Payouts
2nd Places
3rd Places
Top 10
All
Sherlock
Code4rena
Immunefi
Nov '23
low
1.37 USDC • 1 total finding • Code4rena • Madalad
#31
Oct '23
Aug '23
Jul '23
high
Tokens can be stolen from other users who have approved Magnetar
high
Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies
medium
token mights stuck in MagnetarMarketModule contract if the asset doesn't support cross-chain operation
medium
`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays
medium
`StargateStrategy#_withdraw`: ether becomes trapped in the contract whenever a user withdraws
medium
`StargateStrategy#_currentBalance` calculation is incorrect and may lead to DoS
medium
all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV
medium
Some actions inside MagnetarV2.burst will not work because msg.value is used inside delegate call
medium
Potential loss of value in YieldBox's `depositETHAsset()`
medium
[HB09] `emergencyWithdraw` on all strategy contracts useless without a pause mechanism
Jun '23
May '23
medium
[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert
medium
RestakeToken function is not permissionless
medium
Lack of slippage protection can lead to significant loss of user funds
medium
Protocol fees can become trapped indefinitely inside Talos vault contracts
high
Missing deadline checks allow pending transactions to be maliciously executed
high
Incorrect initialization of `ethOracle`
high
Anyone can arbitrarily inflate the USSD `totalSupply` and cause DoS
medium
Chainlink's latestRoundData return stale or incorrect result
medium
Oracles will return the wrong price for asset if underlying aggregator hits minAnswer
Apr '23
Mar '23
Feb '23
Jan '23
Dec '22