Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
Jul '25
Jun '25
Apr '25
Mar '25
high
medium
medium
medium
Feb '25
high
Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency
high
ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price
high
RAACNFT mint function receives funds to address(this) but has no way of withdrawing them
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Gauge period cannot be updated
high
`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Gauge rewards are not transferred to gauge when distributeRewards() is called
high
Ineffective Time-Weighted Average Implementation in Fee Distribution
high
Future Stakers Gains More Rewards from Already Accumulated `rewardPerTokenStored` Causing Unfair Reward Distribution
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
LendingPool::getNormalizedIncome() returns stale liquidity index
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management
medium
Incorrect Period Transition Logic in Reward Distribution
medium
Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`
medium
FeeCollector stakeholders may receive less fee distribution due to unnecessarily precision loss
medium
Usage rate is increased even when no debt is present in `LendingPool`
medium
Emission rate manipulation via temporary utilization spike in RAACMinter.sol
medium
Delegated Boost Persists Even If veRAAC Is Withdrawn/Reduced
low
Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions
low
Missing Controller Functions in GaugeController
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
low
Overwriting Previous Allocations in allocateFunds May Lead to Loss of Cumulative Allocation Data
Jan '25
high
Invalid `period` used in `Pool::transferReserveToAuction(...)` function leads to DoS of the `Auction` contract
high
Plaza token creation can be gamed when collateral level is <= 1.2
medium
Base mainnet ChainLink oracle is incompatible with `wstETH` causing issues for fetching the reserve token price
medium
Blacklisted `USDC` user could DoS the `Auction` contract
medium
Stuck funds in `BalancerRouter` when user exceeds `PreDeposit` deposit cap
medium
`BondEth` holders could end up claiming other users' `couponTokens`
medium
Precission loss in the Pool contract
Dec '24
Nov '24
94.59 USDC • 1 total finding • Sherlock • 056Security
Oct '24
high
medium
Sep '24
high
medium
Aug '24
high
Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function
high
Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.
high
Native token withdrawal fails until manually approved
high
`DeliveryPlace::settleAskTaker` Has Incorrect Access Control
high
Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode
high
The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.
high
[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds
high
Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.
high
`DeliveryPlace::settleAskTaker` Has Incorrect Access Control
high
Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort
high
The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.
high
Missing abort status check allows bid taker to steal users funds
low
`listOffer` Unsafely References Fungible Identifiers
Jul '24
high
`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`
high
The maximum number of generations is infinite
medium
Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale
medium
Forger Entities can forge more times than intended
medium
Duplicate NFT generation via repeated forging with the same parent
medium
`Golden God` Tokens can be minted twice per generation
high
Number of entities in generation can surpass the 10k number
high
Wrong minting logic based on total token count across generations
medium
Forger Entities can forge more times than intended
medium
Duplicate NFT generation via repeated forging with the same parent
medium
Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount
Jun '24
May '24