Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
Jun '25
high
Missing swap-withdrawal validation enables accumulated token drainage
high
Any attacker will steal refund tokens from `GatewayTransferNative` users with failed cross-chain transactions to non-EVM chains
high
Any attacker will steal accumulated ZRC20 tokens from `GatewayTransferNative` contract
medium
Fee calculation bug enables protocol fund drainage or transaction failures
medium
Users withdrawing to Bitcoin will lose funds permanently when transactions fail
medium
ETH Refunds Always Fail Due to Incorrect Transfer Function Usage in `onRevert`
medium
Malicious Attackers Will Cause Denial of Service for Incoming Cross-Chain Transfers via GatewayCrossChain Contract
May '25
Apr '25
high
high
high
Mar '25
Feb '25
medium
high
Wrong amount is minted to user when they deposit into the lending pool
high
Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency
high
ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price
high
Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
high
Users can borrow more assets than they have deposited as collateral
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation
high
Boost Miscalculation Leads to Excess Distribution
high
Interest Accrual Failure Due to Incorrect Scaling in RToken Implementation
high
Ineffective Time-Weighted Average Implementation in Fee Distribution
high
Voting Power Snapshot Missing
high
Users can lose additional collateral by depositing NFTs after grace period expiration
medium
[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay
medium
Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations
medium
closeLiquidation within LendingPool does not allow partial repayments, which can cause massive losses to users within edge case
Jan '25
high
Dec '24
Nov '24