1x
Payouts
1x
Top 25
1x
Top 50
All
Sherlock
Jun '25
high
Attacker can directly steal all tokens held by GatewayCrossChain via onCall.
medium
Attacker can maliciously send revert messages to the DODO gateway to crowd out legitimate reverts.
medium
Uniswap v2 pair check is not sufficient
medium
onRevert will send BTC to wrong address.
medium
`GatewaySend.onRevert` cannot handle ETH transfer
medium
Cross-chain swaps do not allow specifying slippage