Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...

When user of GroupBuy is a contract, refunds will be permanently frozen.

Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...

Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

Lines of code Vulnerability details Impact Price manipulation in following functions wherever the baseTokenReserves; is called. buyQuote, sellQuote, addQuote, removeQuote Proof of Concept function baseTokenReserves internal view returns uint256 return baseToken == address0 ? addressthis.balance -...

Users could receive 0 LPTokens when calling add

Lines of code Vulnerability details Impact The addQuote function in Pair.sol calculates the amount of LPTokens received for the amount of baseTokens and fractionalTokens sent. If LPToken's supply 0 then the min amount of baseTokenShare and fractionaTokenShare is used. When the add function is use...

Unlimited minting of fractional tokens by calling Pair.wrap() multiple times

Lines of code Vulnerability details Impact User can mint an unlimited amount of fractional tokens and break the protocol by selling the tokens. Proof of Concept NFTs can be traded for 1e18 fractional tokens by calling the function wrap. Wrap calls validateTokenIdstokenIds, proofs which in turn ru...

LP pricing formula is vulnerable to flash loan manipulation

Lines of code Vulnerability details Impact The LP pricing formula used in the buyQuote, sellQuote, addQuote, removeQuote functions of Pair.sol contract is vulnerable to flash loan manipulation. Proof of Concept The baseTokenReserves calculates the current balance of base token reserves. This...

xyk invariant does not hold after calls to buy() and sell()

Lines of code Vulnerability details Impact Functions buyQuote and sellQuote are defined like this in Pair.sol: /// @notice The amount of base tokens required to buy a given amount of fractional tokens. /// @dev Calculated using the xyk invariant and a 30bps fee. /// @param outputAmount The amount...

Upgraded Q -> M from #201 [1671458492331]

Judge has assessed an item in Issue 201 as M risk. The relevant finding follows: Deposit function is not compatible with deflationary token The actual deposited amount might be lower than the specified depositAmount of the function parameter. This would lead to wrong interest rate calculations on...

Centralization Risks, Rug pull vectors

Lines of code Vulnerability details Impact Owner can mint or burn unlimited tokens, functions can be used to rug pull the project. Proof of Concept Although owner role is supposedly not malicious, if owner's wallet keys are compromised, an attacker could rug the project. Based on the fact that we...

sellQuote might lead to unexpected reverts when returning zero

Lines of code Vulnerability details Impact the implementation of sellQuote follows the logic of getAmountOut from Uniswap V2 Library. However it doesn't add +1 as the original implementation, this could make the function return zero and lead to reverts. Proof of Concept Tools Used Manual review...

Frontrunning initial liquidity adding

Lines of code Vulnerability details Impact Creation of the pair does not add initial liquidity which leads to situation where attacker can front-run creator and execute sandwich attack against the creator. Exploitation Scenario: 1. Alice creates pair and wants to add liquidity 2. Bob front-runs...

Funds are permanently stuck in OptimisticListingSeaport.sol contract if active proposal is executed after new proposal is pending.

Lines of code Vulnerability details Description constructOrder is called in propose, OptimisticListingSeaport.sol. It fills the order params stored in proposedListingsvault. orderParams.offerer = vault; orderParams.startTime = block.timestamp; // order doesn't expire in human time scales and need...

Missing approval check

Lines of code Vulnerability details Proof of Concept The lpToken.mint function is called with the msg.sender as the recipient, but there is no check to ensure that the sender has approved the contract to transfer the fractional tokens on their behalf. If the lptoken.mint function is missing a che...

PRICES CAN BE MANIPULATED WHEN LIQUIDITY IS VERY LOW

Lines of code Vulnerability details Impact Base and fractional token prices in the pool can be manipulated and set to values severely deviating from the originally intended price ratio right after the pool has been created. At this point, liquidity in the pool is deemed zero or exceptionally thin...

Attacker can delay proposal rejection

Lines of code Vulnerability details Impact In OptimisticListingSeaport.rejectProposal, it revert if proposedListing.collateral if proposedListing.collateral proposedListing.collateral -= amount; Proof of Concept 1. Attacker propose at 10000 collateral at a very low price 2. Bob try to reject it b...

contribute() locks too much ETH from the user

Lines of code Vulnerability details Impact In the contribute function of the GroupBuy contract, even if the filledQuantity is less than quantity, all the ETH provided by the user is locked in the contract, and the user can only call claim to get it back after purchasing NFT or Pool expires, which...

Priority queue min accounting breaks when nodes are split in two

Lines of code Vulnerability details The README states If two users place bids at the same price but with different quantities, the queue will pull from the bid with a higher quantity first, but the data-structure used for implementing this logic, is not used properly and essentially has its data...

_transferFrom() in Pair contract doesn't update approval amounts when transferring user fractional tokens

Lines of code Vulnerability details Impact Contract Pair is and ERC20 token which represents user fractional token balance and it has all the features of the standard ERC20 tokens. function transferFrom has been written for transferring token but the logic isn't complete and it doesn't consider...

unwrap function in Pair.sol can be exploited by a malicious user to exchange less expensive NFT's for more expensive ones in the pool

Lines of code Vulnerability details Impact nftRemove function burns lpTokens and releases baseTokenAmount and fractionalTokenAmount and then burns the fractionalTokenAmount to unwrap the NFT that is released back to the sender. At the time of unwrapping, code does not check if the tokenIds...

First depositor can break the price of shares

Lines of code Vulnerability details Impact The first depositor of the pool can wreck up the price of the shares for the future depositors mostly as the pair launches because of the rounding. Proof of Concept 1. Bob wraps 1 NFT deposits and received 1e18 denominations of fractionalTokens 2. Bob...

LP token is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The addQuote function in the pair.sol smart contract utilizes a pricing formula for liquidity pools that is susceptible to exploitation through flashloan manipulation. By introducing a large quantity of...

Bidding data structure is corrupted, leading to unfair removal from queue.

Lines of code Vulnerability details Description processBidsInQueue in GroupBuy handles integrating a new bid into the existing structure. If bumps out lower-paying bids until the new bid is completely fulfilled or the remaining bids are too high. When the lowest paying bid has higher quantity tha...

NOT refunding excess token while adding liquidity

Lines of code Vulnerability details Impact LP providers can lose fund Proof of Concept Tools Used Recommended Mitigation Steps incase of ether, return excess ether - incase of erc20, transfer only required amount - --- The text was updated successfully, but these errors were encountered: 😕 1 Shun...

Price manipulation if baseToken have transfer hook

Lines of code Vulnerability details Impact Pair calculate the price by dividing the fractional token reserve with base token reserve. If the token have a before transfer hook, there would be a time where the fractional token reserves changed but the base token reserve have not, where the executio...

Upgraded Q -> M from #334 [1671456734920]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...

Rounding down leads to breakage of the xy curve calculation

Lines of code Vulnerability details Impact When needing to calculate the inputAmount required to receive a certain amount of fractional tokens called outputAmount, we are deriving from the xy = k curve used on the Uniswap V2 protocol. Proof of Concept Some maths: The so-called curve equation is: ...

Anyone can use funds in GroupBuy.sol to buy the NFTs for themselves

Lines of code Vulnerability details The GroupBuy contract allows users to pool their funds in order to buy specific NFTs once enough funds have been raised. The purchace function does not do any caller authorization and allows the caller to pass in an arbitrary address for executing the buy. The...

Bids are wrongly ordered when prices and quantities are equal.

Lines of code Vulnerability details Description In GroupBuy, when total amount of Raes is filled up with purchases, users start competing with higher price offers. Their bids are laid out in a min priority queue structure implemented in MinPriorityQueue.sol. The docs clearly state that when two...

GroupBuys that are completely filled still don't raise stated target amount

Lines of code Vulnerability details Description createPool in GroupBuy.sol creates a new contribution pool around an NFT. It specifies a target initialPrice as minimum amount of ETH the NFT will cost, and totalSupply which is the number of Raes to be minted on purchase success. minBidPrices is...

Surplus token after adding liquidity is not refunded to liquidity providers. LP might suffer front-running attack and lose funds.

Lines of code Vulnerability details Impact Function Pair.add receives base token and fractional token from liquidity providers and mint equivalent amount of LP token for them. The amount of LP token be minted is calculate in function addQuote function addQuoteuint256 baseTokenAmount, uint256...

User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount

Lines of code Vulnerability details Impact User didn't get an lpToken when trying to add liquidity to the pair with some baseTokenAmount. The user lost their asset since they didn't get any lpToken Proof of Concept Inside Pair.sol contract, the add function exist for adding liquidity to the pair...

MEV searchers can capture slippage tolerance on pool creation

Lines of code Vulnerability details Impact In the current Caviar protocol, anybody can supply initial liquidity to a newly created pool. An LP who intends to create a new pool and add liqiduity could execute the following transactions: 1. LP transaction 1: pair = Caviar.create 2. LP transaction 2...

[M-0] Unhandled return values of transfer

Lines of code Vulnerability details c4udit Report Issues found M-0 Unhandled return values of transfer Impact Some implementations of transfer could return ‘false’ on failure instead of reverting. Findings: src\Pair.sol::85 = transferFrommsg.sender, addressthis, fractionalTokenAmount;...

Merkle root of zero bypasses validation

Lines of code Vulnerability details Impact The merkle root validation happens with this require in validateTokenIds. If the merkle root is zero, this check is skipped. Proof of Concept This require validates that the merkle root is valid. This code is never reached if merkleRoot == bytes230 becau...

Pair.sol:close() does not recover any of the base token / liquidity tokens before destroying it

Lines of code Vulnerability details Impact If pair hold any of the native or any other liquidity tokens, that never be recovered if the pair is destroyed. Proof of Concept owner has special rights to destroy the pair if it is compromised. But before destroy, it does not recover any of of the toke...

Only one GroupBuy can ever use USDT or similar tokens with front-running approval protections

Lines of code Vulnerability details Calling approve without first calling approve0 if the current approval is non-zero will revert with some tokens, such as Tether USDT. While Tether is known to do this, it applies to other tokens as well, which are trying to protect against this attack vector...

User loses collateral converted to pendingBalance when cash() or list() is called

Lines of code Vulnerability details Description In OptimisticListingOpensea, there are several functions which update pendingBalances of a proposer: 1. list 2. cash 3. propose Unfortunately, in list and cash the = operator is used instead of += when writing the new pendingBalances. For example:...

Attacker can DOS OptimisticListing with very low cost

Lines of code Vulnerability details Impact The only check on a new proposal is that it is priced lower than the existing proposal. It does not constrain on the collateral supplied except it will revert in verifyBalance if set to 0. Anyone can block normal proposal creation by creating a proposal...

Incorrect rounding in buyQuote

Lines of code Vulnerability details The function buyQuote present in the Pair contract is used to calculate the amount of base tokens required to buy a given amount of fractional tokens. function buyQuoteuint256 outputAmount public view returns uint256 return outputAmount 1000 baseTokenReserves /...

(*POTENTIAL DUPLICATE) unwrap function can be exploited to exchange lower priced NFT's for higher priced counterparts

Lines of code Vulnerability details POTENTIAL DUPLICATE - Submitted earlier but haven't received an email confirmation. Hence resubmitting - please ignore if my earlier submission was already recorded Impact nftRemove function takes an array of tokenIds and LPTokens, releases the fractional NFT...

Any user which holds Raes tokens can infinitely freeze NFT in OptimisticListingSeaport

Lines of code Vulnerability details Description OptimisticListingSeaport exposes propose method to create new proposal, and rejectProposal to remove a listing in proposal stage. In propose, proposer commits a certain amount of collateral: // Sets collateral amount to pending balances for withdraw...

Attacker can make group pay for tokenID that is not intended.

Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. There are two possibilities for which tokenIDs can be bought in GroupBuy: 1. If the group is for a specific NFT, the tokenID is the value in pool.merkleRoot variable. 2. If the group...

Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.

Lines of code LOC: Vulnerability details Description In GroupBuy module, users can call contribute to get a piece of the NFT pie. There are two stages in transforming the msg.value to holdings in the NFT. 1. filling at any pricesupply is not yet saturated uint256 fillAtAnyPriceQuantity =...

Upgraded Q -> M from #163 [1671458931869]

Judge has assessed an item in Issue 163 as M risk. The relevant finding follows: TOKEN TRANSFERS DO NOT VERIFY THAT THE TOKENS WERE SUCCESSFULLY TRANSFERRED Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false, which requires us to check the...

MISSING HANDLE FOR DIRECT SEND OF TOKEN

Lines of code Vulnerability details Impact The current implementation of the protocol does not handle situations when tokens are sent directly to the pair contract. Tokens directly send to the contract can affect the calculation of baseTokenReserves which affect buyQuoute and sellQuoute. Below is...

ERC20 TOKENS WITH DIFFERENT DECIMALS THAN 18 MAY BREAK THE LOGIC AND PROVIDE UNEXPECTED RESULTS

Lines of code Vulnerability details Impact Note: Though it is mentioned that Rebase/fee-on-transfer tokens are not expected, however there exist other ERC20 tokens having different decimals than 18 Contracts LpToken and Pair performs calculations by using hardcoded value of decimals 18 1e18 for...

## MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT

Lines of code Vulnerability details MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT These functions below are set some emergency scenarios. But caviar.Owner able to triggered these functions as he want. Need to set some require statement in order to actually check these scenarios before his...

Using safeTransferFrom() Functions But without Getting the Approval

Lines of code Vulnerability details Impact 2 safeTransferFrom calls are Used for ERC20 Token Line: 90, 172 using SafeTransferLib But without getting the Approval using safeApprove function. The Calls will always fail. 3 more safeTransferFrom calls are Used for ERC721 Tokens Line: 239, 259, 370...

User can send a proposal and instantly take back their collateral, keeping the proposal active without risking any Raes amount.

Lines of code Vulnerability details Description In OptimisticListingSeaport.sol, users call propose to set a new proposal. The pendingBalance is updated immediately for the calling proposer: // Sets collateral amount to pending balances for withdrawal pendingBalancesvaultproposedListing.proposer ...

there is no max value for min lp in add function

Lines of code Vulnerability details Impact breaking logic, ... Proof of Concept there is no check Tools Used Recommended Mitigation Steps ad checks to ensure min lp amt is have max --- The text was updated successfully, but these errors were encountered: 👎 2 Shungy and soosh1337 reacted with thum...