ArchonArchon
Public verified reportRun your own audit

Archon public report

MantleMiniRiskVault_Suite__3_contracts_

Mantle Mainnet · scan depth full-report · generated 6/16/2026, 5:37:10 PM

Risk Score

100

Archon completed a read-only Mantle Mainnet audit of MantleMiniRiskVault_Suite__3_contracts_ and found 46 deterministic findings. The highest-priority issue is Weak Prng, with risk score 100/100 based on severity-weighted findings. The `weakRandomPayout` function relies on the predictable blockchain parameters `block.timestamp`, `block.prevrandao`, and `msg.sender` as a source of entropy, making the generated random amount easily manipulable by miners/validators on Mantle. This enables an attacker to call the function and receive the maximum possible payout on every transaction. Review the recommended fixes and run regression tests before deployment.

Models used: Tencent Cloud TokenHub (deepseek-v4-pro) — AI reasoning served on Tencent Cloud TokenHub.

Findings

low: 21high: 8info: 11medium: 6critical: 0
SeverityFindingLocationConfidence
high

Weak Prng

The `weakRandomPayout` function relies on the predictable blockchain parameters `block.timestamp`, `block.prevrandao`, and `msg.sender` as a source of entropy, making the generated random amount easily manipulable by miners/validators on Mantle. This enables an attacker to call the function and receive the maximum possible payout on every transaction.

MantleMiniRiskVault_Suite__3_contracts_.sol:19990%
high

Unchecked Transfer

The `claimReward` function performs an external `transfer` call to send tokens before updating the `lastClaim` timestamp. This violates the checks-effects-interactions pattern and allows a reentrancy attack where the token's transfer callback re-enters `claimReward`, repeatedly claiming rewards before the timestamp is updated.

MantleMiniRiskVault_Suite__3_contracts_.sol:13295%
high

Unchecked Transfer

The weakRandomPayout function uses block.timestamp, block.prevrandao, and msg.sender as entropy sources, which can be manipulated by miners/validators and block builders, leading to predictable payout amounts. Additionally, the IERC20Like(token).transfer call does not check the return value, risking silent failures if the token returns false instead of reverting (e.g., some non-standard ERC20 tokens).

MantleMiniRiskVault_Suite__3_contracts_.sol:19990%
high

Unchecked Transfer

The deposit function does not check the return value of IERC20Like(token).transferFrom and IERC20Like(token).transfer. Some tokens (e.g., USDT, BNB) do not revert on failure and return false instead. If such a token is accidentally added to supportedTokens, transfers may silently fail, causing accounting discrepancies (credited balance without actual token receipt) or fees not being sent to treasury.

MantleMiniRiskVault_Suite__3_contracts_.sol:10795%
high

Unchecked Transfer

The withdraw function executes the token transfer before updating the user's balance, creating a reentrancy vulnerability. An attacker can re-enter the contract during the external call and drain funds by repeatedly withdrawing the same tokens.

MantleMiniRiskVault_Suite__3_contracts_.sol:14695%
high

Unchecked Transfer

The borrow function does not verify the success of the ERC-20 transfer. A failing transfer (e.g., token with return false or a non-compliant token) would not revert, leading to a state inconsistency where the debt is increased but the user receives no tokens.

MantleMiniRiskVault_Suite__3_contracts_.sol:15985%
high

Unchecked Transfer

The emergencySweep function sends tokens using `transfer` without checking the return value. If the transfer fails silently (e.g., by returning `false` instead of reverting), the emergency sweep will appear to succeed while the tokens remain stuck, breaking the emergency recovery mechanism.

MantleMiniRiskVault_Suite__3_contracts_.sol:21680%
medium

Reentrancy No Eth

The withdraw function transfers tokens before updating the user's balance. A reentrant call during the transfer could drain more tokens than the user is entitled to, by calling withdraw again before the balance is decremented. No ETH is involved, but any ERC20 token with a callback (e.g., ERC777 or tokens with `tokensReceived` hooks) can trigger reentrancy.

MantleMiniRiskVault_Suite__3_contracts_.sol:14690%
medium

Reentrancy No Eth

The `claimReward` function performs an external ERC20 transfer before updating the user's `lastClaim` timestamp. This creates a read-only reentrancy risk where a malicious token contract could re-enter the vault and read stale state, potentially inflating reward calculations in integrated protocols that depend on this state.

MantleMiniRiskVault_Suite__3_contracts_.sol:13290%
medium

Tx Origin

The `setOracleUnsafe` function uses `tx.origin` for authorization instead of `msg.sender`. This can be exploited through a phishing attack where a user is tricked into calling a malicious contract that calls the vault, bypassing intended access controls.

MantleMiniRiskVault_Suite__3_contracts_.sol:9395%
medium

Tx Origin

The emergencySweep function uses tx.origin for authorization, which can be vulnerable to phishing attacks. An attacker could trick the contract owner into calling a malicious contract that then invokes emergencySweep, stealing tokens even though the owner did not intend to sweep tokens to that address.

MantleMiniRiskVault_Suite__3_contracts_.sol:21690%
medium

Unused Return

The unsafeValue function calls `latestTimestamp()` but discards its return value. This prevents the contract from validating that the oracle price is recent, opening the door to using stale price data which could misprice assets.

MantleMiniRiskVault_Suite__3_contracts_.sol:17380%
low

Events Maths

The setFee function lacks an upper bound validation, which allows the owner to set the feeBps to any value, potentially exceeding 100%. This could result in unexpected fee calculations and operational disruptions.

MantleMiniRiskVault_Suite__3_contracts_.sol:8890%
low

Missing Zero Check

The setOracleUnsafe function does not check that newOracle is a non-zero address, potentially allowing the oracle to be set to address(0). This could break price feeds and cause denial of service or erroneous calculations.

MantleMiniRiskVault_Suite__3_contracts_.sol:9385%
low

Missing Zero Check

The constructor does not validate that _oracle and _treasury are non-zero addresses. Assigning the zero address could lead to a contract that is permanently malfunctioning or requires redeployment.

MantleMiniRiskVault_Suite__3_contracts_.sol:7850%
low

Reentrancy Benign

The deposit function performs external token transfers (transferFrom and transfer) before updating the user's balance. If the token is an ERC777 or has callbacks, a reentrancy attack could manipulate the state, though the impact is limited because the token must be supported and no critical state changes follow the balance update.

MantleMiniRiskVault_Suite__3_contracts_.sol:10760%
low

Reentrancy Events

Reentrancy Events was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:199-210. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:19974%
low

Reentrancy Events

Reentrancy Events was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:146-157. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:14674%
low

Reentrancy Events

Reentrancy Events was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:107-125. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:10774%
low

Reentrancy Events

Reentrancy Events was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:132-144. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:13274%
low

Reentrancy Events

Reentrancy Events was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:159-171. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:15974%
low

Timestamp

Timestamp was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:146-157. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:14674%
low

Timestamp

Timestamp was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:132-144. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:13274%
low

Constable States

Constable States was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:40. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:4074%
low

Immutable States

Immutable States was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:32. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:3274%
low

Immutable States

Immutable States was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:33. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:3374%
high

tx.origin authorization can be phished through proxy calls

tx.origin authorization can be phished through proxy calls was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:12. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:1286%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:21. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:2174%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:22. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:2274%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:107. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:10774%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:146. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:14674%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:159. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:15974%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:173. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:17374%
low

Review calldata parameter width

Review calldata parameter width was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:216. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:21674%
info

Replace long revert string with custom error

Replace long revert string with custom error was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:95. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:9574%
info

Replace long revert string with custom error

Replace long revert string with custom error was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:108. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:10874%
info

Replace long revert string with custom error

Replace long revert string with custom error was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:149. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:14974%
info

Replace long revert string with custom error

Replace long revert string with custom error was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:219. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:21974%
info

Mark never-changing value constant or immutable

Mark never-changing value constant or immutable was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:32. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:3274%
info

Cache repeated storage read

Cache repeated storage read was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:85. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:8574%
info

Cache repeated storage read

Cache repeated storage read was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:121. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:12174%
info

Use != 0 for unsigned non-zero checks

Use != 0 for unsigned non-zero checks was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:109. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:10974%
info

Use != 0 for unsigned non-zero checks

Use != 0 for unsigned non-zero checks was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:117. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:11774%
info

Use != 0 for unsigned non-zero checks

Use != 0 for unsigned non-zero checks was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:136. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:13674%
info

Use != 0 for unsigned non-zero checks

Use != 0 for unsigned non-zero checks was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:200. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:20074%
medium

Bitmap-pack boolean flags

Bitmap-pack boolean flags was detected from deterministic analysis at MantleMiniRiskVault_Suite__3_contracts_.sol:57. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used.

MantleMiniRiskVault_Suite__3_contracts_.sol:5774%