Payouts
1st Places
Top 10
Top 25
All
Sherlock
Jan '25
Nov '24
Findings not publicly available for private contests.
Aug '24
high
Incorrect Balance Calculation in getSupplyBalance() Function Leads to User Fund Loss
high
Incorrect Accounting of Treasury Shares Leads to Loss of Funds and Protocol Insolvency
high
Incorrect Fee Accrual in `CuratedVault` Contract Lead to Incorrect Shares Accounting
high
Liquidation will be blocked if there is not enough collateral in the pools
high
Incorrect Debt Share Update in `_repayDebtTokens` Leads to Significant Low Interest Rate
high
Incorrect Calculation of Collateral During Liquidation in `LiquidationLogic` leads to bad debts
high
Pool admins are able to cause loss of funds for vaults by setting malicious interestRateModels
high
userbalance not reduced by `liquidationProtocolFeeAmount`
high
Liquidated Positions Keep Receiving Rewards Forever in NFTPositionManager
high
Protocol exposed to risk of insolvancy, due to not handling bad debt
high
Incorrect Interest Rate Update Leads to Inflated Rates and Potential Protocol Insolvency
medium
Potential Denial of Service in `withdraw` Function Due to Insufficient checks on Treasury Minting
medium
Inaccurate Interest Rate Calculation in Liquidation Process
medium
Repay Function often Fails Due to Incorrect Debt Balance Calculation in Position Manager
medium
Incorrect Implementation in Reallocate Function Prevents Full Withdrawal from Pools
medium
NFTRewardsDistributor tracks user's balance in terms of assets instead of shares leading to a loss of yield
medium
Inconsistent Handling of Price Feed Decimals Leads to Incorrect Price Calculations
medium
Fixed Heartbeat Interval for Price Validation leads to potential issues
medium
Position Risk Management Functionality Missing in Position Manager and dos in certain conditions
medium
Inconsistent Application of Reserve Factor Changes Leads to Protocol Insolvency Risk
medium
`executeMintToTreasury()` doesn't update state causing a loss of yield
medium
Inflation Attack is possible on CuratedVault
high
Liquidators can manipulate RepaidDebt calculation to seize excess collateral from users being liquidated
medium
Incorrect Calculation of `_minRequestedValue` Exposes Healthy Positions to Liquidation and Prevents Full Borrowing/Withdrawal
medium
Pausing on SuperPool doesn't work
medium
Incorrect Fee Calculation Leads to Potential Liquidator Losses and Protocol Instability
medium
Pool Functionality Can Be Permanently Blocked Due to Rounding in Share Calculations
medium
Inablity to perform partial liquidations allows huge positions to accrue bad debt
medium
SuperPool's `Reallocate` Function Is Broken for USDT Pools
medium
New Depositors at Risk of Significant Value Loss in Certain Pools
medium
`maxWithdraw` and `maxRedeem` are not ERC4626 compliant
medium
`SuperPoolFactory.deploySuperPool()` could be dossed