
Payouts

3rd Places

Top 10

Top 25
All
Sherlock
Code4rena
Immunefi
Apr '26
medium
medium
medium
MPT pseudo-account setup transactions can break under `spfSponsorReserve` because reserve sponsorship is applied to pseudo-accounts
medium
Sponsored-reserve `PaymentChannelCreate` can bypass source post-funding reserve enforcement and leave source under-reserved
medium
Sponsored XRP `AMMDeposit` can mis-validate depositor solvency, enabling reserve-floor bypass and sponsor-liquidity false rejection
Mar '26
high
Liquidation can seize disproportionate collateral when spot and EMA diverge because seize sizing uses spot without enforcing EMA/spot tolerance
medium
Administrators will reclaim liquidity-mining rewards owed to passive users
medium
Public depositors can exceed configured market deposit caps and small redeposits can revert after LP exit
Feb '26
medium
Jan '26
Dec '25
high
BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees
medium
`RiskEngine::_getRequiredCollateralAtTickSinglePosition()` Fails to Accumulate Credits Across Multiple Legs, Leading to Potential Erroneous Liquidations
medium
Division-by-zero in long-leg collateral requirement can block solvency checks and `dispatchFrom` (liquidation/force-exercise) for tickSpacing==1 pools
Nov '25
high
high
medium
Oct '25
high
high
high
medium