Critical Findings
Missing Activation Epoch Check in Join
Severity: Critical
Ecosystem: Sui
Protocol: Walrus
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2025
Description: StakedWal in the withdrawal state only checks the withdraw_epoch, while the activation epoch check is missing. This oversight causes reward calculation issues and potential exploitation of the reward distribution mechanism.
New Users Can Get Rewarded Immediately
Severity: Critical
Ecosystem: Sui
Protocol: Dola
Auditor: MoveBit
Report: https://movebit.xyz/reports/Dola-Protocol-Final-Audit-Report.pdf
Report Date: Feb 2024
Description: The update_user_reward function calculates the delta_index between the user's last_update_reward_index and the reward_index in the pool. For new users, index_rewards_paid defaults to 0, allowing them to claim rewards from the entire reward_index range immediately, causing protocol reward losses.
Stealing of liquidity rewards in stability_pool
Severity: Critical
Ecosystem: Aptos
Protocol: Thala Labs Aptos Dollar
Auditor: Zellic
Report Date: Oct 2022
Description:
There is nothing to enforce that depositors of APD who are compensated from profitable liquidatable events actually deposited APD prior to the profitable liquidation event and hence exposure to loss. The protocol now requires providers to hold funds for 24 hours or incur a linear fee.
Riskless liquidation rewards in stability_pool
Severity: Critical
Ecosystem: Aptos
Protocol: Thala Labs Aptos Dollar
Auditor: Zellic
Report Date: Oct 2022
Description:
Because there is no timelock, attacker can liquidate themselves when it optimizes profit of the stability pool.
Redemption mechanism allows uncollateralized vaults to escape liquidation penalization
Severity: Critical
Ecosystem: Aptos
Protocol: Thala Labs Aptos Dollar
Auditor: Zellic
Report Date: Oct 2022
Description:
Within vault::redeem_collateral, in the event that collateral_usd < debt_usd and collateral_usd < remained_debt_coin prior to the call to repay_interal, and a remained_debt_coin > 0 after the call to repay_internal, the full collateral of the vault will be removed and an amount of debt equal to the collateral amount will be paid. However, the vault will hold a debt equal to debt_usd - collateral_usd.
Adversarial Order Eviction
Severity: Critical
Ecosystem: Aptos
Protocol: Econia
Auditor: Zellic
Report: https://github.com/Zellic/publications/blob/master/Econia%20-%20Zellic%20Audit%20Report.pdf
Report Date: Jan 2023
Description:
An attacker can cause legitimate orders to be evicted from the structure, effectively cancelling them. The protocol does not take a fee when a user places a trade, and orders can be cancelled within the same transaction.
The Constant Product Rule is Compromised, Enabling Pool Draining
Severity: Critical
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
If a hacker exploits this mechanism using flash loans to repeatedly swap X for Y, the continuous reduction in k breaks the x * y = k formula. When the quantity of token Y in the pool becomes extremely low, indicating a significantly high value for token Y, a hacker can exploit this situation. With a minimal amount of token Y, the hacker can efficiently exchange for a substantial portion of token X from the pool.
update Function Will Reset The Broker
Severity: Critical
Ecosystem: Aptos
Protocol: Superposition
Auditor: MoveBit
Report: https://movebit.xyz/reports/Superposition-Final-Audit-Report.pdf
Report Date: Mar 2024
Description:
In the broker.move , update function may be used to update some parameters of a broker. But currently, the update function will reset everything to 0, which destroys the broker. If any user deposits to this broker, then they will lose all their fund.
Improper Enqueue Implementation in Queue
Severity: Critical
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2022
Description:
In the queue::enqueue function, there is an issue when inserting a new node. Attempting this after removing nodes will cause a new node to be created, but referenced incorrectly.
Tail Not Updating on Node Removal
Severity: Critical
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2022
Description:
In the queue::remove function, the tail node is never updated. This means that whenever a lone root node or a tail node is removed, any subsequent procedures involving the tail node will be incorrect because the tail is not getting updated by this function.
Improper Splay Tree Node Removal
Severity: Critical
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2022
Description:
In the splay_tree::remove_node function, there is an issue while removing the root node of the tree, having a right child to the min node of right sub-tree. This scenario leads to the de-referencing of the right child. This is because the left of its parent is set to sentinel without considering the right child of the min node in the right sub-tree This causes the child to lose its reference. Users could lose funds if their orders become inaccessible.
Improper Accumulator Updates
Severity: Critical
Ecosystem: Aptos
Protocol: Thala Labs
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2023
Description:
stake and unstake update parameters for thl coin rewards, which are also affected by the stake_amount. As a result, altering the stake amount may cause incorrect calculations of extra rewards.This vulnerability may be exploited by a malicious user who takes out a flash loan to significantly increase their stake_amount, enabling them to collect rewards for the newly added stake. stakeandunstakeshouldfirst update the accumulatorfor extra rewards usingclaim_extra_reward before modifying the stake amount. This can be achieved by creating a vector to store the names of all extra reward coins and using them in the claim function.
Improper Accumulator Updates
Severity: Critical
Ecosystem: Aptos
Protocol: Thala
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description:
stake and unstake update parameters for thl coin rewards, which are also affected by the stake_amount. As a result, altering the stake amount may cause incorrect calculations of extra rewards. A malicious user may exploit this vulnerability and take out a flash loan to increase their stake_amount, enabling them to collect rewards for the newly added stake.
Logic Flaw in Time Check
Severity: Critical
Ecosystem: Aptos
Protocol: Aptos Labs Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
is_block_flowback_end_time_ok is checking the condition incorrectly. If block_flowback_end_time is zero, the first condition ( block_flowback_end_time != 0 ) evaluates to false, and the function will never abort, as the second condition ( timestamp < block_flowback_end_time ) will also evaluate to false because timestamp::now_seconds will always be greater than or equal to zero.
Incorrect Issuance Value Recording
Severity: Critical
Ecosystem: Aptos
Protocol: Aptos Labs Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
compliance_service::create_issuance_information explicitly sets value to zero rather than utilizing the _value parameter, which implies that all recorded issuances will have a value of zero instead of the actual issuance amount. Because every issuance is recorded with a value of zero, the issuance information stored in issuances_values will not accurately represent the actual amounts.
Incorrect Lock Removal Logic
Severity: Critical
Ecosystem: Aptos
Protocol: Aptos Labs Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
remove_lock_record_for_investor in lock_manager is intended to swap the lock record at lock_index with the last lock in the investor’s lock list, then reduce the count of locks by one. However, the implementation incorrectly overwrites the lock at lock_index with itself, which implies that the last lock is removed instead of the one at lock_index .
Bypassing Funds Repayment via Double Upscaling
Severity: Critical
Ecosystem: Aptos
Protocol: Thala Swap + Math V2
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Jan 2025
Description:
The vulnerability arises from double upscaling during the repayment process in pay_flashloan when handling meta-stable pools. Specifically, pay_flashloan upscales balance_after_flashloan twice. When handling meta-stable pools the funds are multiplied by their value derived from an oracle. As a result the post-repayment invariant computation utilizes an incorrectly scaled value.