details Impact Oracle may return a stale price in the event of a flash crash which will affect protocol calculation of maxDebt and affect protocol. Proof of Concept Protocol uses the time weighted average pricing of 30 days to check the price of the NFT. uint256 consta...

Protocol faces truncation issue in some places due to solidity integer division

Lines of code Vulnerability details Impact UniswapOracleFundingRateController.sol : periodRatio , targetMarkRatio - less multiplier output than the actual value that is possible. EDAPrice.sol: again the final outcome affects the multiplier. Please refer the code link in POC. PaprController.sol:...

Upgraded Q -> M from #4 [1671527898955]

Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy.contribute does not set pendingBalances for unused capital, leading to locked up money --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #22 [1671528533640]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: NC-2 Return values of approve not checked --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #22 [1671528877220]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: minBidPrices is rounded down --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #27 [1671522165760]

Judge has assessed an item in Issue 27 as M risk. The relevant finding follows: Dup of 45. The effect is severe enough IMO to warrant a med severity although I initially intepreted it as a spec mismatch. --- The text was updated successfully, but these errors were encountered: All reactions...

setFundingPeriod leads to Price control

Lines of code Vulnerability details Impact Attacker can use two different addresses to borrow from himself at different interest rates. Proof of Concept AS the papr interest rates and the papr trading price are in a constant feedback loop. Interest rates are programmatically updated on chain as a...

Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT

Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...

Borrowers may earn auction proceeds without filling the debt shortfall

Lines of code Vulnerability details Impact The proceeds from the collateral auctions will not be used to fill the debt shortfall, but be transferred directly to the borrower. Proof of Concept Assume N is an allowed NFT, B is a borrower, the vault V is vaultInfoBN: 1. B add two NFTsN-1 and N-2 as...

Insufficient Timestamp Validation for Signed Messages

Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...

The patch is not sufficient: there is another insidious exploit that can cause the same critical consequences

Lines of code Vulnerability details Status Has been reported to and confirmed by Jeff ENS team Note to the Judge I am not sure whether I should label this as a newly-identified High or a mitigation hard error. The root cause of this issue seems as same as the original report, but this requires us...

Missing approval check

Lines of code Vulnerability details Proof of Concept The lpToken.mint function is called with the msg.sender as the recipient, but there is no check to ensure that the sender has approved the contract to transfer the fractional tokens on their behalf. If the lptoken.mint function is missing a che...

Users that send funds at a price lower than the current low bid have the funds locked

Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...

Anyone can use funds in GroupBuy.sol to buy the NFTs for themselves

Lines of code Vulnerability details The GroupBuy contract allows users to pool their funds in order to buy specific NFTs once enough funds have been raised. The purchace function does not do any caller authorization and allows the caller to pass in an arbitrary address for executing the buy. The...

User can send a proposal and instantly take back their collateral, keeping the proposal active without risking any Raes amount.

Lines of code Vulnerability details Description In OptimisticListingSeaport.sol, users call propose to set a new proposal. The pendingBalance is updated immediately for the calling proposer: // Sets collateral amount to pending balances for withdrawal pendingBalancesvaultproposedListing.proposer ...

Attacker can delay proposal rejection

Lines of code Vulnerability details Impact In OptimisticListingSeaport.rejectProposal, it revert if proposedListing.collateral if proposedListing.collateral proposedListing.collateral -= amount; Proof of Concept 1. Attacker propose at 10000 collateral at a very low price 2. Bob try to reject it b...

Upgraded Q -> M from #163 [1671458931869]

Judge has assessed an item in Issue 163 as M risk. The relevant finding follows: TOKEN TRANSFERS DO NOT VERIFY THAT THE TOKENS WERE SUCCESSFULLY TRANSFERRED Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false, which requires us to check the...

Users could receive 0 LPTokens when calling add

Lines of code Vulnerability details Impact The addQuote function in Pair.sol calculates the amount of LPTokens received for the amount of baseTokens and fractionalTokens sent. If LPToken's supply 0 then the min amount of baseTokenShare and fractionaTokenShare is used. When the add function is use...

Invalid tokens can be added to the pair

Lines of code Vulnerability details Impact merkleRoot is a bytes32 and it is compared to bytes230 which makes it possible for a non-zero merkleRoot to be set in the constructor and yet still all tokens will be declared as valid Proof of Concept Tools Used Manual Audit Recommended Mitigation Steps...

Incorrect rounding in buyQuote

Lines of code Vulnerability details The function buyQuote present in the Pair contract is used to calculate the amount of base tokens required to buy a given amount of fractional tokens. function buyQuoteuint256 outputAmount public view returns uint256 return outputAmount 1000 baseTokenReserves /...

Reentrancy issue #1: Functions buy() and add() are vulnerable to reentrancy attack through tokensToSend() hook of ERC777

Lines of code Vulnerability details It is important to be aware that I have reported two reentrancy bugs. Each of these have different ways of being activated and can be found in separate functions. Impact All calculations done in Caviar Pair are using token balance directly. For example, when...

Possible Reentrancy Vulnerability

Lines of code Vulnerability details Impact In Add function, in case of non Eth Base Token, LP Tokens are minted for LP Provider before transferring the Base Token from Provider to Contract. In remove function, Fractional Tokens are Transferred to LP Provider before Burning the LP Token. In wrap...

Any user which holds Raes tokens can infinitely freeze NFT in OptimisticListingSeaport

Lines of code Vulnerability details Description OptimisticListingSeaport exposes propose method to create new proposal, and rejectProposal to remove a listing in proposal stage. In propose, proposer commits a certain amount of collateral: // Sets collateral amount to pending balances for withdraw...

sellQuote might lead to unexpected reverts when returning zero

Lines of code Vulnerability details Impact the implementation of sellQuote follows the logic of getAmountOut from Uniswap V2 Library. However it doesn't add +1 as the original implementation, this could make the function return zero and lead to reverts. Proof of Concept Tools Used Manual review...

Funds are permanently stuck in OptimisticListingSeaport.sol contract if active proposal is executed after new proposal is pending.

Lines of code Vulnerability details Description constructOrder is called in propose, OptimisticListingSeaport.sol. It fills the order params stored in proposedListingsvault. orderParams.offerer = vault; orderParams.startTime = block.timestamp; // order doesn't expire in human time scales and need...

When user of GroupBuy is a contract, refunds will be permanently frozen.

Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...

Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...

Price manipulation if baseToken have transfer hook

Lines of code Vulnerability details Impact Pair calculate the price by dividing the fractional token reserve with base token reserve. If the token have a before transfer hook, there would be a time where the fractional token reserves changed but the base token reserve have not, where the executio...

User loses collateral converted to pendingBalance when cash() or list() is called

Lines of code Vulnerability details Description In OptimisticListingOpensea, there are several functions which update pendingBalances of a proposer: 1. list 2. cash 3. propose Unfortunately, in list and cash the = operator is used instead of += when writing the new pendingBalances. For example:...

Attacker can steal the amount collected so far in the GroupBuy for NFT purchase.

Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. After safety checks, the NFT is bought with market's execute function. Supposedly it deploys a vault which owns the NFT. The code makes sure the vault is the new owner of the NFT and...