Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»Head Protocol Summary Summary -ACKEE Block Chain
HACKING NEWS

Head Protocol Summary Summary -ACKEE Block Chain

By Crypto FlexsFebruary 14, 20255 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Head Protocol Summary Summary -ACKEE Block Chain
Share
Facebook Twitter LinkedIn Pinterest Email

LEECH is a cross chain protocol that enables multi -to -yield agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural strategies.

methodology

We started reviewing using the contained static analysis tools. Wake up. Then I dive about the logic of the contract. After writing a simple unit test, we prepared A Manually derived differential forking fuzz test Protocol implementation and integration with external dependencies, including Velodrome V2 and Velodrome V3.

range

The audit was conducted on the strategy and commit strategy of the Velodrome V2 and Velodrome V3. ba2a75. The range is as follows:

  • Contract/Core /Leechrouter.sol
  • Contract/Core /Leechswapper.sol Contracts/Core/Banlist.sol Contracts/Core/Rewarder/Rewer.sol
  • Contract/Strategy/BASESTRATE.SOL
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stableFarm.sol
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stablechid
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3stableFarm.sol
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_LUSD.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_SDAI.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_usdc_susd.sol

The second amendment was performed at Commit. caafd3C1 correction has been included. Then the third amendment was performed at Commit. 4245d0Review of H1.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. warning or Information provision Severe rating.

Audit occurred 32 total results It ranges from information to important seriousness.. It was confirmed using 12 Wake upStatic analysis. The detailed output of WAKE Complete appreciation summary.

I confirmed the following during manual review.

  • External calls for unreliable contracts cannot be abused for re -creation.
  • Cross chain interaction is implemented correctly.
  • Arithmetic of internal accounting is correct.
  • Access control is not too comfortable or strict.
  • Token arithmetic inside the protocol matches documents and expectations.
  • The integration with external dependencies is implemented correctly. and
  • There are common problems such as data verification.

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

Threshold

C1: Lack of nuclear power in cross -chain transactions

The severity is high

H1: Donation Attack

Intermediate

M1: data.swapperAddress Not confirmed withdraw function

M2: The initialization function is vulnerable to the forefront

M3: strategy.poolShare Properties are not properly checked

Low severity

L1: If the bridge is not configured, no error has been reported.

L2: You can overwrite the pool configuration data

L3: Oracle Price Feed Data Validation Missing

L4: The external interaction with the chain link is not properly processed.

L5: Step 2 ownership is not used

Significance of warning

W1: Use transfer instead call

W2: Use directly token balance inspection balanceof(address(this)) Propose a security risk

W3: getter of pools It does not return all members of the complex structure

W4: Unnecessary token exchange in the withdrawal process

W5: The period of time overlaps in the reward distribution

W6: Account abstraction users cannot receive unused funds

W7: missing storage spacing

Information seriousness

I1: console.log Statement presented in the production code

I2: Declaration of unused custom error

i3: Unused Event Declaration

I4: Automatic computer function lacks access control

I5: Unused contract function

I6: Unused income

i7: Unused modification

i8: Not used using for

I9: Innocent msg.sender Verification of the role of pause function

i10: initializePosition Velodrome v3 strategy functions must be externally

I11: Unused functional parameters

i12: Inn unconsistent parameter name designation setRoutes Function in the Velodrome strategy

I13: Multiple Integrated Code that does not exist in the code base

i14: Unused interface and library

I15: Incorrect event name of Natspec documentation

Trust model

Users must trust.

  • Protocol FinalizerOff chain components that finish the cross chain transaction and take charge of withdrawal of all protocol funds; and
  • The LEECH protocol team correctly allocates yield compensation. Rewarder Contract because there is no automatic compensation collection mechanism.

conclusion

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

AcKee Blockchain Security recommends Leech.

  • Interesting the design of cross chain transactions in the protocol;
  • All chains Link Feed registry contracts that Leech maintain must provide the latest price feed and comply with the expected behavior.
  • Do not use .balanceOf(address(this)) Instead, directly calculate the token amount. and
  • Solve all other reports.

You can find the full LeECH audit report of AcKee Blockchain Security. here.

We were happy to be grateful for LEECH and expect to work with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025

AAVE gains strength as AAVE dominates defect loans with net deposits of $ 50B or more.

July 19, 2025

Summary of the Router Router

July 17, 2025
Add A Comment

Comments are closed.

Recent Posts

POLYMARKET will re -enter the United States after the acquisition of QCEX $ 112 million.

July 22, 2025

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025

Monarq Asset Management Appoints Sam Gaer As CIO To Lead Directional Strategy

July 21, 2025

Little PEPE surpasses $ 4 million in pre -sales, emerging as one of the main memes in 2025.

July 21, 2025

Bitcoin Price $ 123K Explosion -Trader Brace for Brake Out

July 20, 2025

Ether Lee Rium breaks $ 3K with 7,200% of the virus L2 coin eyes.

July 20, 2025

XRP Breaks Through $3.5! DL Mining Launches AI Cloud Mining Contracts, Earning Steady Profits Every Day

July 20, 2025

AAVE gains strength as AAVE dominates defect loans with net deposits of $ 50B or more.

July 19, 2025

As XRP Surges, DLMining Platform Opens New High-yield Cloud Mining Opportunities For Holders

July 19, 2025

Missed Out On Bitcoin At $9999? SIM Mining Cloud Mining Brings You New Opportunities For Wealth!

July 19, 2025

NFT is a rebound -there is a teenage NFTS this week.

July 19, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

POLYMARKET will re -enter the United States after the acquisition of QCEX $ 112 million.

July 22, 2025

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025

Monarq Asset Management Appoints Sam Gaer As CIO To Lead Directional Strategy

July 21, 2025
Most Popular

Guidelines for memes tokens: community and trust

February 16, 2025

5 Best Altcoins to Invest in Right Now March 20 – Stacks, AIOZ Network, The Sandbox

March 20, 2024

Namada launches mainnet, introduces shielded cross-chain transactions

December 3, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.