
Payouts

Top 10

Top 25

Top 50
All
Sherlock
Code4rena
Cantina
CodeHawks
Immunefi
Mar '26
medium
Nov '25
medium
Mar '25
high
medium
Feb '25
high
high
high
medium
medium
high
Reward manipulation vulnerability in StabilityPool
high
Users can borrow more assets than they have deposited as collateral
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
Boost Miscalculation Leads to Excess Distribution
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
medium
Gauge reward period can be extended indefinitely
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Using balanceOf Instead of Voting Power
medium
Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing
medium
LendingPool.getUserDebt returns outdated value and can lead to liquidation failure
medium
No check for sequencer uptime can lead to Zeno auctions being executed at lower prices or may result in incomplete auctions
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay
medium
Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.
Jan '25
high
medium
medium
Dec '24
low
Nov '24
Sep '24
Aug '24
high
medium
medium
medium
Jul '24
high
medium
medium
low
low
low
high
Double voting is possible if the user withdraws and reopens a position within the voting duration.
medium
`harvestPositionTo` should always send rewards to owner of NFT.
medium
Loss of reward if `emergencyWithdraw` is called
medium
Malicious users can exploit the bribe mechanism by awarding worthless tokens as a bribe and reaching the max bribe limit.
medium
`BribeRewarder` will not handle fee-on-transfer tokens
Jun '24
Apr '24
high
high
high
medium
medium
high
Rewards in `LenderCommitmentGroup_Smart` is sandwichable.
high
The return value of arbitrary ERC20 tokens transfers is not checked.
high
The liquidator will not receive the collateral after liquidation.
medium
`LenderCommitmentGroup_smart` does not support Fee on Transfer tokens
medium
`OwnableUpgradeable` is not initialized in `LenderCommitmentGroup_Smart`
high
Double counting of the vote is possible in `ZivoeRewardVesting:revokeVestingSchedule` breaking the protocol core invariant.
high
Incorrect Accounting of `_totalSupply` and `_totalSupplyCheckpoints` in `zivoeStakingRewards:revokeVestingSchedule` can cause DOS.
high
Malicious actor can call `ZivoeRewards:depositReward` with 1 wei many times increase the reward’s `periodFinish` making the contract unusable..
medium
`OCL_ZVE:pushToLockerMulti ` will likely revert because of allowance check.
Jan '24
high
When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS
high
User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated
medium
Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST
medium
Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.
Dec '23
Oct '23
medium
The protocol will mint unnecessary fees if the vault is paused and reopened later.
medium
Wrong hardcoded PnL factor is used in all GMXVault add liquidity operations
low
Unhandled DoS when access to Chainlik oracle is blocked
low
`processDeposit()` can cause a DoS if equityAfter is 0 and equityBefore > 0.
Sep '23
Aug '23
Jul '23
high
Sandwich attack to steal all ERC-20 tokens in the Fees contract
high
Using forged/fake lending pools to steal any loan opening for auction
high
Fee on transfer tokens will cause users to lose funds
high
update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards
high
Rewards can be sabotaged by large deposit and withdraw
medium
The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates
gas
Floating pragma in all contracts
gas
Misspelled event in `Lender.sol`