Aliasing L1 sender on L2

Lines of code Vulnerability details Impact If a contract on L1 has the same address as a contract on L2 but doesn't have the same code, we will have a critical issue, as funds will be lost. Proof of Concept Both Optimism and Arbitrum implements applyL1ToL2Alias / undoL1ToL2Alias logic to prevent ...

No incentive mechanism for allowed senders to call finalizeWithdrawal on behalf of withdrawers.

Lines of code Vulnerability details Impact Since finalizeWithdrawal is a permissioned function, if there are no mechanism in place for allowed senders to trigger it, withdrawers would not able to receive their funds in a timely fashion. Proof of Concept The withdrawal functions such...

Double spending risk in L1 Bridge Contract

Lines of code Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked fund while they still have token balance in L2 network. Proof of Concept Let us focus on the L1ERC20Bridge.sol /// @dev Withdraw funds from...

Upgraded Q -> M from 91 [1667616172726]

Judge has assessed an item in Issue 91 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 149 [1667660267515]

Judge has assessed an item in Issue 149 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 250 [1667617695647]

Judge has assessed an item in Issue 250 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 502 [1667614585174]

Judge has assessed an item in Issue 502 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 502 [1667614581063]

Judge has assessed an item in Issue 502 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 407 [1667616784805]

Judge has assessed an item in Issue 407 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 203 [1667614189925]

Judge has assessed an item in Issue 203 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 62 [1667612948063]

Judge has assessed an item in Issue 62 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 211 [1667662048262]

Judge has assessed an item in Issue 211 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 262 [1667614992867]

Judge has assessed an item in Issue 262 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1667615741898]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

The governor can use the replay attack to manipuate the votes in his favor

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Since the argument of function approveEmergencyDiamondCutAsSecurityCouncilMember does not have the proposalID, a governor can use replay attack to manipulate the votes in his favor, that is, even not...

Unchecked array length of the public_inputs[] in Verifier.sol

Lines of code Vulnerability details Impact If an array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above. Vulnerability Details Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitu...

Unchecked array lenght

Lines of code Vulnerability details Impact If an array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above. Description Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitude higher...

initializer modifier on constructor function

Lines of code Vulnerability details Impact In L2StandardERC20.sol the initializer modifier is placed both on the constructor function and on the bridgeInitialize function. When the initializer modifier is used it cannot be called again on any function in the contract since it will revert with a...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1EthBridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem because...

May introduce an invalid Facet into the system

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The saveFacetIfNew has not checked if the newly introduced facet is valid or not a valid contract, therefore, an invalid address might be added as a facet. according to Solidity documentation, "If the...

Timelock Contract should be used to avoid malicious governance

Lines of code Vulnerability details Impact Governance of Market.sol can call following function at anytime. This is not ideal since they can call this function for their own benefits. For example they can change liquidationFactorBps to gain more liquidationFee. They can change collateralFactorBps...

operator role it's handled in a way that can damage the protocol

Lines of code Vulnerability details operator role it's handled in a way that can damage the protocol Impact Same logic is being deployed several times, for maintainability is hardly recommended to not copy paste same logic many times but inherit it. Also there is an issue in BorrowController with...

Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked

Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...

Oracle.sol uses deprecated Chainlink method latestAnswer()

Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...

DOLA can be borrowed without owning any DBR

Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...

Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract

Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...

Rug Vector draining DOLA token

Lines of code Vulnerability details Impact Market.sol contract contains a rug vector in plain sight, the recall function. If Market.sol contract's DOLA token is being drained by lender, then any of borrow or replenish function will reverted because no DOLA token exist. Even though this is not...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed. However, the received data is not validated/checked for freshness and round completeness. This might cause the price to be stale and it can lead t...

Front-running of a pledge call

Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...

Reuse of previous voting difference in extendPledge() charges too much fees

Lines of code Vulnerability details Description In Warden Pledge, creators can extend the life span of an existing pledge using extendPledge. Here's the implementation: uint256 addedDuration = newEndTimestamp - oldEndTimestamp; ifaddedDuration maxTotalRewardAmount revert...

Oracle Price Calculation will Return Wrong Price for Certain Tokens

Lines of code Vulnerability details Impact viewPrice and getPrice functions of Oracle.sol has wrong price calculation implementation and so it will return wrong price for certain tokens. It only works well for tokens that has 18 decimals. This is because of hard-coded "36" in these functions line...

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

If tokenDecimals isn’t 18, “viewPrice” and “getPrice” return unexpected price.

Lines of code Vulnerability details Impact If tokenDecimals is 18, viewPrice and getPrice return the price with decimal 18 and Market.sol catches the price and calculate expectedly. But if tokenDecimals isn’t 18, e.g. 6, they return the price with decimal 30 and Market.sol calculates wrong...

Votes can be reused

Lines of code Vulnerability details Impact A user can repeatedly call pledge for many Pledges and earn all the different rewards from pledge owners since the votes are not locked up / voting power is not locked up. Proof of Concept User delegates to a Pledge by calling pledge and repeating the...

Pledge creator can increase their pledges' reward per vote without paying in edge cases

Lines of code Vulnerability details Impact Pledge creator can increase their pledges' reward per vote without paying in edge cases. Proof of Concept When pledge creators wants to increase their pledges' reward per vote, they must transfer an additional reward amount and fee: uint256...

Pledge creator can extend pledge without paying in edge cases.

Lines of code Vulnerability details Impact Pledge creator can extend pledge without paying in edge cases. Proof of Concept When pledge creators wants to extend their pledges, they must transfer an additional reward amount and fee: uint256 totalRewardAmount = pledgeParams.rewardPerVote...

Current votesDifference is not checked when extending a pledge or increasing the rewardPerVote

Lines of code Vulnerability details Impact When the pledge creator tries to extend his pledge or to increase the rewardPerVote of the pledge the old votesDifference set when creating the pledge is used to calculate the totalRewardAmount and the feeAmount, this will force the creator to pay a high...

Owner can withdraw all funds from a WardenPledge contract

Lines of code Vulnerability details Impact recoverERC20 is meant to allow the owner to recover funds sent by mistake to the contract, and contains a check to make sure funds can't be withdrawn for whitelisted rewards tokens. However because the owner can unwhitelist tokens and no checks exist in...

Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount

Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...

Owner can drain pledged tokens balance with recoverERC20 function

Lines of code Vulnerability details Impact The recoverERC20 function allows the owner to withdraw the ERC20 tokens sent by acceident to the contract but it doesn't allow him to withdraw pldged tokens, the owner though could use the removeRewardToken function to remove a token used currently in a...

Pausing WardenPledge contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling closePledge or retrievePledgeRewards function

Lines of code Vulnerability details Impact The owner of the WardenPledge contract is able to call the pause function to pause this contract. When the WardenPledge contract is paused, calling the closePledge or retrievePledgeRewards function that uses the whenNotPaused modifier reverts, and the...

A single point of failure is not acceptable for this project

Lines of code Vulnerability details Impact The pause function on WardenPledge.sol has a single point of failure and onlyOwner can stop all project. Owner is not behind a multisig and changes are not behind a timelock.This information hasnt got in documents Even if protocol admins/developers are n...

Malicious owner can steal reward tokens

Lines of code Vulnerability details The recoverERC20 function allows the contract owner to transfer arbitrary ERC20 tokens owned by the WardenPledge contract in order to recover tokens sent by mistake to the contract. In order to protect against withdrawal of deposited reward tokens, it includes ...

recoverERC20 can drain user's funds

Lines of code Vulnerability details recoverERC20 function is deployed so users who have accidently sent erc20 tokens to the contract be able to recover them. recoverERC20 uses ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; to check if token was set to one of the RewardTokens o...

Excessive owner privilege - can freeze pledge creator's funds after pledging period completed.

Lines of code Vulnerability details Description The retrievePledgeRewards function is used by pledge creator, only after pledge endTimestamp has passed. It will collect for the creator all unused reward tokens. Since it can only operate after endTimestamp, the pledge has for all intents and...

[M1] Owner can steal any createdPledge's tokens

Lines of code Vulnerability details Impact Malicious owner can steal any created pledge even to drain the whole contract Proof of Concept Functions like recoverERC20 are good to recover tokens accidentally transferred to a contract. The common approach for these function is to exclude real tokens...

Wrong reward calculation when reward token's decimals are different than 18

Lines of code Vulnerability details Impact When a user creates a pledge, she can specify the maximum amount of the Total Rewards and the maximum amount of fee amount she is willing to spend. By using the rewardPerVote, the vars.votesDifference and the vars.duration the smart contract calculates...

Admin can rug

Lines of code Vulnerability details Impact Admin can rug all of the contract's funds Proof of Concept The function recoverERC20 is only callable by the owner and its goal is: @notice Recovers ERC2O tokens sent by mistake to the contract. The call fails if minAmountRewardTokentoken != 0 , which is...

The pledge creators might lose all of their funds by recoverERC20().

Lines of code Vulnerability details Impact There is a recoverERC20 function to withdraw ERC20 tokens from the contract. Currently, it checks if the token isn't an active reward token but it can be passed easily if the admin removes the reward token using removeRewardToken. So if the admin removes...