Upgraded Q -> M from #471 [1668464969039]

Judge has assessed an item in Issue 471 as M risk. The relevant finding follows: The whole report --- The text was updated successfully, but these errors were encountered: All reactions...

deposit and withdraw emit the same event than mint and burn in ERC20 and can affect to Dapps

Lines of code Vulnerability details Impact Deposit and Withdraw emit the same event than burn and mint than ERC20 so it's not possible to distinguish in a DAPP than deposit and withdraw are not mint or burn and could affect to the DAPP logics. For example, cointracking.info could understand in a...

Counterparty can cancel subsequent orders within ETH or token transfer callback.

Lines of code Vulnerability details Impact The scenario is when a caller uses bulkExecute to request a sequence of executions on the Exchange. The caller will generally expect that all orders valid prior to calling bulkExecute will be valid during the execution of bulkExecute. However, a...

Upgraded Q -> M from #215 [1668468272191]

Judge has assessed an item in Issue 215 as M risk. The relevant finding follows: 7. No max fee is set on setFlashLoanFee function There is no max fee set. This allows a malicious owner to set a very high amount of flashloan fee , which allows the malicious admin to grief other users. He can also...

Upgraded Q -> M from #194 [1668467876517]

Judge has assessed an item in Issue 194 as M risk. The relevant finding follows: L-04 Should be a upper-bound on Flash-loan fee There are 1 instances of this issue: File : = Recommended Mitigation There should be a upper bound of Flash-loan fee define in contract so that owner can't able to set f...

Upgraded Q -> M from #276 [1668468011155]

Judge has assessed an item in Issue 276 as M risk. The relevant finding follows: Misaligned parameters when calling beforeTokenTransfer in LBToken:burn LBToken.sol L237 address0 and account should be switched on calling beforeTokenTransfer in LBToken:burn. There's no side effects currently becaus...

Reentrancy attack can be used to externally call the _execute function in the Exchange contract

Lines of code Vulnerability details Reentrancy attack can be used to externally call the execute function in the Exchange contract The execute function present in the Exchange contract is intended to be called only internally using delegatecall by the execute and bulkExecute functions. This is...

Theft of ETH that was not used for the successful execution of orders

Lines of code Vulnerability details Description There are execute and bulkExecute functions in Exchange smart contract. There is the refund of any ETH that was unused for example that was left due to the unsuccessful order execution at the end of its execution flow: returnDust; returnDust functio...

Tokens transfers do not verify that the tokens were successfully transferred

Lines of code Vulnerability details Impact Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false instead, which requires us to check the return value after calling the transfer/transferfrom function. Even though, the exchange seems to only suppor...

Anyone can take the remaining ETH in the Exchange (proxy) contract

Lines of code Vulnerability details Impact Anyone can take the remaining ETH in the Exchange proxy contract Proof of Concept Because returnDust just send all ETHs of the Exchange balance to caller, anyone can call bulkExecuteexecutions with 1wei and an empty executions list to drain the contract:...

Upgraded Q -> M from #407 [1668467735071]

Judge has assessed an item in Issue 407 as M risk. The relevant finding follows: Incorrect parameters for beforeTokenTransfer hook In LBToken.sol, the beforeTokenTransfer hook has the following parameters: 317: /// @param from The address of the owner of the token 318: /// @param to The address o...

Upgraded Q -> M from #234 [1668465995897]

Judge has assessed an item in Issue 234 as M risk. The relevant finding follows: 1.LBToken: In the burn function, beforeTokenTransfer uses incorrect from and to. Burning tokens should be transferred to 0 address. Proof of Concept Recommended Mitigation Steps beforeTokenTransfer account, address0,...

_returnDust doesn't check the return value after call

Lines of code Vulnerability details Impact returnDust doesn't check that the call has been sucesfully. For example, if the buyer is a contract could fail during the reception but due to returnDust doesn't check the return value to revert the transaction in case of failure the tokens could be...

Attacker can spoof remainingETH and double-spend their input ETH to Exchange

Lines of code Vulnerability details Description remainingETH is an important state variable in Exchange.sol, which keeps track of how many ETH have yet to be used as payment from the current msg.value. The setupExecution modifier sets the value before and after execution: modifier setupExecution...

The setupExecution is reentrancy attack vulnerable

Lines of code Vulnerability details Impact The setupExecution can be re-entered by calling bulkExecute inside an execution. Because the global state remainingETH and isInternal are modified reset to 0 and flase after the latter reentrant call, the previous call is affected: 1. all subsequent...

Upgraded Q -> M from #451 [1668467945427]

Judge has assessed an item in Issue 451 as M risk. The relevant finding follows: THRESHOLD LIMIT CHECKS Certain parameters of the contracts can be configured to invalid values, causing a variety of issues and breaking expected interactions between contracts. setFlashLoanFee allows the owner of...

Signature Malleability in case of using EVM built-in ecrecover()

Lines of code Vulnerability details Impact The ecrecover function which is used verify a signature. The built-in EVM precompile ecrecover is susceptible to signature malleability because of non-unique s and v values which could lead to replay attacks. Proof of Concept Tools Used Manual Analysis...

Susceptible to reorg attack

Lines of code Vulnerability details Impact When reorg happens, it is possible that the cancelled order by the taker be executed by the maker. Proof of Concept Suppose userA is seller and userB is buyer, seller is maker, and buyer is taker. After some time, userB the buyer cancels the order by...

Upgraded Q -> M from #403 [1668467487185]

Judge has assessed an item in Issue 403 as M risk. The relevant finding follows: 1. No upper limit check on flash loan fee No upper limit check on setFlashLoanFee. Although only admin can set this, human error can lead to higher percente swap, leading to excess swap and gas fee. Or admin can rug...

_returnDust may sweep more eth than it is entitled to

Lines of code Vulnerability details Impact returnDust instead of returning the rightful remainingETH amount, it returns selfbalance. If eth gets into the contract somehow, it can be swept by anyone, who passes in some eth through bulkExecute, even with empty executions parameter. Proof of Concept...

Recipients Can Steal Remaining ETH from Exchange

Lines of code Vulnerability details Impact This vulnerability allows recipients to reenter the Exchange contract, stealing remaining ETH. When a batch of orders are matched using the bulkExecute method a malicious recipient of assets may reenter the bulkExecute method, stealing ETH that would've...

Cross-functional re-entrancy resulting in stealing any additional/extra ether sent by the execute() 's caller

Lines of code Vulnerability details Impact The contract Exchange.sol has execute function which can be called by anyone to execute a single buy and sell order. The function calls execute then returnDust. The latter sends the unrequired ether back to the caller. However, a malicious actor could...

#bulkExecute() can reenter to steal funds

Lines of code Vulnerability details Impact ExchangebulkExecute can reenter, and internal execution of delegatecall is allowed to fail, not revert, malicious users can reenter to steal funds Proof of Concept Assumptions: There is a malicious user alice,with NFT for sale, paid through eth If user b...

A malicious user can steal all the excess balance on the pool by calling the execute function with higher amount than the selling amount

Lines of code Vulnerability details Impact When an order is matched, the Buyer has the option to pay in either ETH, WETH or via the Pool contract. The Exchange smart contract implements a function returnDust which returns the extra ETH to the user, if she overpays. The function is implemented in...

Left ERC20/ETH can be withdrawn by anyone

Lines of code Vulnerability details Impact Any remaining balance can be used by anyone. This can impact on users who transfers directly to the protocol by mistake. Proof of Concept If any user by mistake transfers ERC20/ETH directly not through the ERC20EnabledLooksRareAggregator or execute...

The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction.

Lines of code Vulnerability details Impact The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction. Proof of Concept In non-atomic some of the orders could fail and funds should return and the end of execute function - . But the returnETHIfAny...

User can drain all ether from LooksRareAggregator contract

Lines of code Vulnerability details Impact Anyone could drain all ether from this contract. Proof of Concept function execute TokenTransfer calldata tokenTransfers, TradeData calldata tradeData, address originator, address recipient, bool isAtomic external payable nonReentrant if recipient ==...

LooksRareProxy is missing the fee mechanism, protocol may loss the revenue from fee

Lines of code Vulnerability details Impact LooksRareProxy is missing the fee mechanism, the protocol may lose revenue from the fee. Even if you intend to have a free fee, the fee mechanism should be implemented in case you need to enforce the fee in the future. Proof of Concept function execute...

Tokens and ETH can be sweeped from LooksRareAggregator

Lines of code Vulnerability details Impact Tokens and ETH can be sweeped from LooksRareAggregator Proof of Concept A malicious user may transfer out any tokens or ETH that are owned by LooksRareAggregator. To do so, a such user has to call execute - and make the trade. After executing of order...

The owner of the contract can broke the storage of the LooksRareAggregator contract

Lines of code Vulnerability details Impact The owner of the contract can broke the storage of the LooksRareAggregator contract Proof of Concept The addFunction function - can be called by the owner to to set proxy address and function selector for the function to be called inside this proxy. This...

Vampire attack on the LooksRareAggregator

Lines of code Vulnerability details Description The LooksRareAggregator project is almost stateless and most of its code is open. Someone may fork it and make a lower fee for the users or even add other incentives. Unlike Uniswap, the aggregator doesn't have a network effect, so it is economicall...

Pulling user's ERC20 tokens to Contract LooksRareAggregator requires approvals from the user

Lines of code Vulnerability details Impact Contract ERC20EnabledLooksRareAggregator pulls user's ERC20 tokens to Contract LooksRareAggregator without pre-approvals from the user. This will prohibit the token transfer unless somewhere else the approvals have been done e.g. before calling the...

calling execute() may lead to stealing funds if some ERC20 is stuck on the contract

Lines of code Vulnerability details Impact if some tokens is sent erroneously or not to the contract, anyone that calls correctly LooksRareAggregator.execute will be able to steal those coins. to execute the function using ethers as payment, these conditions must be true: there is at least a trad...

ETH amount that is trapped in LooksRareAggregator contract can be withdrawn by user who is not LooksRareAggregator's owner

Lines of code Vulnerability details Impact When ETH amount is trapped in the LooksRareAggregator contract, such as when someone accidentally sends some ETH to it, the owner of the LooksRareAggregator contract has the privilege to call the rescueETH function to transfer such amount to a proper...

Native funds on the aggregator contract balance is a free grab

Lines of code Vulnerability details Native funds on the aggregator contract balance is a free grabLooksRareAggregator's execute returns the native balance of the contract to the caller even when nothing was provided with the call. This happens when LooksRareAggregator's execute is called directly...

Address(0) owner is dangerous

Lines of code Vulnerability details Impact If the current owner confirms the renouncement, the new owner will have address zero. In this case no new owner can be assigned and the functions with onlyOwner modifier will be un-callable forever. Proof of Concept This mechanism is dangerous, because i...

Transfer error can fail unnoticed

Lines of code Vulnerability details Impact Quoting Solidity docs: The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed...

Seaport proxy is missing ERC20 approval, so it can't buy any order that is listed using an ERC20

Lines of code Vulnerability details Impact Seaport proxy is missing ERC20 approval, so it can't buy any order that is listed using an ERC20. Proof of Concept function execute BasicOrder calldata orders, bytes calldata ordersExtraData, bytes calldata extraData, address recipient, bool isAtomic,...

It is possible for ETH to be trapped inside LooksRareAggregattor contract

Lines of code Vulnerability details Impact If a user purchases NFTs with ETH or ETH and ERC20 tokens but with limited gas fees, it is possible that all purchase transactions are successful and have some ETH or ETH and ERC20 tokens left. The left ETH may be trapped inside the contract and the user...

call opcode's return value not checked.

Lines of code Vulnerability details Impact The call opcode's return value not checked, which could leads to the originator lose funds. Proof of Concept The caller of LooksRareAggregator.sol::execute could be a contract who may not implement the fallback or receive function, when a call to it with...

Anyone can get access to ERC20 tokens in LooksRareAggregator contract

Lines of code Vulnerability details Impact The TokenRescuer contract helps to rescue eth and erc20 tokens and can only be called by the owner. However, any trapped eth or erc20 tokens can actually be taken out by anyone. Essentially the function and access control of the TokenReceiver contract ca...

_returnETHIfAny() can silently fail, leading to an originator not getting the expected refund

Lines of code Vulnerability details The execute function refunds the unused ETH back to the originator through returnETHIfAny. This internal function uses a low-level call to transfer the ETH. The issue is that the return value of the call is not checked. As per the Solidity documentation...

Any user can collect tokens trapped in the aggregator

Lines of code Vulnerability details Impact Any user can execute a trade on the aggregator to collect trapped tokens. Which should be an action only allowed by the owner. The issue is in how returnERC20TokensIfAny gets the amount to send back by checking the balances of the contract. Proof of...

ETH could be locked in LooksRareAggregator

Lines of code Vulnerability details Impact ETH is returned to originator at the end of function LooksRareAggregatorexecute.... However, this logic does not check for returned value from originator in case originator is a contract and reverts when receiving ether. The result is that the transactio...

Without strictly verifying the attribution of balance and the size of the balance when refunding, hackers may use the attack to steal all ERC20 tokens！

Lines of code Vulnerability details Impact When using any ERC20 token to purchase NFT, after the purchase is successful, the 108th line of code in the contract LooksRareAggregator determines whether there are any remaining unused ERC20 tokens. If there is any remaining, it will be returned to the...

Contract LooksRareAggregator does not verify the proxy has code when delegatecall() is called on the proxy

Lines of code Vulnerability details Impact Delegatecall will return ‘True’ for the status value if it is called on an address that is not a contract and so has no code. This can cause bugs if code expects delegatecall functions to return False when they have to perform special logic. If, for some...

It is possible for a user's ETH to be trapped inside the contracts.

Lines of code Vulnerability details Impact It is possible that a user's ETH will be trapped inside the contracts. returnETHIfAnyoriginator; But in the implementation of the returnETHIfAny function, it will just silently return even the returning ETH transaction fails. As a result, even if the use...

LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful

Lines of code Vulnerability details Impact This means that the caller won't receive ETH but the transaction will continue, this could specially affects to function LookRareAggregator.execute, which use returnETHIfAnyaddress function, leading to originator lose of funds or mess up its state...

Initialization function can be front-run

Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code Vulnerability details Impact The protocol has recognized the need to track buyers ETH in order to refund unused ETH by implementing the returnDust function and setupExecution modifier. The implementation creates an attack vector that allows the seller to steal the unused ETH...