Payouts
3rd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
Findings not publicly available for private contests.
Apr '25
Findings not publicly available for private contests.
Mar '25
Feb '25
high
Multiple Delegation by Double Spending Boosts and Lack of Delegation Tracking in BoostController Contract
high
RAACNFT mint function receives funds to address(this) but has no way of withdrawing them
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses
high
Stability pool does not consider RToken balance increase when DEToken is withdrawn
medium
[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw
medium
Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry
medium
Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations
medium
Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator
medium
Inconsistent Scaling in RToken Transfer Functions
medium
Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
Jan '25
Oct '24
Sep '24
high
Aug '24
Jul '24
high
Incorrect logic for checking isFillPriceValid
high
`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected
medium
A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)
low
payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall
low
UpgradeBranch.sol does not use _disableInitializers()
May '24
Apr '24
Feb '24
Jan '24