Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Mar '25
Jan '25
Dec '24
Nov '24
Jul '24
May '24
high
Improper implementation of the `PositionMarginProcess.updatePositionFromBalanceMargin()` function.
medium
Incorrect `collateralUserCap` check in the `AssetsProcess.deposit()` function.
medium
No modifications to the `CommonData` while updating the position margin.
medium
The `AccountFacet` contract lacks a gas refund mechanism for the keeper.
Apr '24
high
Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
Kerosene collateral is not being moved on liquidation, exposing liquidators to loss
high
Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply
high
Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)
high
Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults
medium
Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position
medium
No incentive to liquidate when CR <= 1 as asset received < dyad burned