8x
Payouts
1x
2nd Places
1x
3rd Places
4x
Top 10
All
Sherlock
Code4rena
CodeHawks
Aug '25
Jul '25
Mar '25
Feb '25
high
Lack of Access Control in `AgentNftV2::addValidator()` Enables Unauthorized Validator Injection and Causes Reward Accounting Inconsistencies
medium
Attacker can prevent user from executing application registered through `initFromToken()` in `AgentFactoryV4`.
medium
No slippage protection during adding liquidity to uniswap
medium
`amountOutMin` passed in as 0 in `AgentToken::_swapTax` leads to loss of funds due to slippage
high
ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price
high
Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
Reward manipulation vulnerability in StabilityPool
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Attackers can double voting power and veToken amount by locking and increasing
medium
Missing Boost Balance and other parameters Update in veRAACToken Functions. Incomplete Boost State Updates Result in Inaccurate Voting Power and Reward Distribution
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be
low
Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.
Jan '25
Sep '24
