Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Jun '23
high
`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa
medium
Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.
medium
Incorrect function call in LybraRETHVault's getAssetPrice
medium
Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called
medium
The EUSDMiningIncentives contract is incorrectly implemented and can allow for more than the intended amount of rewards to be minted
May '23
high
Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards
medium
The voting thresholds in Ajna's Extraordinary Funding Mechanism can be manipulated to execute proposals below the expected threshold.
medium
Potential unfair distribution of Rewards due to MEV in updateBucketExchangeRatesAndClaim
medium
It is possible to steal the unallocated part of every delegation period budget
Apr '23
high
Reward accounting is incorrect in BathBuddy contract
medium
BathBuddy contract should implement methods to pause and unpause contract
medium
Incorrect fee handling in Position.sol's Market Buy/Sell functions
medium
Zero reward rate calculation impedes low-decimals token distributions
medium
Potential infinite loop in `_borrowLimit` function
medium
The return value of buyAllAmount is incorrect
medium
Incorrect reward duration extension in notifyRewardAmount function
Mar '23
high
An attacker can manipulate the preDepositvePrice to steal from other users.
high
Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )
high
Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed
medium
DoS due to external call failure
Feb '23
Jan '23