Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»Head Protocol Summary Summary -ACKEE Block Chain
HACKING NEWS

Head Protocol Summary Summary -ACKEE Block Chain

By Crypto FlexsFebruary 14, 20255 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Head Protocol Summary Summary -ACKEE Block Chain
Share
Facebook Twitter LinkedIn Pinterest Email

LEECH is a cross chain protocol that enables multi -to -yield agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural strategies.

methodology

We started reviewing using the contained static analysis tools. Wake up. Then I dive about the logic of the contract. After writing a simple unit test, we prepared A Manually derived differential forking fuzz test Protocol implementation and integration with external dependencies, including Velodrome V2 and Velodrome V3.

range

The audit was conducted on the strategy and commit strategy of the Velodrome V2 and Velodrome V3. ba2a75. The range is as follows:

  • Contract/Core /Leechrouter.sol
  • Contract/Core /Leechswapper.sol Contracts/Core/Banlist.sol Contracts/Core/Rewarder/Rewer.sol
  • Contract/Strategy/BASESTRATE.SOL
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stableFarm.sol
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stablechid
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3stableFarm.sol
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_LUSD.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_SDAI.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_usdc_susd.sol

The second amendment was performed at Commit. caafd3C1 correction has been included. Then the third amendment was performed at Commit. 4245d0Review of H1.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. warning or Information provision Severe rating.

Audit occurred 32 total results It ranges from information to important seriousness.. It was confirmed using 12 Wake upStatic analysis. The detailed output of WAKE Complete appreciation summary.

I confirmed the following during manual review.

  • External calls for unreliable contracts cannot be abused for re -creation.
  • Cross chain interaction is implemented correctly.
  • Arithmetic of internal accounting is correct.
  • Access control is not too comfortable or strict.
  • Token arithmetic inside the protocol matches documents and expectations.
  • The integration with external dependencies is implemented correctly. and
  • There are common problems such as data verification.

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

Threshold

C1: Lack of nuclear power in cross -chain transactions

The severity is high

H1: Donation Attack

Intermediate

M1: data.swapperAddress Not confirmed withdraw function

M2: The initialization function is vulnerable to the forefront

M3: strategy.poolShare Properties are not properly checked

Low severity

L1: If the bridge is not configured, no error has been reported.

L2: You can overwrite the pool configuration data

L3: Oracle Price Feed Data Validation Missing

L4: The external interaction with the chain link is not properly processed.

L5: Step 2 ownership is not used

Significance of warning

W1: Use transfer instead call

W2: Use directly token balance inspection balanceof(address(this)) Propose a security risk

W3: getter of pools It does not return all members of the complex structure

W4: Unnecessary token exchange in the withdrawal process

W5: The period of time overlaps in the reward distribution

W6: Account abstraction users cannot receive unused funds

W7: missing storage spacing

Information seriousness

I1: console.log Statement presented in the production code

I2: Declaration of unused custom error

i3: Unused Event Declaration

I4: Automatic computer function lacks access control

I5: Unused contract function

I6: Unused income

i7: Unused modification

i8: Not used using for

I9: Innocent msg.sender Verification of the role of pause function

i10: initializePosition Velodrome v3 strategy functions must be externally

I11: Unused functional parameters

i12: Inn unconsistent parameter name designation setRoutes Function in the Velodrome strategy

I13: Multiple Integrated Code that does not exist in the code base

i14: Unused interface and library

I15: Incorrect event name of Natspec documentation

Trust model

Users must trust.

  • Protocol FinalizerOff chain components that finish the cross chain transaction and take charge of withdrawal of all protocol funds; and
  • The LEECH protocol team correctly allocates yield compensation. Rewarder Contract because there is no automatic compensation collection mechanism.

conclusion

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

AcKee Blockchain Security recommends Leech.

  • Interesting the design of cross chain transactions in the protocol;
  • All chains Link Feed registry contracts that Leech maintain must provide the latest price feed and comply with the expected behavior.
  • Do not use .balanceOf(address(this)) Instead, directly calculate the token amount. and
  • Solve all other reports.

You can find the full LeECH audit report of AcKee Blockchain Security. here.

We were happy to be grateful for LEECH and expect to work with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

$ 90m NOBITEX HACK: Fault by layer

July 1, 2025

Safe smart account audit summary

June 27, 2025

Encryption Inheritance Update: June 2025

June 25, 2025
Add A Comment

Comments are closed.

Recent Posts

$ 90m NOBITEX HACK: Fault by layer

July 1, 2025

Block3 Unveils Prompt-To-Game AI Engine As Presale Launches

July 1, 2025

$70M Committed To Boba Network As Foundation Concludes BOBA Token Agreement With FTX Recovery Trust

July 1, 2025

Limitless Raise $4m Strategic Funding, Launch Points Ahead Of TGE

July 1, 2025

Take Advantage Of BJMining’s Passive Income Opportunities As The XRP Ecosystem Rises

July 1, 2025

Circle is looking for a US Trust Bank Charter for USDC Reserve Management.

July 1, 2025

Hyra Network Honored As “Technology Startup Of The Year” At The 2025 Globee® Awards

July 1, 2025

Shheikh.io Launches SHHEIKH Token Presale For Blockchain-Backed Real‑World Asset Investments

June 30, 2025

What should I do with encryption?

June 30, 2025

AAS Miner Will Become The Top Free Cloud Mining Platform For Passive Income From Mining Cryptocurrencies Such As BTC And ETH In 2025

June 30, 2025

Bitcoin is integrated into less than $ 108,000, but the eyes are set for $ 115,000.

June 29, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

$ 90m NOBITEX HACK: Fault by layer

July 1, 2025

Block3 Unveils Prompt-To-Game AI Engine As Presale Launches

July 1, 2025

$70M Committed To Boba Network As Foundation Concludes BOBA Token Agreement With FTX Recovery Trust

July 1, 2025
Most Popular

MicroStrategy secures an additional 14,620 bitcoins for $615 million.

December 28, 2023

dogwifhat (WIF) Trader Secures $24 Million Profit Despite Bearish Market Pattern

August 5, 2024

Coinbase-backed DeSo SocialFi App Focus Raises $75 Million in One Week – Blockchain News, Opinion, TV & Careers

February 7, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.