Payouts
1st Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
Immunefi
Jan '25
high
high
high
high
high
medium
medium
Dec '24
high
high
high
high
medium
Aug '24
high
Malicious actors can manipulate the `cross_chain_callback` callback
high
There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function
high
settlement.cairo doesn't process callback correctly leading to CrossChainMsgStatus marked as SUCCESS even if it failed on destination chain
high
SettlementSignatureVerifier is missing check for duplicate validator signatures
high
In Starknet already processed messages can be re-submitted and by anyone
high
Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission
medium
inconsistency in sender address when creating cross chain messages on Starknet can lead to loss of funds
Jul '24
May '24
medium
medium
Apr '24
high
Mar '24
high
high
medium
medium
Feb '24
Jan '24
high
medium
high
User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated
medium
formPOL lacks slippage and deadline protection
medium
Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`
medium
If there is only one USDS borrower, he can never be liquidated
Oct '23