Fortis_Audits
Security Researcher
A Smart Contract Auditing Team 🏰 Lead By Bluedragon 🐉 and Mahi_Vasisth
High
17
Total
Medium
20
Total
$2.39K
Total Earnings
#990 All Time
13x
Payouts
2x
Top 10
7x
Top 25
10x
Top 50
All
Sherlock
Code4rena
CodeHawks
Mar '25
Feb '25
high
`BaseGauge` users can claim rewards without staking
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation
high
Attackers can double voting power and veToken amount by locking and increasing
high
Incorrect Debt Token Accounting Due to Multiple Scaling Issues
high
Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses
high
Future Stakers Gains More Rewards from Already Accumulated `rewardPerTokenStored` Causing Unfair Reward Distribution
medium
[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw
medium
Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.
medium
Missing Vote Frequency Control in GaugeController
medium
Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update
medium
`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service
medium
RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Emergency Withdrawal Remains Active After Cancellation
medium
Incorrect Period Transition Logic in Reward Distribution
medium
Time-skew Attack in RWAGauge Weight Calculations Through Precision Gaming
medium
Failure to update `lastClaimTime` mapping when users claim rewards in FeeCollector Causes Time-Based Reward Calculation Issues
low
Canceled vote still get voted on and accumulate voting power in Goverance.sol
low
Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions
low
Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`
low
Improper Lock State Updates: Misreported Locked Token Data infects Governance Participation, rewards distribution and Harms Protocol Trust.
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function
low
Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
low
`DebtToken::burn`'s Return Values are wrong
low
Incorrect Values Returned in ReserveLibrary `withdraw` Function
low
Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures
low
Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards
low
Missing Check for Gauge Activation Status in vote :: GaugeController.sol
low
Missing Validation for Minimum Vote Weight in `vote` Function
Jan '25
Nov '24
Aug '24
high
Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function
high
TokenManager - Unlimited withdraw
high
Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort
high
Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode
Jul '24
Mar '24
