Unreleased locks cause the reward distribution to be flawed in BondNFT

Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...

Attacker can disable contract functionality

Lines of code Vulnerability details Impact Current setup of the protocol is vulnerable to a DoS attack. This can be achieved by anyone calling initialize on the implementation VRFNFTRandomDraw contract. With the implementation contract initialized the created clones cannot be re-initialized and...

Owner can potentially prevent winner from claiming by starting draw after recover timelock and then calling lastResortTimelockOwnerClaimNFT

Lines of code Vulnerability details Impact The owner can call startDraw at any time, including after the recoverTimelock has expired, which means the owner can call lastResortTimelockOwnerClaimNFT and potentially reclaim the NFT immediately after the draw completes if they do not want the winner ...

The parameters in the setting of the draw are in consistent

Lines of code Vulnerability details Impact When initializing a draw, parameters in settings can be easily set to inconsistent, which can lead to the winner cannot claim the NFT even before reaching the drawBufferTime – time until a re-drawing can occur if the selected user cannot or does not clai...

Weak PRNG

Lines of code Vulnerability details Impact Weak PRNG due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided. src/VRFNFTRandomDraw.sol if settings.recoverTimelock block.timestamp + MONTHINSECONDS 12 revert...

Unprotected contract

Lines of code Vulnerability details Impact Anyone can call makeNewDraw and become admin. src/VRFNFTRandomDrawFactory.sol function makeNewDrawIVRFNFTRandomDraw.Settings memory settings external returns address address admin = msg.sender; // Clone the contract address newDrawing =...

Delayed contests might be rugpulled by admin

Lines of code Vulnerability details In order to guarantee the raffle NFT will not be stuck in the contract, there’s a last resort option which allows the admin the reclaim the NFT from the contract. However, the timestamp as from which this action can take place, is calculated based on when the...

Malicious drawingToken can make bad actor claim the raffle NFT

Lines of code Vulnerability details Description Malicious drawingToken address passed into factory.makeNewDraw can claim the raffle NFT. It can be exploited via a social engineering attack or another scenario is that a malicious owner can pretend to make a raffle with a malicious drawingToken and...

After the redrawing the winner can lose his NFT for the Admin

Lines of code Vulnerability details Impact The owner can manipulate the raffle by deprivation of a specific address winner Proof of Concept Please copy the following POC on VRFNFTRandomDraw.t.sol function testadminRedrawingandReclaimnft public address winner = address0x1337; address winner2 =...

The NFT can be transferred to the owner immediately after startDraw()

Lines of code Vulnerability details lastResortTimelockOwnerClaimNFT as the name says is used in case the winning user doesn't retrieve the won NFT token and in such case the owner can rescue the NFT from the contract. The mentioned function can be only called after a certain period is passed: if...

Draw organizer can time draws so that user's have the illusion of fair random, but draw can be cancelled.

Lines of code Vulnerability details Description In RandomDraw, host can call startDraw or redraw to request a Chainlink random number, which will be used to select the winning user. They may then collect the prize NFT using winnerClaimNFT. The issue is that in the two draw functions, it is never...

Draw can be configured without uncancellable-redraw mechanism

Lines of code Vulnerability details Description RandomDraw initialize contains several checks for the range of drawBufferTime and recoveryTimelock. redraw buffer time can be between 1 hour and 1 month, while recoveryTimelock is between 1 week and 1 year from now. The issue is that the relative...

Winning NFT owner/admin can rug pull attack or DoS attack on winner by removing the winning NFT.

Lines of code Vulnerability details Impact Given the current logic, it is possible to call the redraw method even after recoverTimelock has passed. If the owner does so, the contract will select a new winner for the winning NFT. But it will be up to the owner to give as much time to the winner to...

Admin can withdraw the NFT before the winner timelock ends

Lines of code Vulnerability details Impact The admin could set recoverTimelock before drawBufferTime , thus he can withdraw the NFT before the winner Draw buffer time ends. Proof of Concept The drawBufferTime need to be more then an hour and less then a month and the recoverTimelock need to be at...

Attackers can obtain rewards through the NFT of the flash loan winning ID

Lines of code Vulnerability details Impact The contract judges whether the user has won a prize, but only judges whether the owner of the nft with the specified ID is equal to the user's address user == IERC721EnumerableUpgradeablesettings.drawingToken.ownerOf request.currentChosenTokenId ; But i...

Pending owner can front-run current owner when current owner wants to cancel the ownership transfer.

Lines of code Vulnerability details Impact OwnableUpgradable contract has been modified to transfer ownership in a two-step ownership transfer way. This introduces an issue of front-run when admin adds a pendingOwner but later on decides to cancel the ownership transfer. Pending owner can become...

owner can withdraw the NFT at any time if they wait with starting the draw until after recoverTimelock

Lines of code Vulnerability details Description When creating a random draw the owner specifices a recoverTimelock which is a last resort option to recover the raffled NFT if the draw fails. There are some validations that this is between a week and a year in the future but there's no guarantee...

Wrong calculation of MONTH_IN_SECONDS

Lines of code Vulnerability details Wrong calculation of MONTHINSECONDS : line 33 on VRFNFTRandomDraw.sol is calculating 30 weeks of 7 days instead of 30 days. 30 weeks of 7 days = 3600 24 7 30. 30 days = 3600 24 30. so and wont work properly --- The text was updated successfully, but these error...

Bad actor can burn VRFCoordinatorV2 LINK's balance

Lines of code Vulnerability details Impact All VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and LINK fees are deducted from this smart contract. There are a couple of issues that may be exploited by malicious actor to overinflate calls to VRF and in lead to griefing, e.g. B...

DoS after creating 100 raffles under one subscriptionID

Lines of code Vulnerability details Impact If a user adds new consumer, function VRFCoordinatorV2::addConsumer is called: function addConsumeruint64 subId, address consumer external override onlySubOwnersubId nonReentrant // Already maxed, cannot add any more consumers. if...

Malicious ChainLink's VRF manager can decide to not whitelist VRFNFTRandomDraw or brick ongoing raffles

Lines of code Vulnerability details Impact ChainLinks VRF manager has priviledged position, as all VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and have to be whitelisted in order to be able to send requestRandomWords function. There is centralization risk in this case, tha...

Frontrunning the winnerClaimNFT is possible

Lines of code Vulnerability details Impact The winner in the NFT raffle may be frontrun if he has listed his NFT for sale on a marketplace, stealing his raffle NFT. Proof of Concept A new VRFNFTRandomDraw Clone contract is deployed using makeNewDraw, with some NFT collection as drawingToken and...

Function fulfillRandomWords in VRFNFTRandomDraw contract must not revert

Lines of code Vulnerability details The VRFNFTRandomDraw contract implements the Chainlink VFR feature to pull random data to select the raffle winner. As per their security guidelines the implementation of the fulfillRandomWords function must not revert. Impact If the fulfillRandomWords function...

Generalized frontrunning risk for claiming winnings due to request.currentChosenTokenId being public

Lines of code Vulnerability details Impact The function VRFNFTRandomDraw.sol:fulfillRandomWords called by Chainlink receives an array of random words, and uses it to choose a random offset by which the winning tokenId is selected. The chosen tokenId is stored on the public request variable in the...

Potential race condition when claiming prize

Lines of code Vulnerability details Impact To determine whether a caller has won the raffle, the hasUserWon function of the VRFNFTRandomDraw contract queries the ownerOf function of the drawingToken contract, passing the currentChosenTokenId as argument. In essence, the function is only checking...

Prize token can overlap with drawingToken and prize tokens from other draws.

Lines of code Vulnerability details Impact Creators can create multiple draws with the same prize, but only the first draw to call startDraw will have the prize. This can trick users into entering raffle pools that does not have a prize. Furthermore, the prize token can also be one of the tokens ...

The way the winner claiming NFT is vulnerable to flashloan attack.

Lines of code Vulnerability details Impact The way the winner claiming NFT is vulnerable to flashloan attack. Proof of Concept This kind of attack is similar to ApeCoin Airdrop attack. To determine who is winng the current drawing, there is a hashUserWon function: function hasUserWonaddress user...

A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...

Use of resignOwnership can lead to stuck NFT in contract

Lines of code Vulnerability details Impact Contract OwnableUpgradeable has a resignOwnership function that, if called, can potentially cause the loss of the NFT after a draw has been started. Proof of Concept These are the steps/conditions that make this issue happen: When the owner calls...

Choosing a cheap gas lane may result in no winners

Lines of code Vulnerability details Impact The drawer can choose whichever gas lanekeyHash they like. Giving this choice to the drawer may result in no winners if the network is congested and the drawer chooses a cheap gas lane. Recommended Mitigation Steps Check the options of keyHashes that can...

Token decimals may be above 18 leading to underflow issues

Lines of code Vulnerability details Impact In both StableVault and Trading, there is an assumption that token decimal amounts are =18. However this can break if token decimals are 18, resulting in underflow which can lead to unpredictable behaviors, and extreme amounts during deposits and...

integer overflow or underflow

Lines of code Vulnerability details Impact If an integer overflow or underflow occurs in the contract, it could lead to incorrect calculations and potentially unintended consequences, such as the transfer of incorrect amounts of tokens or the allocation of incorrect amounts of rewards. This could...

Error in trade accumulated interest calculation

Lines of code Vulnerability details Impact The trade's accumulated interest may result smaller than expected when long open interest is zero. Proof of Concept function tradesuint id public view returns Trade memory ... int256 pendingFunding; if trade.direction && longOi...... 0 pendingFunding =...

Owners can delay the call to startDraw to reject the draw result

Lines of code Vulnerability details Impact Owners can call lastResortTimelockOwnerClaimNFT to reclaim NFT back if settings.recoverTimelock block.timestamp // Stop the withdraw revert RECOVERYISNOTYETPOSSIBLE; ... If an owner delays the startDraw until settings.recoverTimelock, the owner can call...

reentrancy

Lines of code Vulnerability details Impact If an attacker were able to successfully exploit a reentrancy vulnerability in this contract, they could potentially cause the contract to enter an infinite loop, consuming all available gas and rendering it unusable. This could result in financial losse...

Might lose manager forever

Lines of code Vulnerability details Impact If project sets new manager with a typo, might lose manager forever Proof of Concept function setManager address manager public onlyOwner manager = manager; https://twitter.com/realgmhacker/status/1603362870699429889?s=20&t=vm4wY1ITefLhCW8BDa0oig...

LOWER BOUNDARY OF DRAWING TOKEN RANGE IS TOO LOW

Lines of code Vulnerability details Impact The current logic in VRFNFTRandomDraw.sol could lead to undesirable edge cases due to allowing the lower limit of the drawing token range to be as low as 2. It could lead to a long drag before the raffle could end or cancel if one of the drawing tokens i...

_priceData.price is not verified in _limitClose

Lines of code Vulnerability details Impact In the function limitClose from the TradingExtension contract the priceData.price is not verified with the getVerifiedPrice function instead its value is directly used, and because the the getVerifiedPrice internally calls the function...

Chainlink price feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact As mentioned by , "Prices provided by the oracle network are also compared to Chainlink's public price feeds for additional security. If prices have more than a 2% difference the transaction is reverted." The Chainlink price verification logic in the...

Error when handling deposit in the addToPosition function

Lines of code Vulnerability details Impact In the function addToPosition from the Trading contract the amount of open fees are handled using the handleOpenFees function but when calling the handleDeposit function the wrong margin is passed, in fact the handleDeposit function gets addMargin - fee...

Ignored return value from "IERC20.transferFrom()"

Lines of code Vulnerability details Impact The return value from IERC20.transferFrom in "StableVault" was not checked, a malicious actor could first deposit a number of tokens without actually having it and then subsequently withdraw that amount of tokens from the "StableVault" Proof of Concept...

Wrong value of MONTH_IN_SECONDS could make it impossible to recover NFT in 7 years

Lines of code Vulnerability details Impact Constant MONTHINSECONDS has incorrect value. Instead of 1 month, it has the value of 7 months. // @dev about 30 days in a month uint256 immutable MONTHINSECONDS = 3600 24 7 30; // @audit wrong value, could allow bufferTime and recoverTimelock become too...

Unable to release funds deposited through Lock-extendLock

Lines of code Vulnerability details Impact Users depositing tig assets to the bondNFT through the Lock contract could find themselves unable to release their funds. The only explanation the user would receive is an "Arithmetic over/underflow" error. This issue greatly deteriorates the user...

Miners Can Re-Roll the VRF Output to Game the Protocol

Lines of code Vulnerability details Impact Miners are able to rewrite a chain's history if they dislike the VRF output used by the protocol. Consider the following example: A miner or well-funded user is participating in the PoolTogether protocol. A VRF request is made and fulfilled in the same...

The raffle could be slightly unfair as the owner of NFT ID which is closer to drawingTokenStartId could have more chance to win

Lines of code Vulnerability details Impact The raffle could be slightly unfair as the owner of NFT ID which is closer to drawingTokenStartId could have more chance to win. Proof of Concept As written in , "We want to raffle away a single NFT token based off of another NFT collection or drawingTok...

Minter privilege escalation vulnerability

Lines of code Vulnerability details Impact The contract owner could potentially abuse their privileges to manipulate the token supply and undermine the integrity of the token economy. Proof of Concept The 'setMinter' function in the contract allows the contract owner to set the minter status for...

In case the winner is the address(0)

Lines of code Vulnerability details Impact Temporary freezing NFT this can be more than one period Proof of Concept On VRFNFTRandomDraw.fulfillRandomWords 254 request.currentChosenTokenId = 255 randomWords0 % tokenRange + 256 settings.drawingTokenStartId; In case ownerOfrequest.currentChosenToken...

Unchecked setters

Lines of code Vulnerability details Impact Incorrect data: If the 'referred' or 'protocol' variables are set to incorrect values, it could result in incorrect or unexpected behavior in the contract. Manipulation: Malicious actors could potentially exploit this vulnerability to manipulate the syst...

ERC20 approvals may need to be set to 0 beforehand

Lines of code Vulnerability details Impact There are some instances where there is an ERC20 approval for a max uint256 amount. ERC20 tokens such as USDT require the address allowance to be set to 0 beforehand, so this would cause reverts for those tokens. Proof of Concept -Token such as USDT gets...

LP Rewards can be increased infinitely by a malicious liquidity provider

Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...