Payouts
Top 25
Top 50
All
Sherlock
Code4rena
Aug '24
high
There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function
high
Anyone can manipulate user nonce (nonce_manager) in settlement contract
high
SettlementSignatureVerifier is missing check for duplicate validator signatures
medium
Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement
Apr '24
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
User can get their Kerosene stuck because of an invalid check on withdraw
high
Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults
medium
No incentive to liquidate small positions could result in protocol going underwater
Mar '24
Feb '24