Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
CodeHawks
Oct '24
high
high
high
medium
medium
Sep '24
high
high
medium
medium
medium
Aug '24
medium
medium
Jul '24
May '24
Apr '24
Mar '24
medium
Feb '24
medium
medium
high
high
high
high
high
high
high
medium
medium
Jan '24
Dec '23
Nov '23
Oct '23
Sep '23
Aug '23
Jul '23
high
Sandwich attack to steal all ERC-20 tokens in the Fees contract
high
Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely
medium
The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates
medium
Frontrun can get the full reward, no staking time required
Jun '23
May '23
high
USSDRebalancer getOwnValuation() calculation may overflow
high
Pool price is extemely easy to manipulate
high
`mintRebalancer()` and `burnRebalancer()` functions lack access control, allowing anyone to call them
high
USSD.UniV3SwapInput executes swaps without slippage protection
high
Incorrect `DAIEthOracle` address, which results in the malfunctioning of the function.
high
Result of the calculation is zero when collateral token has precision of 8 decimals
medium
Chainlink's latestRoundData return stale or incorrect result
medium
Inaccurate collateral factor calculation due to missing collateral asset
Apr '23
high
The protocol does not return all of the rewards to user
high
The quotes from Curve may be subject to manipulation
high
AuraSpell executes swaps without slippage protection
high
Lack of deadline for uniswap AMM
medium
getPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds
medium
The protocol will not be able to add liquidity on the curve with another token with a balance.
medium
Users can fail to closePositionFarm and lose their funds
Mar '23
high
Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )
high
`WstEth` derivative assumes a ~1=1 peg of stETH to ETH
high
Price of sfrxEth derivative is calculated incorrectly
medium
Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection
medium
DoS due to external call failure
Feb '23
high
Missing checks for amount 0 when buy or renew protection resulting in a large amount of garbage data generated in the protocol
high
User's balance can be reused to submit a withdrawal request that breaks the logic of deposit and withdrawal
medium
The lockCapital() can make the whole contract malfunction
Jan '23