L1->L2 token deposits can be DoS'ed by purposefully providing a large `data` field in `MsgInitiateTokenDeposit`

Events emitted by L2 bridge hooks are discarded

Using a timestamp as a key for processed messages leads to key collisions in the database

Redacted finding

Prover can cheat in felt_to_bytes_little due to value underflow

Unauthorized Contracts Can Bypass Precompile Authorization via delegatecall in Kakarot zkEVM

RIPEMD-160 precompile yields wrong hashes for large set of inputs due to off-by-one error

Non-finalized dictionary in RIPEMD160 allows forging of output

No way to cancel l1 -< l2 messages

Address aliasing is wrongfully applied even to EOAs

RIPEMD160 precompile crashes with a Cairo exception for some input lengths

handle_l1_message may unfairly revert l2 tx with sufficient l1 sender balance, due to vulnerable fee charge implementation

Incorrect totalsupply value will be returned due to erroneous return data decode implementation

`DualVmToken` can be abused to cause RPC-level reverts by revoking native token approval to Kakarot

Account contract does not gracefully handle panics in called contracts

Reentrancy check in account_contract can be easily circumvented

`ExponentiationImpl::pow()` returns 0 for 0^0

Users can dodge losses due to StRSR era changes with instant operations

Dutch auctions can fail to settle if any other collateral in the basket behaves unexpectedly

RToken can manipulate distribution to avoid paying DAO fees

The traceEnd in BackingManager isn't updating correctly

L2 precompile calls can be impossible to reproduce on L1

LPP metadata can be altered after the challenge period is over, allowing incorrect states to be proven

The LPP challenge period can cause malicious and freeloader claims to be uncounterable and can also cause freeloader claims to be abused to entrap honest challengers

The `MIPS` doesn't implement `ADD`, `ADDI`, and `SUB` instructions correctly

The LPP proposer may not be reimbursed their gas costs by the bonds at `MAX_GAME_DEPTH` because `step()` does not check if the LPP proposer is the one that called it

In some cases, proper CLOCK_EXTENTSION time cannot be ensured to generate the initial instruciton trace

Missing address check for instructions LH and LHU

CM can `delegatecall` to any address and bypass all restrictions

Permanent DOS in `liquidity_lockbox` for under $10

Arbitrary tokens and data can be bridged to `GnosisTargetDispenserL2` to manipulate staking incentives

Griefing attack on `liquidity_lockbox` withdrawals due to lack of minimum deposit

LP rewards in `liquidity_lockbox` can be arbitraged

Withdraw amount returned by `getLiquidityAmountsAndPositions` may be incorrect

Users will lose all ETH sent as `cost` parameter in transactions to and from Optimism

Staked service will be irrecoverable by owner if not an ERC721 receiver

Non-normalized amounts sent via Wormhole lead to failure to redeem incentives

Unauthorized claiming of staking incentives for retainer

Attacker can cancel claimed staking incentives on Arbitrum

Blocklisted or paused state in staking token can prevent service owner from unstaking

Refunds for unconsumed gas will be lost due to incorrect refund chain ID

Attacker can make claimed staking incentives irredeemable on Gnosis Chain

The `msg.value` - `cost` for multiple cross-chain bridges are not refunded to users

The `refundAccount` is erroneously set to `msg.sender` instead of `tx.origin` when `refundAccount` specified as `address(0)`

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

Less active nominees can be left without rewards after an year of inactivity

The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1

Incorrect withdraw queue balance in TVL calculation

Withdrawals of rebasing tokens can lead to insolvency and unfair distribution of protocol reserves

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

ETH withdrawals from EigenLayer always fail due to `OperatorDelegator`'s nonReentrant `receive()`

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Withdrawals can be locked forever if recipient is a contract

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Pending withdrawals prevent safe removal of collateral assets

Incorrect exchange rate provided to Balancer pools

Potential Arbitrage Opportunity in the xRenzoDeposit L2 contract

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Not handling the failure of cross chain messaging

`calculateTVL` may run out of gas for modest number of operators and tokens breaking deposits, withdrawals, and trades

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

Withdrawals can fail due to deposits reverting in `completeQueuedWithdrawal()`

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Due to missing checks on minimum gas passed through LayerZero, executions can fail on the destination chain

Users will lose their cross-chain transaction if the destination router do not have enough WETH reserves.

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Single token purchase restriction on curve creation enables sniping

Selling will be bricked if all other tokens are withdrawn to ERC20 token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

CM can `delegatecall` to any address and bypass all restrictions

Permanent DOS in `liquidity_lockbox` for under $10

Arbitrary tokens and data can be bridged to `GnosisTargetDispenserL2` to manipulate staking incentives

Griefing attack on `liquidity_lockbox` withdrawals due to lack of minimum deposit

LP rewards in `liquidity_lockbox` can be arbitraged

Withdraw amount returned by `getLiquidityAmountsAndPositions` may be incorrect

Users will lose all ETH sent as `cost` parameter in transactions to and from Optimism

Staked service will be irrecoverable by owner if not an ERC721 receiver

Non-normalized amounts sent via Wormhole lead to failure to redeem incentives

Unauthorized claiming of staking incentives for retainer

Attacker can cancel claimed staking incentives on Arbitrum

Blocklisted or paused state in staking token can prevent service owner from unstaking

Refunds for unconsumed gas will be lost due to incorrect refund chain ID

Attacker can make claimed staking incentives irredeemable on Gnosis Chain

The `msg.value` - `cost` for multiple cross-chain bridges are not refunded to users

The `refundAccount` is erroneously set to `msg.sender` instead of `tx.origin` when `refundAccount` specified as `address(0)`

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

Less active nominees can be left without rewards after an year of inactivity

Replay attack to suddenly offboard the re-onboarded lending term

`totalBorrowedCredit` can revert, breaking gauges.

Inability to withdraw funds for certain users due to `whenNotPaused` modifier in `RateLimitedMinter`

No check for sequencer uptime can lead to dutch auctions failing or executing at bad prices

LendingTerm debtCeiling function uses creditMinterBuffer incorrectly

Anyone can prolong the time for the rewards to get distributed

Malicious borrower can decrease Guild holders reward