11x
Payouts
1x
1st Places
1x
2nd Places
8x
Top 10
All
Sherlock
Cantina
Apr '25
Mar '25
Feb '25
high
`initCollateralUsd` is incorrectly set when opening a leveraged position.
high
Collecting Fees from `vestPosition` May Revert Due to Incorrect `tickUpper` Usage
medium
Incorrect `modulo` Calculation in `Strategy._setSecondaryPositionsTicks` When `tick < 0`
medium
The `Leverager.withdraw()` Function Incorrectly Utilizes `amountOut0` Instead of `amountOut1` to Determine `repayFromWithdraw`
Jan '25
high
Finding not yet public.
high
Finding not yet public.
high
Finding not yet public.
high
Finding not yet public.
high
Finding not yet public.
Dec '24
high
Attackers can drain the `OracleLess` contract by creating an order with a `malicious tokenIn` and executing it with a `malicious target`.
high
The `execute()` function should reset the approved amount for the `target` to 0 at the end.
high
The `AutomationMaster.generateOrderId()` function does not guarantee the generation of a unique `orderId`.
high
The `_cancelOrder()` function removes the `orderId` solely from the `pendingOrderIds` array, but does not remove it from the `orders` mapping.
high
Reentrancy attack in the `OracleLess` contract.
high
In the `oracleLess` contract, when an order is created, `tokenIn` is transferred from the `recipient`, which exposes it to potential attacks.
high
Attackers can drain the `StopLimit` contract.
medium
The `execute()` function should utilize `forceApprove` instead of `safeApprove`.
medium
Incorrect staleness check in the `PythOracle.currentValue()` function.
medium
A `DoS` attack that makes order removal impossible in the `OracleLess` contract, causing all funds to become stuck.
Nov '24
high
Unfair fee calculation in the `ReputationMarket._calculateBuy()` function.
high
Incorrect modification of `marketFunds` in the `ReputationMarket.buyVotes()` function.
medium
Improper fee mechanism in the `EthosVouch.applyFees()` function.
medium
Absence of slippage protection in the `ReputationMarket.sellVotes()` function.
