ergs price problem

Lines of code Vulnerability details No mechanism has been defined for " l2TransactionBaseCost" function. On the other hand, any Oracle is not used in the whole project to get the price of gas, so this whole project will suffer in coordinating between the price of “ergs” in ZK layer and the real a...

[Tomo-H1] All funds can drain if some conditions matched

Lines of code Vulnerability details function finalizeWithdrawal uint256 l2BlockNumber, uint256 l2MessageIndex, uint16 l2TxNumberInBlock, bytes calldata message, bytes32 calldata merkleProof external nonReentrant senderCanCallFunctionallowList...

Double spending risk in L1 Bridge Contract

Lines of code Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked fund while they still have token balance in L2 network. Proof of Concept Let us focus on the L1ERC20Bridge.sol /// @dev Withdraw funds from...

Upgraded Q -> M from 407 [1667616784805]

Judge has assessed an item in Issue 407 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 203 [1667614189925]

Judge has assessed an item in Issue 203 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 62 [1667612948063]

Judge has assessed an item in Issue 62 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 207 [1667615741898]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 149 [1667660267515]

Judge has assessed an item in Issue 149 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 502 [1667614585174]

Judge has assessed an item in Issue 502 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 262 [1667614992867]

Judge has assessed an item in Issue 262 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 502 [1667614581063]

Judge has assessed an item in Issue 502 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 91 [1667616172726]

Judge has assessed an item in Issue 91 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 250 [1667617695647]

Judge has assessed an item in Issue 250 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 211 [1667662048262]

Judge has assessed an item in Issue 211 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

The governor can use the replay attack to manipuate the votes in his favor

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Since the argument of function approveEmergencyDiamondCutAsSecurityCouncilMember does not have the proposalID, a governor can use replay attack to manipulate the votes in his favor, that is, even not...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

initializer modifier on constructor function

Lines of code Vulnerability details Impact In L2StandardERC20.sol the initializer modifier is placed both on the constructor function and on the bridgeInitialize function. When the initializer modifier is used it cannot be called again on any function in the contract since it will revert with a...

Unchecked array length of the public_inputs[] in Verifier.sol

Lines of code Vulnerability details Impact If an array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above. Vulnerability Details Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitu...

Unchecked array lenght

Lines of code Vulnerability details Impact If an array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above. Description Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitude higher...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1EthBridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem because...

May introduce an invalid Facet into the system

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The saveFacetIfNew has not checked if the newly introduced facet is valid or not a valid contract, therefore, an invalid address might be added as a facet. according to Solidity documentation, "If the...

Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked

Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...

Oracle.sol uses deprecated Chainlink method latestAnswer()

Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...

DBR can be reused between multiple debtor accounts

Lines of code Vulnerability details Impact A borrower can reuse DBR between various accounts. When a user attempts to call forceReplenish, the borrower will transfer the held DBR to the targeted account. In theory, a borrower can have infinite accounts in DBR debt but enough DBR on a single accou...

Pledge creator can extend pledge without paying in edge cases.

Lines of code Vulnerability details Impact Pledge creator can extend pledge without paying in edge cases. Proof of Concept When pledge creators wants to extend their pledges, they must transfer an additional reward amount and fee: uint256 totalRewardAmount = pledgeParams.rewardPerVote...

Reuse of previous voting difference in extendPledge() charges too much fees

Lines of code Vulnerability details Description In Warden Pledge, creators can extend the life span of an existing pledge using extendPledge. Here's the implementation: uint256 addedDuration = newEndTimestamp - oldEndTimestamp; ifaddedDuration maxTotalRewardAmount revert...

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

Divide before multiply

Lines of code Vulnerability details division before multiply Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Proof of Concept In general, this is a problem due to precision. In this case, it also affect...

replenishmentPriceBps can be set arbitrarily high by the operator

Lines of code Vulnerability details Impact The operator can increase the debt of a user with any deficit, beyond what is reasonable. Proof of Concept replenishmentPriceBps can be set arbitrarily high by the operator: function setReplenishmentPriceBpsuint newReplenishmentPriceBps public onlyOperat...

SimpleERC20Escrow's initialize() can be frontrun

Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...

Excessive owner privilege - can freeze pledge creator's funds after pledging period completed.

Lines of code Vulnerability details Description The retrievePledgeRewards function is used by pledge creator, only after pledge endTimestamp has passed. It will collect for the creator all unused reward tokens. Since it can only operate after endTimestamp, the pledge has for all intents and...

recoverERC20 can drain user's funds

Lines of code Vulnerability details recoverERC20 function is deployed so users who have accidently sent erc20 tokens to the contract be able to recover them. recoverERC20 uses ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; to check if token was set to one of the RewardTokens o...

Current votesDifference is not checked when extending a pledge or increasing the rewardPerVote

Lines of code Vulnerability details Impact When the pledge creator tries to extend his pledge or to increase the rewardPerVote of the pledge the old votesDifference set when creating the pledge is used to calculate the totalRewardAmount and the feeAmount, this will force the creator to pay a high...

No access control for initialize in diamondinit

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The initialize function has no access control and thus a malicious user can call it an rest all the the parameters of the system. Proof of Concept Provide direct links to all referenced code in GitHub...

Owner can withdraw all funds from a WardenPledge contract

Lines of code Vulnerability details Impact recoverERC20 is meant to allow the owner to recover funds sent by mistake to the contract, and contains a check to make sure funds can't be withdrawn for whitelisted rewards tokens. However because the owner can unwhitelist tokens and no checks exist in...

Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract

Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...

If transferring DBR after borrowing DOLA in same transaction, DBR amount that is used already for borrowing DOLA can still be shared to allow users who do not own DBR to borrow DOLA

Lines of code Vulnerability details Impact Although my other finding named "DOLA can be borrowed without owning any DBR" indicates that users who do not own any DBR can still borrow DOLA, the design still appears to only allow the DBR owners to borrow DOLA; this is confirmed by , which states tha...

Front-running of a pledge call

Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...

Transfer from does not make check for allowance size

Lines of code Vulnerability details Impact Transfer from does not make check for allowance size Proof of Concept Tools Used Static analytics Recommended Mitigation Steps Add check to be sure that currentAllowance = amount is true --- The text was updated successfully, but these errors were...

1-phase governor changing in Fed

Lines of code Vulnerability details Impact Mistake in calling this function setting 0-address or just wrong address will lead to full control loosing Tools Used vs code Recommended Mitigation Steps Do 2-phase changing like in DolaBorrowingRights.setPendingOperator and...

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

## gov role can affect the whole functioning of the Market

Lines of code Vulnerability details gov role can affect the whole functioning of the Market Impact There are many functions that can only be triggered by onlyGov role, this means losing it will be harmful for the functioning of the system. So basically in Market.sol we find functions affecting th...

Admin can set very low or very high value for setting fees & collateral factor in Market.sol resulting in value loss and/or DoS

Lines of code Vulnerability details Proof of Concept The contract’s admin has control to set values in setCollateralFactorBps, setLiquidationFactorBps, setReplenismentIncentiveBps, setLiquidationIncentiveBps, setLiquidationFeeBps. All of them have upper bounds, most of them have lower bounds, but...

Liquidatin function does not consider cases where the liquidate user does not have enough collateral to pay.

Lines of code Vulnerability details Impact Liquidatin function does not consider cases where the liquidate user does not have enough collateral to pay. Proof of Concept The problem is the paid collateral in determined by repaiddebt: I ingnored decimals for simplifcation of the formulas I'm gonna...

A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.

Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...

No access control INVEscrow.onDeposit() --> infinite balance xINV.

Lines of code Vulnerability details Impact No access control on INVEscrow.onDeposityou can call recursively the function to artificially increase your xINV balance. Proof of Concept Any user with a non null balance on its escrow can call the function infinitely to mint xINV tokens via...

Deprecated ChainLink API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept function latestAnswer externa...

operator role it's handled in a way that can damage the protocol

Lines of code Vulnerability details operator role it's handled in a way that can damage the protocol Impact Same logic is being deployed several times, for maintainability is hardly recommended to not copy paste same logic many times but inherit it. Also there is an issue in BorrowController with...

Can steal Fed contract's DOLA balance

Lines of code Vulnerability details Description Due to lack of protection control, it is possible to steal Fed contract's DOLA balance by using a malicious attackerMarket contract by callingFedtakeProfit public function. function takeProfitIMarket market public uint profit = getProfitmarket;...

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...