Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Code4rena
Cantina
Immunefi
Jul '25
high
In `Dinero` withdraw request manager, uint16 `s_batchNonce` can overflow
high
Dinero `_finalizeWithdrawImpl` incorrectly includes final `batchId`
medium
Malicious users can prevent initialization of Morpho Market
medium
Lack of USDT support when migrating positions
medium
Migrating positions from router A -> B can fail
medium
In `Ethena` withdraw request manager, tokens claimed can be 0 when cool down duration is set to 0
Jun '25
high
Any user can `claimRefund` for another user's reverted transaction in `GatewayTransferNative`
high
Users can exploit `GatewayTransferNative` during `withdrawToNativeChain` calls to drain funds or cause the protocol to incur losses in fees through direct transfers, as there are insufficient checks to ensure that the provided ZRC20 token address corresponds with the token address used for swapping the output token before initiating the withdrawal process to the destination chain.
high
Users can exploit `GatewayTransferNative` during `withdrawToNativeChain` calls due to inadequate checks ensuring that the `decoded.targetZRC20` matches the `params.toToken` received after swapping to drain funds
high
User can bypass fees for native zeta withdrawals to destination chain
high
User can siphon funds from `GatewayTransferNative` via USDC/USDT transfers from BNB -> `GatewayTransferNative` -> Destination chain due to flawed precision handling and checks
medium
User can specify arbitary `externalId` via `GatewayTransferNative` to overwrite existing refunds of other users
medium
`GatewaySend` contract lacks support for USDT tokens, resulting in broken core functionality and wasted gas fees.
medium
Aborted native token `depositAndCall` that aborts via `onAbort` calls are not handled properly on `GatewayTransferNative` as they are considered no-asset calls (asset address is zero)
May '25
high
Apr '25
Findings not publicly available for private contests.
Mar '25
high
Feb '25
Jan '25
high
`Pool.transferReserveToAuction` does not correctly reduce `currentPeriod` to transfer `reserveTokens` to Auction
medium
Precision difference in `getRedeemAmount` results in inaccurate marketRate and redeemRate compairison
medium
Precision loss in `getCreateAmount` and `getRedeemAmount` functions
medium
Inconsistency in `sharesPerToken` values recorded
medium
Excess bids cannot be removed in `Auction.removeExcessBids` if address is USDC blacklisted
medium
Unspent deposit amount is stuck in `BalancerRouter` and not returned to depositor
Dec '24
Nov '24
Oct '24