Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Mar '25
Feb '25
high
`initCollateralUsd` is incorrectly set when opening a leveraged position.
high
Collecting Fees from `vestPosition` May Revert Due to Incorrect `tickUpper` Usage
medium
Incorrect `modulo` Calculation in `Strategy._setSecondaryPositionsTicks` When `tick < 0`
medium
The `Leverager.withdraw()` Function Incorrectly Utilizes `amountOut0` Instead of `amountOut1` to Determine `repayFromWithdraw`
Jan '25
Dec '24
high
Attackers can drain the `OracleLess` contract by creating an order with a `malicious tokenIn` and executing it with a `malicious target`.
high
The `execute()` function should reset the approved amount for the `target` to 0 at the end.
high
The `AutomationMaster.generateOrderId()` function does not guarantee the generation of a unique `orderId`.
high
The `_cancelOrder()` function removes the `orderId` solely from the `pendingOrderIds` array, but does not remove it from the `orders` mapping.
high
Reentrancy attack in the `OracleLess` contract.
high
In the `oracleLess` contract, when an order is created, `tokenIn` is transferred from the `recipient`, which exposes it to potential attacks.
high
Attackers can drain the `StopLimit` contract.
medium
The `execute()` function should utilize `forceApprove` instead of `safeApprove`.
medium
Incorrect staleness check in the `PythOracle.currentValue()` function.
medium
A `DoS` attack that makes order removal impossible in the `OracleLess` contract, causing all funds to become stuck.
Nov '24
high
Unfair fee calculation in the `ReputationMarket._calculateBuy()` function.
high
Incorrect modification of `marketFunds` in the `ReputationMarket.buyVotes()` function.
medium
Improper fee mechanism in the `EthosVouch.applyFees()` function.
medium
Absence of slippage protection in the `ReputationMarket.sellVotes()` function.