_transferFrom() in Pair contract doesn't update approval amounts when transferring user fractional tokens

Lines of code Vulnerability details Impact Contract Pair is and ERC20 token which represents user fractional token balance and it has all the features of the standard ERC20 tokens. function transferFrom has been written for transferring token but the logic isn't complete and it doesn't consider...

Stealing liquidity provider's fund by manipulating the reserve

Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...

## MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT

Lines of code Vulnerability details MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT These functions below are set some emergency scenarios. But caviar.Owner able to triggered these functions as he want. Need to set some require statement in order to actually check these scenarios before his...

Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

Lines of code Vulnerability details Impact Price manipulation in following functions wherever the baseTokenReserves; is called. buyQuote, sellQuote, addQuote, removeQuote Proof of Concept function baseTokenReserves internal view returns uint256 return baseToken == address0 ? addressthis.balance -...

Attacker can DOS OptimisticListing with very low cost

Lines of code Vulnerability details Impact The only check on a new proposal is that it is priced lower than the existing proposal. It does not constrain on the collateral supplied except it will revert in verifyBalance if set to 0. Anyone can block normal proposal creation by creating a proposal...

Using safeTransferFrom() Functions But without Getting the Approval

Lines of code Vulnerability details Impact 2 safeTransferFrom calls are Used for ERC20 Token Line: 90, 172 using SafeTransferLib But without getting the Approval using safeApprove function. The Calls will always fail. 3 more safeTransferFrom calls are Used for ERC721 Tokens Line: 239, 259, 370...

MISSING HANDLE FOR DIRECT SEND OF TOKEN

Lines of code Vulnerability details Impact The current implementation of the protocol does not handle situations when tokens are sent directly to the pair contract. Tokens directly send to the contract can affect the calculation of baseTokenReserves which affect buyQuoute and sellQuoute. Below is...

contribute() locks too much ETH from the user

Lines of code Vulnerability details Impact In the contribute function of the GroupBuy contract, even if the filledQuantity is less than quantity, all the ETH provided by the user is locked in the contract, and the user can only call claim to get it back after purchasing NFT or Pool expires, which...

GroupBuy can be drained of all ETH.

Lines of code Vulnerability details Description purchase in GroupBuy faciilitates the purchasing of an NFT after enough contributions were gathered. Another report titled "Attacker can steal the amount collected so far in the GroupBuy for NFT purchase" describes a high impact bug in purchase. It ...

MEV searchers can capture slippage tolerance on pool creation

Lines of code Vulnerability details Impact In the current Caviar protocol, anybody can supply initial liquidity to a newly created pool. An LP who intends to create a new pool and add liqiduity could execute the following transactions: 1. LP transaction 1: pair = Caviar.create 2. LP transaction 2...

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details Impact When purchaseProof.length == 0, GroupBuy.purchase compare the tokenId with the merkleRoot. This allow any tokenId that match the merkleRoot to be purchased, even if they are not included in the allow list during setup. if purchaseProof.length == 0 //...

OptimisticListingSeaport: pendingBalances overwritten instead of increased

Lines of code Vulnerability details Impact The functions list and cash overwrite the current value instead of increasing it: pendingBalancesvaultactiveListing.proposer = activeListing.collateral; pendingBalancesvaultactiveListing.proposer = collateral; This can be very problematic because the val...

OptimisticListingSeaport.propose sets pendingBalances of newly added proposer instead of previous one

Lines of code Vulnerability details Impact In OptimisticListingSeaport.propose, pendingBalances is set to the collateral. The purpose of this is that the proposer of a previous proposal can withdraw his collateral afterwards. However, this is done on the storage variable proposedListing after the...

Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod

Lines of code Vulnerability details Impact The functions verifyUnsuccessfulState and verifySuccessfulState should always have a differing behavior with regards to reversion, i.e. when one does not revert, the other should revert. In one condition, this is not true. Namely, when we have pool.succe...

Reentrancy in GroupBuy.purchase allows buying NFT twice

Lines of code Vulnerability details Impact In GroupBuy.purchase, poolInfopoolId.success which prevents buying the same NFT again is only set to true after the sale was executed. This can be exploited by reentering in the following line: address vault = IMarketBuyermarket.executevalue:...

GroupBuy: Lost ETH when the NFT is bought for less than the minimum reserve price

Lines of code Vulnerability details Impact The purchase function does not require that an NFT is bought for exactly minReservePricespoolId filledQuantitiespoolId, the price is only not allowed to be greater: if price minReservePricespoolId filledQuantitiespoolId revert InvalidPurchase; This makes...

User can provide malicious _market in GroupBuy.purchase to steal funds or NFT

Lines of code Vulnerability details Impact The argument market of GroupBuy.purchase is not validated. The following call is directly performed on it: address vault = IMarketBuyermarket.executevalue: pricepurchaseOrder; Then, it is checked that the returned address owns the NFT: if...

Groupbuy: Construction of merkle tree allows some unintended IDs to be bought

Lines of code Vulnerability details Impact In GroupBuy.purchase, when no proof is provided, it is required that the provided token ID is equal to the stored merkleRoot: if purchaseProof.length == 0 // Hashes tokenId to verify merkle root if proof is empty if bytes32tokenId != merkleRoot revert...

GroupBuy does not check return value of call

Lines of code Vulnerability details Impact Both usages of call do not check if the transfer of ETH was succesful: payablemsg.sender.callvalue: contribution""; ... payablemsg.sender.callvalue: balance""; This can become very problematic when the recipient is a smart contract that reverts for...

Upgraded Q -> M from #315 [1671270502271]

Judge has assessed an item in Issue 315 as M risk. The relevant finding follows: Lines of code Vulnerability details Description Collateral.sol exposes a permissioned withdraw function: function managerWithdrawuint256 amount external override onlyRoleMANAGERWITHDRAWROLE nonReentrant if...

Draw organizer can rig the draw to favor certain participants such as their own account.

Lines of code Vulnerability details Description In RandomDraw, the host initiates a draw using startDraw or redraw if the redraw draw expiry has passed. Actual use of Chainlink oracle is done in requestRoll: request.currentChainlinkRequestId = coordinator.requestRandomWords keyHash:...

The recoverTimelock does not sufficiently protect against an admin withdrawing the NFT before a user is able to claim it

Lines of code Vulnerability details Impact When a VRFNFTRandomDraw contract is initialized, the recoverTimelock variable is set. The variable should be used to prevent the admin from calling the lastResortTimelockOwnerClaimNFT function before a certain amount of time has passed to ensure that the...

safeTransfer should be used instead of transferFrom in winnerClaimNFT

Lines of code Vulnerability details Impact The winner of the raffle may be a smart contract which doesn't handle NFTs, thus leaving the NFT irretrievably lost instead of being awarded to an address which can handle NFTs. Additionally, the NFT should be in the VRFNFTRandomDraw contract at the time...

Deposits would revert

Lines of code Vulnerability details Impact When the margin asset is USDT, after the first deposit all following ones would revert allowing no more trades. Proof of Concept The handleDeposit function in Trading.sol's Trading contract is calling approve inconditionally at every deposit. The USDT...

[NAZ-M1] fulfillRandomWords() Must Not Revert

Lines of code Vulnerability details Impact In the current implementation of fulfillRandomWords can revert which it is not supposed to. Proof of Concept In the Chainlink documentation it states: "If your fulfillRandomWords implementation reverts, the VRF service will not attempt to call it a secon...

[NAZ-H1] Reentrancy From Use of _safeMint()

Lines of code Vulnerability details Impact The mint function is used to mint a new position NFT and is only callable by minter. This function uses safeMint to mint these position NFTs which has been known in the past to have Reentrancy issues. Proof of Concept The dangers of surprising code by...

lastResortTimelockOwnerClaimNFT() can retrieve the token although drawing is in progress

Lines of code Vulnerability details Impact owner can retrieve the token although drawing is in progress Proof of Concept lastResortTimelockOwnerClaimNFT Be used in: " If no users ultimately claim the NFT, the admin specifies a timelock period after which they can retrieve the raffled NFT. " But i...

Draw admin/owner can rug the winner after recoverTimelock expires.

Lines of code Vulnerability details Impact The admin/owner of VRFNFTRandomDraw can wait for recoverTimelock to expire before making the draw. This way he can use lastResortTimelockOwnerClaimNFT to take back the reward NFT from the contract without any time to allow for the winner to claim. He cou...

Functions of Trading contract can be reentered by Position.sol#mint

Lines of code Vulnerability details Impact Both the contracts of Position and Trading may not work correctly. Proof of Concept The Position.solmint calls safeMint will trigger a checkOnERC721Received callback, which can be used to reenter. Crackers can use this vulnerability to attack the protoco...

Wrong position size calculation in TradingLibrary.pnl()

Lines of code Vulnerability details Impact Users will pay less closing fees than they should when they have a profitable short position. Also, they will pay more fees when they have a lost short position. Proof of Concept TradingLibrary.pnl calculates the new position size like below. function...

Not enough margin pulled or burned from user when adding to a position

Lines of code Vulnerability details Impact When adding to a position, the amount of margin pulled from the user is not as much as it should be, which leaks value from the protocol and lowering the collateralization ratio of tigAsset. Proof of Concept In Trading.addToPosition the handleDeposit...

If the subscription does not have enough funds the winner can not be chosen

Lines of code Vulnerability details Impact VRF's subscriptionId can be chosen by the drawer, and it is the drawer's responsibility to fund the subscription. If the drawer, maliciously or not, fails to do so, the draw will result in no winners, and the drawer can re-claim the offered NFT...

Lack of access control

Lines of code Vulnerability details The 'createReferralCode' function in the 'Referrals' contract allows any address to create a referral code. This could potentially lead to spam or misuse of the system. Impact If an attacker is able to create a large number of referral codes, they could...

User can abuse tight stop losses and high leverage to make risk free trades

Lines of code Vulnerability details Impact User can abuse how stop losses are priced to open high leverage trades with huge upside and very little downside Proof of Concept function limitClose uint id, bool tp, PriceData calldata priceData, bytes calldata signature external checkDelayid, false;...

Truncate of values can be avoided

Lines of code Vulnerability details Truncate of values can be avoided Summary Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Details In general, this is a problem due to precision. In this case, it also affec...

Wrong address input in BondNFT.createLock results in wrong _owner being saved in memory

Lines of code Vulnerability details Impact Wrong address input in createLock results in function failure of extendLock and claim. Proof of Concept When someone calls lock in Lock.sol, the function BondNFT.createLock is called . bondNFT.createLock asset, amount, period, msg.sender;...

Transfering GovNFT does not update mapping userDebt

Lines of code Vulnerability details Impact Because of not updating the mapping userDebt for receiver userDebtfor on the transfer of GovNFT token, the receiver may be harmed, because of not getting collected fees. Proof of Concept Function transfer... is not updated for userDebtfor, here. Tools Us...

Extending period in Lock contract will block user funds

Lines of code Vulnerability details Impact Extending lock will block users' funds. Contract: Lock.sol Proof of Concept Locking tokens with function lock... will update mapping mapping totalLocked for given asset with value of amount, here: totalLockedasset += amount. However, when extending lock...

Lack of Input Validation

Lines of code Vulnerability details Impact Without proper input validation, it is possible for attackers to pass malicious input to the contract, potentially causing unintended behavior or even allowing the attacker to exploit the contract. Proof of Concept an attacker could pass a negative value...

Users can bypass the maxWinPercent limit using a partially closing

Lines of code Vulnerability details Impact Users can bypass the maxWinPercent limit using a partial closing. As a result, users can receive more funds than their upper limit from the protocol. Proof of Concept As we can see from the documentation, there is limitation of a maximum PnL. Maximum PnL...

Wrong deposit amount in Trading.addToPosition()

Lines of code Vulnerability details Impact Users should deposit a full amount of addMargin but it deducts fee now. As a result, users will pay less funds than they should. Proof of Concept In addToPosition, users deposits addMargin - fee after the fee calculation. File:...

INITREFS() COULD BE USED TO OVERWRITE ALL REFFERAL DATA

Lines of code Vulnerability details Impact Although denoted as deprecated, initRefs is readily there in Referrals.sol that could be called by the owner whose private keys might have been compromised to reassign all the referral data. This could impact the referrers specifically who might have...

Lack of validation on price feeds

Lines of code Vulnerability details Impact Lack of validation on Chainlink price feeds may result in incorrectly functioning or non-functioning protocol. For example: during high volatility a price feed may be suspended or become stale; on L2 networks the sequencer might be down on L2 networks th...

Governance NFT holder, whose NFT was minted before Trading._handleOpenFees function is called, can lose deserved rewards after Trading._handleOpenFees function is called

Lines of code Vulnerability details Impact Calling the following Trading.handleOpenFees function does not approve the GovNFT contract for spending any of the Trading contract's tigAsset balance, which is unlike calling the Trading.handleCloseFees function below that executes...

Contract Owner Possesses Too Many Privileges

Lines of code Vulnerability details Impact The owner has many privileges in the contract: setBlockDelay, setAllowedVault, setMaxWinPorcent, setLimitOrdenPriceRange, setFees, setTradingExtension Proof of Concept function setBlockDelay uint blockDelay external onlyOwner blockDelay = blockDelay; /...

TradingLibrary#verifyPrice doesn't check if data is fresh which can lead to costly downtime

Lines of code Vulnerability details Impact verifyPrice may check against stale data causing valid transactions to revert Proof of Concept if chainlinkEnabled && chainlinkFeed != address0 int256 assetChainlinkPriceInt = IPricechainlinkFeed.latestAnswer; if assetChainlinkPriceInt != 0 uint256...

Distribute is open to rewards manipulation

Lines of code Vulnerability details Impact The distribute function is prone to manipulation by the first depositor if the totalShares is low, since the result of transferFrom in distribute is not checked. This can happen if a malicious user calls createLock whereby shares = 1 then calls distribut...

Compromised or malicious owner of GovNFT contract can call _bridgeMint function on Chain A to block a Governance NFT's holder from bridging such NFT from Chain B to Chain A

Lines of code Vulnerability details Impact After a Governance NFT is minted and transferred to a user on Chain A, this user can bridge it to Chain B. Afterwards, because this NFT is already burned on Chain A, the owner of the GovNFT contract, who can possibly become compromised or malicious, can...

GovNFT contract's owner can stop Governance NFT holders from receiving more rewards from trades' DAO fees, and such reward amounts can remain in Trading contract without belonging to anyone

Lines of code Vulnerability details Impact According to , "Profits from trading fees are paid out to Governance NFT holders in real-time...Rewards are paid out in Tigris stablecoins." However, for some legitimate reasons, such as if the corresponding Tigris stablecoin has a bug, or if the owner o...

IERC20.transfer does not support all ERC20 token

Lines of code Vulnerability details Impact Proof of Concept Token like USDT known for using non-standard ERC20. Missing return boolean on transfer. Contract function handleDeposit will always revert when try to transferfrom this kind of tokens. Tools Used manual review Recommended Mitigation Step...