Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Cantina
Feb '25
high
medium
high
high
high
high
high
Jan '25
high
high
high
high
high
high
medium
medium
medium
medium
Dec '24
medium
medium
Nov '24
high
Incorrect calculation of funds on `buyVotes` could DoS `withdrawGraduatedMarketFunds`
high
Users pay less than the vouchersPoolFee due when the `increaseVouch` function is called
high
user may be grossly overpaying fees in `buyVotes` due to incorrect calculation
medium
No lock funds after unvouch will allow the author to withdraw his funds before slash
medium
No slippage protection for `sellVotes` function
94.59 USDC • 1 total finding • Sherlock • BengalCatBalu
high
`BuyOrder::sellNFT` does not send NFT to buyer
medium
Malicious user can Reset activeOrdersCount for `DLOFactory` and DoS deleteOrder functionality
medium
Valid principle may not be counted at `DebitaIncentives::updateFunds`
medium
`DebitaV3Loan::extendLoan` will revert due to underlow in most cases
medium
Flash Loan Borrows can take most of the incentive.
medium
PercentageLent for small loans will be rounded to zero
medium
Accumulated rounding down in weighted apr calculation may force borrower accept offers that he not accept in other cases
medium
If no one will lend a principle in epoch, then incentivise for it will be stuck on the contract
Oct '24
high
high
high
high
high
high
high
medium
medium
medium
medium
medium
medium
medium
medium
medium
Sep '24
high
high
medium
Aug '24
medium
medium
Jul '24
high
Broken access control in BribeRewarder::_modify leads to dos of Voter::_vote
high
Incorrect implementation of control when user can vote in `Voter.sol`
medium
position.lockDuration in `MLUMStaking.sol` and user vote ability can be manipulated due to incorrect access control realization
medium
Not only the owner of the position can get the award in `MLUMStaking`, approved addresses can take the award for themselves
Apr '24
Mar '24