Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Cantina
CodeHawks
Jul '25
Jun '25
high
Refund Can Be Claimed by Unauthorized User if Wallet Address Is Not Exactly 20 Bytes
medium
Incorrect Fee Deduction in onCall Leads to User incorrect payment
medium
ERC20 Non-Standard Return Value Compatibility (USDT Transfer Failure)
medium
ETH Refund Failure in onRevert() Function
medium
Malicious Revert Can Overwrite Legitimate Refunds via onRevert Function
May '25
high
Mar '25
Feb '25
high
Reward manipulation vulnerability in StabilityPool
high
Treasury Balance Tracking Bypass in FeeCollector
medium
Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service
medium
Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator
medium
`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting
medium
Emergency Withdrawals in `FeeCollector` will break Fee Distribution Logic
medium
Emission Rate can be Manipulated (Locked, Higher or Lower)
low
pause will lower the rewards for time that the system operated actively
Jan '25
high
medium
Dec '24
Nov '24
Sep '24
medium
medium
Aug '24
Jul '24
high
Number of entities in generation can surpass the 10k number
high
Wrong minting logic based on total token count across generations
medium
Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale
medium
Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount
May '24