ConvexFinance
  • Welcome to Convex Finance
  • General Information
    • Convex for Curve.fi
      • Convex for CRV Stakers
      • Convex for Curve Liquidity Providers
      • Understanding cvxCRV
      • Voting and Gauge Weights
    • Convex for Frax Finance
      • Understanding cvxFXS
      • Understanding cvxFPIS
      • FPIS to FXS Migration
      • Convex for Frax Liquidity Providers
      • Voting and Gauge Weights
    • Convex for Prisma Finance
      • Understanding cvxPRISMA
      • Convex for PRISMA Boosts
      • Emission Votes and Gauge Weights
    • Convex for FX Protocol
      • Understanding cvxFXN
      • Voting and Governance
    • Tokenomics
    • Understanding CVX
      • Vote Locking
      • Vote Delegation
  • How-To Guides
    • Using Convex Finance
      • Staking Curve LP Tokens
      • Converting CRV + staking cvxCRV
      • Staking Frax LP Tokens
      • Staking CVX
      • Vote Locking CVX
    • Claiming Rewards
    • Claiming your Airdrop
  • FAQ
    • Platform Rewards: Current vs Projected APR
    • Contract Addresses
    • Fees
    • Risks
    • Audits
    • Convex Treasury
    • Multisig Admin Rights
    • Airdrops From Other Platforms
    • Bug Bounties
    • Known Issues
  • Links
  • Convex Finance
  • Blog
  • Github
  • Twitter
  • Curve.fi
  • Integration Docs
Powered by GitBook
On this page

Was this helpful?

  1. FAQ

Known Issues

PreviousBug Bounties

Last updated 3 years ago

Was this helpful?

Multisig Weakness and Mitigation

Convex has strived to be a trustless platform in which deposits can never be touched or accessed by the admin account.

Since launch we have determined a few vectors that would go against that stance and thus have implemented various checks and conditions that the admin account must clear before certain actions can be taken.

With the help from V (OpenZeppelin) and 0xJuicer/0xPhaedra0x (Tang Finance) we have implemented layers that either completely block some patterns or make it extremely difficult to put into action.

Additional Layers: poolManagerProxy: poolManagerSecondaryProxy: boosterOwner:

These layers, to our knowledge, successfully block most vectors that could be used. However there is still one known path that uses a series of fake gauges to create fake pools and exploits the shutdown system. We believe this has been sufficiently mitigated as the steps that must be taken are as follows:

  • Create a fake gauge for an existing pool and create an Curve DAO proposal to add said fake gauge

  • Pass Curve DAO proposal undetected (7 day voting period)

  • Give the fake gauge weight on Curve's gauge controller.

  • Shutdown an existing legit Convex pool. (Curve LP tokens are unstaked and returned to Booster contract)

  • Add a new pool on Convex that uses the fake gauge but legitimate LP tokens

  • Loop fake liquidity onto the gauge to increase Convex Deposit Tokens (deposit, withdraw directly from gauge, deposit again)

  • Call shutdownSystem() on Pool Manager Secondary Proxy. New pools can no longer be added

  • Call queueForceShutdown() on Booster Owner. A normal shutdown call will fail with the fake pool as there are more Convex Deposit Tokens than there are LP tokens, thus need to use this timelock shutdown feature.

  • Wait 30 days for the timelock to complete

  • Call forceShutdownSystem() on Booster Owner

  • Withdraw real Curve LP tokens using the illegitimate Convex Deposit Tokens

We believe this process which requires a DAO proposal, shutting down a legitimate pool, and waiting for a 30 day timelock should be sufficient mitigation. We are writing this process here as well so that this weakness is known and can be detected.

0x5F47010F230cE1568BeA53a06eBAF528D05c5c1B
0xD20904e5916113D11414F083229e9C8C6F91D1e1
0x3cE6408F923326f81A7D7929952947748180f1E6