2x
Payouts
1x
Top 10
2x
Top 25
2x
Top 50
All
Sherlock
Jul '25
Jun '25
high
An attacker can claim refunds on behalf of other users if their wallet addresses are not 20 bytes long
high
The `amount` input in the `withdrawToNativeChain` function can be more than `msg.value` if user tries to withdraw by native token
medium
Using ERC20 Transfer Function Without Checking for Success in the `GatewaySend` Contract