11x
Payouts
3x
Top 10
6x
Top 25
8x
Top 50
All
Sherlock
Jun '25
high
ZRC20 Mismatch in withdrawToNativeChain Enables Arbitrary Token Theft via Crafted Swap Message
high
`decoded.targetZRC20` Trust Issue Enables Unauthorized Token Withdrawal
medium
Incorrect Fee Deduction During Swap in `onCall` Function
medium
ETH Cannot Be Used as `fromToken` Due to `approve` Call
medium
Fee Deduction Does Not Reflect in `msg.value`, Causes Overdraw or Incorrect Swap for ETH
medium
Fake UniswapV2 Pool Detection Allows DoS via Crafted Token Transfers
medium
Unauthorized Withdrawal via Exposed withdraw Function Leads to Token Theft and Denial of Refund
medium
Swap Slippage Not Enforced — Front-Running Enables Excessive Token Consumption
medium
Strict ERC20 Interface Causes Transfer Failures with Non-Compliant Tokens
May '25
Apr '25
Mar '25
Jan '25
Dec '24
high
Unauthorized Updates to `downsideProtected` Causing Reverts and Incorrect Calculations
high
Incorrect Deduction of update of total cds deposited Amounts During CDS Withdrawal Process
high
Missing `lastEventTime` Update in Borrowing Liquidation Function Leads to Stale Cumulative Rate Calculations
high
Mismanagement of Treasury Interest in treasury `withdrawInterest` Function
high
Mismanagement of `usdaGainedFromLiquidation` During Liquidation
medium
Exchange Rate Fluctuation Causing Reverts in CDS `Withdraw` for `weETH`and `rsETH`
medium
Underflow Risk in `cdsProfits` Calculation Due to Borrower Debt Growth in the borrowing `liquidate` function
medium
Unused `cdsDepositDetails.lockingPeriod` Variable
medium
Stale `lastCumulativeRate` Used in Borrower Deposit and Borrower Withdrawal Calculations
medium
Incorrect Sequence in `calculateCumulativeRate` Call During borrowing Withdrawal
medium
Mismanagement of `omniChainData.totalVolumeOfBorrowersAmountinWei` Leads to Inaccurate Calculations Across the Protocol
Nov '24
