High
Total
Medium
Total
Total Earnings
#917 All Time
Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
CodeHawks
Jan '25
Dec '24
Nov '24
Jul '24
Jun '24
Apr '24
high
Inability to perform partial liquidations allows huge positions to accrue bad debt in the system
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
Kerosene collateral is not being moved on liquidation, exposing liquidators to loss
high
Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply
high
Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)
medium
No incentive to liquidate small positions could result in protocol going underwater
Mar '24
Dec '23
Nov '23
Oct '23
Sep '23
Aug '23
medium
Malicious/Compromised organiser can reclaw all funds, stealing work from supporters
low
If a winner is blacklisted on any of the tokens they can't receive their funds
low
Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function
low
Centralization Risk for trusted organizers
low
DAI Tokens at Risk Due to Lack of address(0) Check in distribute
Jul '23
low
Zero address leads to transaction reverts
low
Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`
low
Missing Events Emitting
gas
User can steal reward tokens if the Staking contract uses tokens with different decimals
gas
[L-07] interface Staking.FeeDistribution is not used
gas
Sender in `transferFrom` in `Lender.setPool` different from msg.sender
gas
New lender is charged with paying protocolInterest
65.55 USDC • 4 total findings • CodeHawks • maroutis
#31
3.12 USDC • 1 total finding • CodeHawks • maroutis
#93