Portfolio

Compiled below is collection of my most interesting and notable publicly shareable findings identified during engagements as a Lead Security Researcher for Cyfrin:

The Standard Auto Redemption

• Hypervisor collateral redemption can cause vaults to become undercollateralized due to slippage.

• Vaults can be made erroneously liquidatable due to incorrect swap path.

• AutoRedemption::fulfillRequest should never be allowed to revert.

• USDs redemption calculation can be manipulated due to unsafe signed-unsigned cast.

• Automation and redemption could be artificially manipulated due to use of instantaneous sqrtPriceX96.

BENQI Ignite

• Zeeve admin could drain ValidatorRewarder by abusing off-chain BLS validation due to QI rewards being granted to failed registrations

• Ignite fee is not returned for pre-validated QI stakes in the event of registration failure.

• Redemption of failed registration fees and pre-validated QI is not guaranteed to be possible.

• Redemption of slashed registrations could result in DoS due to incorrect state update.

• The default admin role controls all other roles within StakingContract.

One World Project

• DAO creator can inflate their privileges to mint/burn membership tokens, steal profits, and abuse approvals to MembershipERC1155.

• MembershipERC1155 profit tokens can be drained due to missing lastProfit synchronization when minting and claiming profit.

• MembershipERC1155::sendProfit can be front-run by calls to MembershipFactory::joinDAO to steal profit from existing DAO members.

The Standard Smart Vault

• USDs stability can be compromised as collateral can be stolen by removing Hypervisor tokens directly from a vault without repaying USDs debt.

• USDs stability can be compromised as collateral deposited to Gamma vaults is not considered during liquidation.

• USDs self-backing breaks assumptions around economic peg-maintenance incentives.

• USD stablecoins are incorrectly assumed to always be at peg.

Chaos Labs Risk Oracle

• Incorrect state update in RiskOracle::_processUpdate.

Solidly V2 Memecore

• Locks can be created with expiry in the past.

Wormhole EVM NTT

• Queued transfers can become stuck on the source chain if new Transceivers are added or existing Transceivers are modified before completion.

• Silent overflow in TrimmedAmount::shift could result in rate limiter being bypassed.

Beanstalk BIP-39

• Failure to add modified facets and facets with modified dependencies to bips::bipSeedGauge breaks the protocol.

• The previous milestone stem should be scaled for use with the new gauge point system which uses untruncated values moving forward.

• Incorrect calculation of unmigrated BDVs for use in InitBipSeedGauge::init.

Beanstalk BIP-38

• Insufficient validation of new Fertilizer IDs allow for a denial-of-service (DoS) attack on SeasonFacet::gm when above peg, once the last element in the FIFO is paid.

• Flood mechanism is susceptible to DoS attacks by a frontrunner, breaking re-peg mechanism when BEAN is above 1 USD.

Beanstalk

• FarmFacet functions are susceptible to the draining of intermediate value sent by the caller via reentrancy when execution is handed off to an untrusted external contract.

• Intermediate value sent by the caller can be drained via reentrancy when Pipeline execution is handed off to an untrusted external contract.

Sudoswap v2

• Specified minOutput will remain locked in LSSVMRouter::swapNFTsForSpecificNFTsThroughETH.

Oku Trade

• A malicious user can cancel an ITM order at a given target tick by calling LimitOrderRegistry::cancelOrder with the opposite direction, separated by one tick space.

• New orders on a given pool in the opposite direction, separated by zero/one tick space, are not possible until previous BatchOrder is removed from the order book

Miscellaneous

I have previously participated in the occasional contest, some interesting findings from which can be found below:

• BaseV2Gauge bribe assets are not removed from multiRewardsDepot when calling BaseV2Gauge::removeBribeFlywheel.

• Recapitalisation resulting in fewer than 1000 shares can result in a share price manipulation attack.

• Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF.

• Frontrunning deployCounterFactualWallet.

• Storage collision attack in delegatecall to target contract.

• MIMOProxy permissions manipulation and denial-of-service.

A full list can be found here. Note that most, if not all, were completed early-on in my journey as a security researcher and/or under significant time constraints.