4x
Payouts
1x
2nd Places
1x
3rd Places
3x
Top 10
All
Sherlock
Oct '24
Findings not publicly available for private contests.
Mar '24
Findings not publicly available for private contests.
Oct '22
high
Bidder will lose all their funds if they place a bid and owner later cancels auction
high
Bidder can cheat auction by placing bid much higher than reserve price when there are still open liens against a token
high
Collateral will still have unpaid liens after cancelAuction if initiatorFee != 0
high
WithdrawProxy.sol exchange rate can be abused to steal all funds from withdrawing LPs
high
Attacker can permanently break PublicVault.sol#processEpoch by calling deposit on withdrawProxy.sol
high
LiquidationAccountant.sol#claim is an unprotected function and can lead to a stale withdrawRatio used to distribute funds
high
_deleteLienPosition can be called by anyone to delete any lien they wish
medium
createBid will revert for all calls if extended duration is greater than max duration
medium
PublicVault.sol doesn't override ERC4626Cloned.sol#mint allowing users to bypass router control of depositing
medium
_makePayment is logically inconsistent with how lien stack is managed causing payments to multiple liens to fail
