Security Researcher
X -> xBugSlayer Telegram -> xBugSlayer Trying to make web3 a safe place
High
Total
Medium
Total
Total Earnings
#812 All Time
Payouts
3rd Places
Top 10
Top 25
All
Sherlock
Code4rena
CodeHawks
Mar '25
Feb '25
high
Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Gauge period cannot be updated
high
`GaugeController::_calculateReward` implementation will cause smaller shares to be allocated to every gauge
high
`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds
high
Reward manipulation vulnerability in StabilityPool
high
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Boost Miscalculation Leads to Excess Distribution
high
Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.
high
Treasury Balance Tracking Bypass in FeeCollector
high
Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System
high
Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses
high
Gauge stakers won't get any reward due to round-down in user weight calculation
high
Gauge reward system can be gamed with repeatedly stake/withdraw
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
LendingPool::getNormalizedIncome() returns stale liquidity index
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
LendingPool.getUserDebt returns outdated value and can lead to liquidation failure
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address
medium
Portion of revenue to be distributed for gauges remains undistributed
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
Jan '25
medium
WSTETH is not supported by the protocol
medium
User can always inflate the `totalSellReserveAmount` variable to block the auction from being ended
medium
USDC blacklist may be a problem in Auction
medium
Precision loss in `Pool::getRedeemAmount` will result in users redeeming less collateral than they should
Dec '24
Nov '24
Oct '24
Aug '24
Jul '24
high
Availability of deposit invariant can be bypassed
high
AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards
medium
Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`
medium
`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`
Jun '24
May '24
high
Availability of deposit invariant can be bypassed
high
AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards
medium
Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`
medium
`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`
Apr '24
Mar '24
Jan '24