10x
Payouts
1x
1st Places
1x
2nd Places
3x
3rd Places
All
Sherlock
Cantina
Sep '25
high
`notifyUnsubscribe` claims reward incorrectly
high
Attacker can manipulate vote using `sbfBMX`
medium
Fee price is not correct in `Delihook`
medium
`_upsertIncentive` causes precision loss
medium
`DeliHook` doesn't calculate fee using exact swapped amount
medium
`RangePool.sync` doesn't accumulate token when `liquidity == 0`
high
Unvalidated pool address in `MakerFacet.newMaker` enables collateral drain via malicious V3-like pool
high
Borrow fee uses APY as per-second rate, causing extreme overcharging
high
Dirty sibling liquidity not reallocated after parent borrow causes unallocated positions and incorrect fee accounting
high
Compounding fees width mismatch under-allocates `xCFees`/`yCFees` in `up()`
high
Position fees from UniV3 decomposition are not returned to user in `NFTManager.decomposeAndMint`
medium
Fee curve utilization cast to uint64 wraps 100% utilization to zero, minimizing fees
medium
`NFTManager` limited to 16 NFTs due to per-owner asset cap in `AssetLib`
medium
JIT penalty unfairly applied on burn due to fee-collection timestamp reset
medium
UniV3Decomposer missing ERC165 supportsInterface breaks RFT pull in decompose
medium
ViewWalker.down writes X remainder into Y field, corrupting fee split
medium
`adjustMaker` ignores `recipient` on removal, sending withdrawn tokens to `msg.sender`
Aug '25
high
Finding not yet public.
high
Finding not yet public.
medium
Finding not yet public.
Jul '25
high
Finding not yet public.
high
Index Calculation Bug in `_handleReport` Function Causes Incorrect Share Allocation
high
Protocol Fee Multiple Accrual in Oracle.submitReports
high
Incorrect performance fee calculation in `FeeManager`
high
`Consensus.checkSignatures` fails to check for duplicate signers
medium
Wrong Index Usage in cancelDepositRequest Function Causes Fenwick Tree Corruption
medium
Protocol Fee Exponential Compounding in ShareModule.handleReport
medium
ShareManager Transfer Whitelist Logic Bug