Payouts
Top 25
Top 50
All
Sherlock
Code4rena
CodeHawks
Mar '25
Feb '25
high
Users can borrow more assets than they have deposited as collateral
high
RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Incorrect Debt Scaling Leading to Protocol Solvency Risk
high
Ineffective Time-Weighted Average Implementation in Fee Distribution
high
Gauge stakers won't get any reward due to round-down in user weight calculation
medium
Missing Vote Frequency Control in GaugeController
medium
Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service
medium
Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function
medium
There is no logic checking for RAACNFT price staleness before minting it
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
Inconsistent Scaling in RToken Transfer Functions
medium
`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting
medium
Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`
low
Canceled vote still get voted on and accumulate voting power in Goverance.sol
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
`DebtToken::burn`'s Return Values are wrong
low
Incorrect Timestamp Tracking in RAACHousePrice contract
low
Missing Check for Gauge Activation Status in vote :: GaugeController.sol
low
Missing Validation for Minimum Vote Weight in `vote` Function
Jan '25
high
Underflow when updating credit delegation will result protocol DoS
medium
`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error
medium
Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency
medium
No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions
low
`initiateSwap` allows users to initiate swap even when the vault is paused
Aug '24
Jul '24
high
`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`
high
Incorrect Percentage Calculation in NukeFund and EntityForging when `taxCut` is Changed from Default Value
medium
Pause and unpause functions are inaccessible