Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
Apr '25
medium
medium
medium
medium
Feb '25
medium
Slippage protection in `AgentTax::dcaSell` and `BondingTax::swapForAsset` is calculated at execution time, effectively retrieving the very same price that the trade will be executing at, ultimately providing no protection
medium
`amountOutMin` passed in as 0 in `AgentToken::_swapTax` leads to loss of funds due to slippage
medium
BondingTax has invalid slippage implementation
medium
Missing Slippage Protection On Buy And Sell
high
Multiple Delegation by Double Spending Boosts and Lack of Delegation Tracking in BoostController Contract
high
Delegation Boost Not Usable by Delegatees
high
`BaseGauge` users can claim rewards without staking
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds
high
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Boost Miscalculation Leads to Excess Distribution
medium
`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function
medium
Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry
medium
Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations
medium
Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`
medium
balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be
medium
Unbounded Reward Accrual After Period End Enables Reward Manipulation Attacks
low
Unauthorized Vote Casting Vulnerability
low
Hardcoded Emission Values Lead to Incorrect Reward Calculations
Dec '24