Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Jan '25
high
Incorrect `currentPeriod` in `transferReserveToAuction` Leads to Auction Funds Being Stuck
medium
Attacker can force auctions to fail preventing bond holders from getting rewards
medium
Risk of DoS During Auction Bidding Due to USDC Blacklisted Bidders
medium
Chainlink Has No Price Feed for WSTETH/USD on Base, WSTETH Cannot Be Used as a Reserve Token
medium
Coupon Shares are allocated even if auction fails, resulting in users unable to claim rewards
Dec '24
high
`BorrowLiquidation` contract will incorrectly send the remaining ETH to the borrower after liquidation
high
Anyone can inflate `downsideProtected` causing a DOS of deposit/withdraw in `CDS`
high
Owner will be unable to withdraw interest from treasury under certain conditions
medium
`BorrowLiquidation::liquidationType2` calculates the amount of sETH to short incorrectly when liquidating with Synthetix
Sep '24
Jul '24
high
`BribeRewarder.deposit` Will Always Revert, Blocking the Voting Mechanism
high
`Voter.vote` Allows Users to Vote with Expired Locks, Introducing Voting Manipulation Risks
high
Unclaimed Bribe Rewards Remain Stuck in `BribeRewarder`
medium
Incorrect Check in `_requireOnlyOperatorOrOwnerOf` Allows Unauthorized Access
Jun '24
May '24
Apr '24
high
Incorrect withdraw queue balance in TVL calculation
high
DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled
medium
Deposits will always revert if the amount being deposited is less than the bufferToFill value
medium
Withdrawals and Claims are meant to be pausable, but it is not possible in practice
Mar '24
high
Gas Mode Not Set to `Claimable` in `BlastGas` Contract
high
Some ERC20 don't allow 0 amount transfers which could result in Seller being unable to claim prefunded Base token capacity after `EMPAM` Auction settles without being filled
medium
Batch auction settlement will be impossible if partially filled bidder or the curator get blacklisted in the base or quote tokens
medium
Inability for Seller to Claim Remaining Capacity after Prefunded Atomic Auction `FPAM` Concludes
medium
Some Bidders might be unable to claim their payout if Base token derivative expiry is too close to auction expiry
high
Risk of reentrancy `onERC721Received` function to manipulate collateral token configs shares
medium
dailyDebtIncreaseLimitLeft is not updated in liquidate().
medium
Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares
medium
V3Vault is not ERC-4626 compliant
medium
Wrong global lending limit check in `_deposit` function
medium
Users can lend and borrow above allowed limitations
high
Delegated amounts can be forcefully removed from anyone in the TwabController
high
`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS
high
`_amountOut` is representing assets and shares at the same time in the `liquidate` function
high
Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract
medium
`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded
medium
Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault
Feb '24
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `
high
Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)
Jan '24
high
When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS
high
User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated
medium
SALT staker can get extra voting power by simply unstaking their xSALT
medium
Impossible to change managed wallets with `proposeWallets` after first rejection
high
Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale
high
Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`
high
Unauthorized Access to setCurves Function
medium
Protocol and referral fee would be permanently stuck in the Curves contract when selling a token
medium
onBalanceChange causes previously unclaimed rewards to be cleared
Dec '23
Nov '23
Oct '23
high
Borrower has no way to update `maxTotalSupply` of `market` or close market.
high
Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last
high
Borrower can drain all funds of a sanctioned lender
Sep '23
Aug '23
high
The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP
high
The peg stability module can be compromised by forcing lowerDepeg to revert.
high
`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`
medium
`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs
Jul '23
high
`queueNewRewards` transferring wrong amount of reward token
high
`averagePrice` has wrong decimals due to `updatePricingInfo` wrong calculation
high
Some `idle` amount is neglected in `LMPVault._withdraw` function
medium
Incorrect amount given as input to `_handleRebalanceIn` when `flashRebalance` is called
medium
Did not remove vault from `_vaultsByType` when calling in `LMPVaultRegistry.removeVault`
high
Delegated amounts can be forcefully removed from anyone in the TwabController
high
`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS
high
`_amountOut` is representing assets and shares at the same time in the `liquidate` function
high
Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract
medium
`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded
medium
Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault
Jun '23
May '23
high
`mintRebalancer` and `burnRebalancer` functions missing `onlyBalancer` modifier
high
Wrong pool address used for `DAIEthOracle` in `StableOracleDAI` contract
high
Error in the calculation of `amountToSellUnits` in `BuyUSSDSellCollateral` function
medium
Chainlink's `latestRoundData()` can return stale or incorrect result
medium
Risk of loss of funds when calling `mintForToken`
Apr '23
Mar '23
Feb '23
Jan '23
Dec '22
Nov '22
Oct '22
Sep '22
Aug '22
Jul '22
Jun '22