https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/792c6753-3954-4f6c-9f4b-d7a540659b09.png

X77

Security Researcher

Contact Me

High

4

Total

Medium

1

Solo

19

Total

$12.44K

Total Earnings

#474 All Time

1x

Payouts

silver

1x

2nd Places

regular

1x

Top 10

regular

1x

Top 25

All

Sherlock

Jan '25

Peapods

Peapods

12,444.98 USDC • 23 total findings • Sherlock • X77

silver

high

User will have tokens stuck closing a leverage position due to an unconsidered case

high

Vault inflation attack in `AutoCompoundingPodLp` is possible due to incorrectly minting dead shares

high

Handling tokens in the contract upon adding liquidity results in breaking the optimal one-sided supply amounts

high

`PodUnwrapLocker` can be drained due to an arbitrary input

medium

Users can prevent reward accrual in order to capture rewards distributed before they have joined

medium

`_calculateBasePerPTkn` includes debond fee twice, lowering the price too much

medium

Removing leverage will often revert due to calling an incorrect function

medium

Adding leverage using a podded token will lead to a revert

medium

Leverage position can be impossible to close due to a non-initialized struct field

medium

`_tokenToPodLp` will lower the yield of `AutoCompoundingPodLp` during volatile markets

medium

Bad data would DOS the whole `AutoCompoundingPodLp`

medium

`addInterest` will not update the interest acurately which would enable users to claim rewards for time that they weren't staked inside `LendingAssetVault`

medium

Incomplete logic will allow malicious users to perpetually override the amount to swap to the minimum

medium

`LendingAssetVault::_updateAssetMetadataFromVault()` results in incorrect calculations

medium

Protocol assumes the same deployment on all chains on multiple occasions

medium

MEV bots will steal from users due to an incorrectly manipulated value

medium

Incorrect `min/maxPrice` checks

medium

Incorrect total assets available calculation leads to incorrect utilisation

medium

Removing leverage will often fail when the received pair LP token is insufficient

medium

Pausing rewards will lead to tokens being bricked and users not being able to claim them

medium

A vault can be considered not over-utilized when it is and vice versa upon depositing

medium

Liquidations will revert incorrectly due to an out-of-sync leftover collateral value

medium

Tokens will be stuck in `AutoCompoundingPodLp` if the intermediary swap token is not a reward token