Payouts
2nd Places
3rd Places
Top 10
All
Sherlock
Code4rena
Jun '23
May '23
high
Access control vulnerabilities on USSD.mintRebalancer() and USSD.burnRebalancer()
high
Lack of safeguards in USSD.UniV3SwapInput()
medium
Chainlink price feed is not sufficiently validated and can return stale price
medium
StableOracleWBTC's Dependency on BTC/USD Chainlink Oracle: Risk of Mispricing WBTC in Event of Depegging
medium
Risk of Incorrect Asset Pricing by StableOracle in Case of Underlying Aggregator Reaching minAnswer
Apr '23
medium
Incorrect fee handling in Position.sol's Market Buy/Sell functions
medium
Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`
medium
Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations
Mar '23
Feb '23
Jan '23
Dec '22
high
node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle
high
ProtocolDAO lacks a method to take out GGP
medium
MultisigManager may not be able to add a valid Multisig
medium
State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool
medium
Bypass `whenNotPaused` modifier
Nov '22
Oct '22
Sep '22
Aug '22