High
Solo
Total
Medium
Solo
Total
Total Earnings
#3 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Mar '25
Collaborative Audit • Sherlock • 0x52
Collaborative Audit • Sherlock • 0x52
Jan '25
high
BondOracleAdapter will cause massive loss of funds for a large number of bond tokens
high
Pool fee collection methodology will incorrect penalize depositors
high
Pool#transferReserveToAuction is completely broken
high
Leverage user can avoid paying fees to bond holders by withdrawing before auction ends
high
Malicious user can sandwich Pool#startAuction with flashloan to completely drain pool
medium
BondOracleAdapter#getPool methodology can be abused to cause oracle to reference low liquidity pool
medium
Precision loss in leverage redeemRate calculation will cause loss to leverage tokens
medium
Auction date will drift irreversibly forward over time leading to loss of yield for bond holders
medium
Rounding loss in Auction#slotSize allows malicious user to force auction to be undersold
medium
Payments from failed auctions can be claimed leading to indefinite DOS on other legitimate claims
medium
Incorrect dp scaling for marketRate will cause lose to other users if bond market price is low
medium
Blacklisted bidders can force auction to pay them a very high price
medium
BalancerRouter is implemented incorrectly and will cause loss of funds when depositing to predeposits
Dec '24
Findings not publicly available for private contests.
Oct '24
Jul '24
Jan '24
Dec '23
Nov '23
high
Token#updateFounders fails to properly clear tokenRecipient mapping causing improper token distribution
high
Adversary can permanently brick auctions due to precision error in Auction#_computeTotalRewards
medium
MerkleReserveMinter minting methodology is incompatible with current governance structure and can lead to migrated DAOs being hijacked immediately
Oct '23
high
Adversary can reenter takeOverDebt() during liquidation to steal vault funds
high
Creditor can maliciously burn UniV3 position to permanently lock funds
high
Slippage controls inside _restoreLiqudity are ineffective allowing repay() calls to be sandwiched and all profits stolen
medium
Adversary can overwrite function selector in _patchAmountAndCall due to inline assembly lack of overflow protection
medium
Blacklisted creditor can block all repayment besides emergency closure
medium
Protocol is incompatible with ZkSync Era due to differences in address deviation
Aug '23
high
CurveTricryptoOracle#getPrice contains math error that causes LP to be priced completely wrong
high
CVX/AURA distribution calculation is incorrect and will lead to loss of rewards at the end of each cliff
high
Stable BPT valuation is incorrect and can be exploited to cause protocol insolvency
high
CurveTricryptoOracle incorrectly assumes that WETH is always the last token in the pool which leads to bad LP pricing
medium
AuraSpell#closePositionFarm exits pool with single token and without any slippage protection
medium
AuraSpell#closePositionFarm will take reward fees on underlying tokens when borrow token is also a reward
medium
Adversary can abuse hanging approvals left by PSwapLib.swap to bypass reward fees
medium
ConvexSpell is completely broken for any curve LP that utilizes native ETH
medium
Issue #47 from Update #1 is still present in ConvexSpell
medium
WAuraPools doesn't correctly account for AuraStash causing all deposits to be permanently lost
medium
Mainnet oracles are incompatible with wstETH causing many popular yields strategies to be broken
Jul '23
medium
No check for sequencer uptime can lead to dutch auctions executing at bad prices
medium
Full inventory asset purchases can be DOS'd via frontrunning
medium
Exponential and logarithmic price adapters will return incorrect pricing when moving from higher dp token to lower dp token
medium
BoundedStepwiseExponentialPriceAdapter#getPrice uses incorrect order of operation when calculating priceChange
medium
Target raises can be highly damaging for dutch auctions with multiple components
medium
Manger has no way to disable target raises after enabling them
Jun '23
high
Malicious user can permanently break VUSD#processWithdrawals by returning huge amounts of data
high
Failed withdrawals from VUSD#processWithdrawals will be lost forever
high
Rogue validators can manipulate funding rates and profit unfairly from liquidations
medium
Malicious user can grief withdrawing users via VUSD reentrancy
medium
Malicious users can donate/leave dust amounts of collateral in contract during auctions to buy other collateral at very low prices
medium
MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change
medium
Funding settlement will be DOS'd for a time after the phaseID change of an underlying chainlink aggregator
May '23
high
supplyNativeToken will strand ETH in contract if called after ACTION_DEFER_LIQUIDITY_CHECK
medium
PriceOracle.sol will return the wrong price for asset if underlying aggregator hits minAnswer
medium
PriceOracle#getPriceFromChainlink may return stale data
medium
PriceOracle#getPriceFromChainlink fails to check Arbitrum/Optimism Sequencer uptime
high
eMode implementation is completely broken
high
_calculateMaxBorrowCollateral calculates repay incorrectly and can lead to set token liquidation
medium
AaveLeverageStrategyExtension and underlying AaveV3 oracles may diverge
medium
Relying solely on oracle base slippage parameters can cause significant loss due to sandwich attacks
high
AuraSpell#openPositionFarm fails to return all rewards to user
high
ShortLongSpell#openPosition uses the wrong balanceOf when determining how much collateral to put
medium
BalancerPairOracle will return highly incorrect price if one token isn't 18 dp
medium
ShortLongSpell#openPosition attempts to burn wrong token
medium
Updating the feeManger on config will cause desync between bank and vaults
high
Escrow approvals are not cleared when club is transferred allowing for abuse after transfer
high
Malicious users can honeypot other users by transferring out ERC20 and ERC721 tokens right before sale
medium
Users can bypass Player royalties on EIP2981 compatible markets by selling clubs as a whole
medium
Merkle leaf values for _clubDivsMerkleRoot are 64 bytes before hashing which can lead to merkle tree collisions
Apr '23
high
AuraSpell#openPositionFarm uses incorrect join type for balancer
high
Users are forced to swap all reward tokens with no slippage protection
high
ConvexSpell#closePositionFarm removes liquidity without any slippage protection
high
ShortLongSpell#_withdraw checks slippage limit but never applies it making it useless
high
WAuraPools will irreversibly break if reward tokens are added to pool after deposit
high
UserData for balancer pool exits is malformed and will permanently trap users
high
IchiSpell applies slippage to sqrtPrice which is wrong and leads to unpredictable slippage
high
Balance check for swapToken in ShortLongSpell#_deposit is incorrect and will result in nonfunctional contract
high
ShortLongSpell#openPosition can cause user unexpected liquidation when increasing position size
high
Pending CRV rewards are not accounted for and can cause unfair liquidations
medium
BlueBerryBank#getPositionValue causes DOS if reward token is added that doens't have an oracle
medium
Issue 290 from previous contest has not been fully addressed by fixes
medium
Issue 94 from previous contest has not been fixed
medium
AuraSpell#closePositionFarm requires users to swap all reward tokens through same router
medium
rewardTokens removed from WAuraPool/WConvexPools will be lost forever
high
All allowances to DepositStableCoinToDealer and GeneralRepay can be stolen due to unsafe call
medium
JUSDBank users can bypass individual collateral borrow limits
medium
FlashLoanLiquidate#JOJOFlashLoan doesn't allow user to specify any slippage conditions
medium
chainlinkAdaptor uses the same heartbeat for both feeds which is highly dangerous
medium
GeneralRepay#repayJUSD returns excess USDC to `to` address rather than msg.sender
high
CollateralManager#commitCollateral can be called on an active loan
high
CollateralManager#commitCollateral can be called by anyone
high
CollateralManager#commitCollateral overwrites collateralInfo._amount if called with an existing collateral
high
CollateralManager#setCollateralEscrowBeacon lacks access control allowing anyone to set the beacon implementation and steal all escrowed funds
high
Malicious user can abuse UpdateCommitment to create commitments for other users
medium
LenderCommitmentForwarder#updateCommitment can be front-run by malicious borrower to cause lender to over-commit funds
Mar '23
high
Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )
high
Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol
high
Reth `poolPrice` calculation may overflow
medium
Non-ideal rETH/WETH pool used pays unnecessary fees
high
Adversary can sandwich oracle updates to exploit vault
high
minTokenAmounts_ is useless in new configuration and doesn't provide any real slippage protection
high
Adversary can stake LP directly for the vault then withdraw to break lp accounting in BLVaultManagerLido
high
Users can abuse discrepancies between oracle and true asset price to mint more OHM than needed and profit from it
medium
stETH/ETH chainlink oracle has too long of heartbeat and deviation threshold which can cause loss of funds
medium
Multiple functions aren't payable so quotes that require protocol fees won't work correctly
medium
Multiple functions may leave excess funds in the contract that should be returned
medium
Periphery#_swapPTsForTarget won't work correctly if PT is mature but redeem is restricted
medium
fillQuote uses transfer instead of call which can break with future updates to gas costs
high
Carousel#enlistInRollover incorrectly updates ownerToRollOverQueueIndex for existing positions
high
Adversary can break deposit queue and cause loss of funds
medium
VaultFactoryV2#changeTreasury misconfigures the vault
medium
Null epochs will freeze rollovers
medium
Emissions sent to vault with null epoch will be lost forever
Feb '23
high
Precision differences when calculating userCollateralRatioMantissa causes major issues for some token pairs
high
First depositor can abuse exchange rate to steal funds from later depositors
medium
Fee share calculation is incorrect
medium
Operator can cause fee shares to be minted to address(0)
medium
transferFrom uses allowance even if spender == from
Findings not publicly available for private contests.
high
Adversary can economically exploit wstETHLiquidityVault
high
User can drain entire reward balance due to accounting issue in _claimInternalRewards and _claimExternalRewards
medium
Removed reward tokens will no longer be claimable and will cause loss of funds to users who haven't claimed
medium
Internal reward tokens can and likely will over commit rewards
medium
Adding an internal reward token that begins accrual at a future time will DOS the entire vault
medium
Reward tokens can never be added again once they are removed without breaking rewards completely
medium
rescueToken doesn't update rewardToken.lastBalance for external reward tokens
Findings not publicly available for private contests.
high
Adversary can DOS seller premium payments by creating a large number of tiny protections
high
User can double insure their LP token to game insurance in the event of a default
high
User can game protection via renewal to get free insurance
high
The renewal grace period gives users insurance for no premium
high
Protection sellers can easily game withdrawal requests to collect risk free yield
high
Users can share/borrow sTokens to bypass minimum deposit time
high
Liquidation logic is incorrect when user has debt to more than one bank
high
WIchiFarm#burn sends too few IchiV2 tokens to users
high
IchiLpOracle is extemely easy to manipulate due to how IchiVault calculates underlying token balances
high
IchiVaultSpell#openPositionFarm can cause Ichi to be harvested but doesn't send it to the user
high
BlueBerryBank#withdrawLend will cause underlying token accounting error if soft/hard vault has withdraw fee
high
IchiVaultSpell#closePosition will leave LP tokens in the contract if amountLpWithdraw != 0
medium
WIchiFarm will break after second deposit of LP
medium
ChainlinkAdapterOracle will return the wrong price for asset if underlying aggregator hits minAnswer
medium
User has no slippage protection if they choose to not to repay the debt tokens obtained from the swap in IchiVaultSpell
medium
ChainlinkAdapterOracle use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs
high
Adversary can break bounty payouts by adding malicious ERC20 token to bounty
high
Adversary can brick refunds by making a large number of small deposits
high
Adversary can break any bounty they wish by depositing an NFT then refunding it
high
Adversary can permanently break reward distribution for percentage tier bounties by funding bounty then refunding after competition closes
high
Adversary can permanently break percentage tier bounties by funding certain ERC20 tokens then refunding
high
Tier winner can steal excess funds from tiered percentage bounty if any deposits are expired
high
Adversary can brick bounty payouts by calling fundBountyToken but funding it with an ERC721 token instead
high
Adversary can lock every deposit forever by making a deposit with _expiration = type(uint256).max
medium
Refunding logic with multiple deposits is first mover take all
medium
TieredFixedBountyV1#setPayoutScheduleFixed is intended to be able to resize to fewer tiers but can't
medium
Adversary can break NFT distribution by depositing up to max then refunding all of them
medium
Adversary can block NFT distribution on tiered bounties by assigning the NFTs to unused tiers
Jan '23
high
Fully repaying a loan will result in debt payment being lost
high
Lender can purposefully get themselves blacklisted on debt token to force borrower default
high
Use safeTransfer and safeTransferFrom for ERC20 tokens
high
Loans can be rolled an unlimited number of times which could result in longer loans than expected
high
PerpDepository#getPositionValue uses incorrect value for TWAP interval allowing more than intended funds to be extracted
high
USDC deposited to PerpDepository.sol are irretrievable and effectively causes UDX to become undercollateralized
high
PerpDepository has no way to withdraw profits depriving stakers of profits owed
high
RageTrade senior vault USDC deposits are subject to utilization caps which can lock deposits for long periods of time leading to UXD instability
high
Malicious user can use an excessively large _toAddress in OFTCore#sendFrom to break layerZero communication
high
PerpDespository#reblance and rebalanceLite can be called to drain funds from anyone who has approved PerpDepository
medium
PerpDepository#_placePerpOrder miscalculates fees paid when shorting
medium
Price disparities between spot and perpetual pricing can heavily destabilize UXD
medium
PerpDepository#_rebalanceNegativePnlWithSwap will not work because it never approves spotSwapper to transfer baseAsset
medium
PerpDepository#_rebalanceNegativePnlWithSwap fails to approve vault for quote deposit
Dec '22
high
Users can bypass the `maxWinPercent` limit using a partially closing
high
User can abuse tight stop losses and high leverage to make risk free trades
medium
Bypass the delay security check to win risk free funds
medium
Trading will not work on ethereum if USDT is used
medium
_checkDelay will not work properly for Arbitrum or Optimism due to block.number
medium
Chainlink price feed is not sufficiently validated and can return stale price
Nov '22
high
Anyone can steal CryptoPunk during the deposit flow to WPunkGateway
medium
Adversary can force user to pay large gas fees by transfering them collateral
medium
During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used
medium
Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.
high
User is unable to partially payback loan if they aren't able to post enough isoUSD to bring them back to minOpeningMargin
high
Swapping 100 tokens in DepositReceipt_ETH and DepositReciept_USDC breaks usage of WBTC LP and other high value tokens
high
Anyone can withdraw user's Velo Deposit NFT after approval is given to depositor
high
User can steal rewards from other users by withdrawing their Velo Deposit NFTs from other users' depositors
high
Outstanding loans cannot be closed or liquidated if collateral is paused
high
Users are unable close or add to their Lyra vault positions when price is stale or circuit breaker is tripped
high
Malicious user can DOS pool and avoid liquidation by creating secondary liquidity pool for Velodrome token pair
high
Users who deposit Lyra LP as collateral will lose OP vault rewards
medium
Vault_Base_ERC20#_updateVirtualPrice calculates interest incorrectly if updated frequently
medium
Bad debt may persist even after complete liquidation in Velo Vault due to truncation
medium
All collateral in Velodrome vault will be permantly locked if either asset in liquidity pair stays outside of min/max price
high
The 'redeem' related functions are likely to be blocked
high
fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be exe
medium
Assets may be lost when calling unprotected `AutoPxGlp::compound` function
medium
Deposit Feature Of The Vault Will Break If Update To A New Platform
medium
PirexGmx.initiateMigration can be blocked
high
Staking#setBaseVotes and setMonsterMulitiplier are dangerous and will likely cause huge damage to voting
high
Staking#_unstake removes votes from wrong person if msg.sender != owner
medium
Delegate can keep can keep delegatee trapped indefinitely
medium
Adversary can abuse delegating to lower quorum
medium
castVote can be called by anyone even those without votes
medium
Governance#queue increments the wrong counter when proposal is passed
medium
Staking#changeStakeTime and changeStakeAmount are problematic given current staking design
high
Adversary can brick AutoRoller by creating another AutoRoller on the same adapter
high
AutoRoller#eject can be used to steal all the yield from vault's YTs
medium
Hardcoded divider address in RollerUtils is incorrect and will brick autoroller
medium
RollerPeriphery#approve is public allowing anyone to approve themselves tokens
Oct '22
high
DnGmxJuniorVaultManager#_rebalanceBorrow logic is flawed and could result in vault liquidation
medium
DnGmxJuniorVaultManager#_totalAssets current implementation doesn't properly maximize or minimize
medium
Early depositors to DnGmxSeniorVault can manipulate exchange rates to steal funds from later depositors
medium
WithdrawPeriphery uses incorrect value for MAX_BPS which will allow much higher slippage than intended
medium
WithdrawPeriphery#_convertToToken slippage control is broken for any token other than USDC
medium
DnGmxJuniorVaultManager#harvestFees can push junior vault borrowedUSDC above borrow cap and DOS vault
medium
Pledges that contain delisted tokens can be extended to continue using delisted reward tokens
medium
WardenPledge accidentally inherits Ownable instead of Owner which removes an important safeguard without sponsor knowledge
medium
Fees charged from entire theoretical pledge amount instead of actual pledge amount
medium
Owner can transfer all ERC20 reward token out using function recoverERC20
high
Lender#lend for APWine doesn't validate that pool is swapping same underlying as market underlying
high
Lender#lend for Sense has mismatched decimals
high
Redeemer#redeem for Sense slippage check is not adequete due to token decimal mismatch
high
Redeemer#redeem for Sense can never redeem because it never approves cTokens to be transferred by Converter
high
Lender allows users to mint PT backed by PT which artificially inflates the supply of PT and damages the exchange rate for all users
Sep '22
high
Incorrect handling of pricefeed.decimals()
high
Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits
high
Risk users are required to payout if the price of the pegged asset goes higher than underlying
high
Vault.sol is not EIP-4626 compliant
medium
StakingRewards.sol#stake is intended to be pausable but isn't
medium
Fees are taken on risk collateral
high
TradingUtils#_executeTrade contains logical error that can cause loss of funds if trade.buyToken is ETH or WETH
high
StrategyUtils#_executeDynamicTradeExactIn returns incorrect amountBought if buyToken is wstETH and tradeUnwrapped is true
high
Settlement slippage is not implemented correctly which may lead to some vaults being impossible to settle
medium
TradingUtils#_approve is problematic for tokens like USDT that requires allowance to be zero before calling approve
medium
Deployments.sol uses the wrong address for UNIV2 router which causes all Uniswap V2 calls to fail
medium
UniV2Adapter#getExecutionData doesn't properly handle native ETH swaps
medium
TwoTokenPoolMixin allows secondary token to have decimals >18 due to incorrect require statement
Aug '22
high
ERC4626Oracle.sol returns incorrect price if ERC4626.decimals != ERC4626.asset.decimals
high
UniV2LPOracle.sol incorrectly values LP when either token in a pair does not have 18 decimals
high
CTokenOracle.sol#getCErc20Price contains critical math error
medium
Chainlink's latestRoundData may return stale or incorrect results
medium
Delisted assets can still be deposited and borrowed against by accounts that already have them
high
Builder can halve the interest paid to a community owner due to arithmetic rounding
high
Untyped data signing
medium
Builders must pay more interest when the system is paused.
medium
Missing upper limit definition in replaceLenderFee() of HomeFi.sol
medium
Project.sol and Community.sol have no way to revoke a hash in approvedHashes
Jul '22
high
Failed proposal can be committed again
high
Users can lose fractions to precision loss during migraction if _newFractionSupply is set very low
high
Any fractions deposited into any proposal can be stolen at any time until it is commited
high
Fund will be stuck if a buyout is started while there are pending migration proposals
high
Division rounding can make fraction-price lower than intended (down to zero)
high
Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back
high
Malicious User Could Burn The Assets After A Successful Migration
high
```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users
medium
An attacker can DoS vault's buyout with as little as 1 wei per 4 days
medium
Migration.join() and Migration.leave() can still work after unsucessful migration.
high
ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC
medium
Use a safe transfer helper library for ERC20 transfers
medium
Discounted fee calculation is imprecise and calculates less fees than anticipated
medium
addFeedFor should check if inverse feed already exists
medium
processFees() may fail due to exceed gas limit
Jun '22
medium
User can initiate withdraw for previous epoch if rebase hasn't been called since end of epoch
medium
Withdrawals initiated after cycle withdrawal request won't be withdrawn in the correct cycle
medium
Rebases can be frontrun with very little token downtime even when warmUpPeriod > 0
medium
Users of Migration.sol may forfeit rebase rewards
high
Redeemer.redeem() for Element withdraws PT to wrong address.
high
The lend function for tempus uses the wrong return value of depositAndFix
high
[H-05] Not minting iPTs for lenders in several lend functions
high
Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`
medium
Swivel lend method doesn't pull protocol fee from user
medium
sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender
medium
Marketplace calls unimplemented function
high
Stealing Wrapped Manifest in WETH.sol
high
Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed
high
Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable
medium
In Cnote.sol, anyone can initially become both accountant and admin
May '22
Apr '22