Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Head Protocol Summary Summary -ACKEE Block Chain
HACKING NEWS

Head Protocol Summary Summary -ACKEE Block Chain

By Crypto FlexsFebruary 14, 20255 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Head Protocol Summary Summary -ACKEE Block Chain
Share
Facebook Twitter LinkedIn Pinterest Email

LEECH is a cross chain protocol that enables multi -to -yield agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural agricultural strategies.

methodology

We started reviewing using the contained static analysis tools. Wake up. Then I dive about the logic of the contract. After writing a simple unit test, we prepared A Manually derived differential forking fuzz test Protocol implementation and integration with external dependencies, including Velodrome V2 and Velodrome V3.

range

The audit was conducted on the strategy and commit strategy of the Velodrome V2 and Velodrome V3. ba2a75. The range is as follows:

  • Contract/Core /Leechrouter.sol
  • Contract/Core /Leechswapper.sol Contracts/Core/Banlist.sol Contracts/Core/Rewarder/Rewer.sol
  • Contract/Strategy/BASESTRATE.SOL
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stableFarm.sol
  • Contract/Strategy/Agriculture/Velodrome/Strategy Velodromev2stablechid
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3stableFarm.sol
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_LUSD.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_USDC_SDAI.SOL
  • Contract/Strategy/Agriculture/Velodromev3/Strategy Velodromev3_usdc_susd.sol

The second amendment was performed at Commit. caafd3C1 correction has been included. Then the third amendment was performed at Commit. 4245d0Review of H1.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. warning or Information provision Severe rating.

Audit occurred 32 total results It ranges from information to important seriousness.. It was confirmed using 12 Wake upStatic analysis. The detailed output of WAKE Complete appreciation summary.

I confirmed the following during manual review.

  • External calls for unreliable contracts cannot be abused for re -creation.
  • Cross chain interaction is implemented correctly.
  • Arithmetic of internal accounting is correct.
  • Access control is not too comfortable or strict.
  • Token arithmetic inside the protocol matches documents and expectations.
  • The integration with external dependencies is implemented correctly. and
  • There are common problems such as data verification.

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

Threshold

C1: Lack of nuclear power in cross -chain transactions

The severity is high

H1: Donation Attack

Intermediate

M1: data.swapperAddress Not confirmed withdraw function

M2: The initialization function is vulnerable to the forefront

M3: strategy.poolShare Properties are not properly checked

Low severity

L1: If the bridge is not configured, no error has been reported.

L2: You can overwrite the pool configuration data

L3: Oracle Price Feed Data Validation Missing

L4: The external interaction with the chain link is not properly processed.

L5: Step 2 ownership is not used

Significance of warning

W1: Use transfer instead call

W2: Use directly token balance inspection balanceof(address(this)) Propose a security risk

W3: getter of pools It does not return all members of the complex structure

W4: Unnecessary token exchange in the withdrawal process

W5: The period of time overlaps in the reward distribution

W6: Account abstraction users cannot receive unused funds

W7: missing storage spacing

Information seriousness

I1: console.log Statement presented in the production code

I2: Declaration of unused custom error

i3: Unused Event Declaration

I4: Automatic computer function lacks access control

I5: Unused contract function

I6: Unused income

i7: Unused modification

i8: Not used using for

I9: Innocent msg.sender Verification of the role of pause function

i10: initializePosition Velodrome v3 strategy functions must be externally

I11: Unused functional parameters

i12: Inn unconsistent parameter name designation setRoutes Function in the Velodrome strategy

I13: Multiple Integrated Code that does not exist in the code base

i14: Unused interface and library

I15: Incorrect event name of Natspec documentation

Trust model

Users must trust.

  • Protocol FinalizerOff chain components that finish the cross chain transaction and take charge of withdrawal of all protocol funds; and
  • The LEECH protocol team correctly allocates yield compensation. Rewarder Contract because there is no automatic compensation collection mechanism.

conclusion

The most serious discovery C1 uses the cross chain. LeechRouter Due to the non -commerce of cross chain transactions run by the protocol. This important vulnerability has been found in the already deployed LEECH protocol agreement. In several chains, including optimism and Binance smart chain.

Ackee Blockchain Security started the immediate responsible disclosure in LEECH as soon as the result was found. Thanks to the rapid participation, all assets were protected by pause the cross chain transactions.

AcKee Blockchain Security recommends Leech.

  • Interesting the design of cross chain transactions in the protocol;
  • All chains Link Feed registry contracts that Leech maintain must provide the latest price feed and comply with the expected behavior.
  • Do not use .balanceOf(address(this)) Instead, directly calculate the token amount. and
  • Solve all other reports.

You can find the full LeECH audit report of AcKee Blockchain Security. here.

We were happy to be grateful for LEECH and expect to work with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Binance’s new Defi Initiative sparked Rollish Momentum, and BNB hit a new ATH of more than $ 900.

September 13, 2025

Manual guide: beginner guide

September 11, 2025

The August password hacking was $ 163 million as the risk of Exchange increased.

September 7, 2025
Add A Comment

Comments are closed.

Recent Posts

Rabby Wallet integrates XRPL EVM chain with peersyst

September 15, 2025

Stop Dreaming About The Lottery. Join H Mining And Start Earning!

September 14, 2025

Web3 EXEC warns that the US dollar Stablecoin end game is not priced.

September 14, 2025

Binance’s new Defi Initiative sparked Rollish Momentum, and BNB hit a new ATH of more than $ 900.

September 13, 2025

Top 5 Crypto PR Agencies to Scale Your Blockchain Project in Europe

September 13, 2025

The price of Etherrium surges beyond $ 4,500. -Main level for monitoring more profits

September 12, 2025

BNBCapital Emerges As Top Immutable DeFi Protocol With 239% Returns And Zero Admin Functions

September 12, 2025

MEXC Enhances Futures Trading With Multi-Asset Margin Mode Across 14 Tokens

September 12, 2025

Ethereum Based Meme Coin Pepeto Presale Past $6.6 Million As Exchange Demo Launches

September 12, 2025

BlockchainFX Raises $7.24M In Presale As First Multi-Asset Super App Connecting Crypto, Stocks, And Forex Goes Live In Beta

September 12, 2025

Phemex Launches Multi-Assets Mode To Enhance Trading Efficiency And Risk Management

September 12, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Rabby Wallet integrates XRPL EVM chain with peersyst

September 15, 2025

Stop Dreaming About The Lottery. Join H Mining And Start Earning!

September 14, 2025

Web3 EXEC warns that the US dollar Stablecoin end game is not priced.

September 14, 2025
Most Popular

China’s ‘Point Running’ Cryptocurrency Scam: Pig Slaughterers Kidnap Children: Asia Express

September 12, 2024

GitHub reduces iOS app testing time by 60% with new Runner feature.

June 4, 2024

BTC price risks falling $62,000 as Bitcoin sellers return to exchanges.

June 19, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.