Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

cccz

Security Researcher

Contact Me

High

144

Total

Medium

3

Solo

265

Total

$403.28K

Total Earnings

#19 All Time

172x

Payouts

gold

6x

1st Places

silver

8x

2nd Places

bronze

11x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Feb '25

beraborrow-blockend

beraborrow-blockend

7,672.14 USDC • 4 total findings • Cantina • thereksfour

bronze

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '24

IVX

IVX

Collaborative Audit • Sherlock • cccz

May '24

Euler-v2

Euler-v2

1,000 USDC • Cantina • thereksfour

#31

Mar '24

Smart-contracts

Smart-contracts

28,057.74 USDC • 19 total findings • Cantina • thereksfour

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '24

Tapioca

Tapioca

825.69 USDC • 1 total finding • Sherlock • cccz

#11

high

For some cross-chain calls, the _toeComposeReceiver of BaseTOFTReceiver and USDOReceiver should check _srcChainSender == data.user

Jan '24

Curves

Curves

4.17 USDC • 7 total findings • Code4rena • cccz

#108

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

medium

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

reNFT

reNFT

25.02 USDC • Code4rena • cccz

#54

incentive-contracts

incentive-contracts

3,540.36 USDC • 3 total findings • Cantina • thereksfour

#8

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '23

Revolution Protocol

Revolution Protocol

931.12 USDC • 2 total findings • Code4rena • cccz

#8

medium

positionMapping for last element in heap is not updated when extracting max element

medium

The quorumVotes can be bypassed

Ethereum Credit Guild

Ethereum Credit Guild

77.78 USDC • 3 total findings • Code4rena • cccz

#68

high

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

medium

Incorrect calculations in debtCeiling

medium

Malicious borrower can decrease Guild holders reward

Nov '23

core-and-erc1155a

core-and-erc1155a

852.1 USDC • 1 total finding • Cantina • thereksfour

#15

medium

Finding not yet public.

IVX

IVX

Collaborative Audit • Sherlock • cccz

Oct '23

Party Protocol

Party Protocol

716.76 USDC • 1 total finding • Code4rena • cccz

#12

medium

PartyGovernance.sol#accept - passThresholdBps isn't cached for each proposal which can lead to problems, if changed through another proposal

NextGen

NextGen

0 USDC • 1 total finding • Code4rena • cccz

#115

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Ethena Labs

Ethena Labs

4.52 USDC • Code4rena • cccz

#40

zkSync Era

zkSync Era

273.57 USDC • Code4rena • cccz

#35

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

3.86 USDC • Code4rena • cccz

#58

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

1,864.68 USDC • 2 total findings • CodeHawks • cccz

#8

medium

High - Funds can be lost if any participant is blacklisted

medium

Fixed `i_arbiterFee` can prevent payment

Nouns DAO

Nouns DAO

31,683.74 USDC • 2 total findings • Code4rena • cccz

gold

medium

NounsDAOV3Proposals.cancel() should allow to cancel the proposal of the Expired state

medium

If DAO updates forkEscrow before forkThreshold is reached, the user's escrowed Nouns will be lost

Jun '23

Lybra Finance

Lybra Finance

1,559.5 USDC • 4 total findings • Code4rena • cccz

#10

high

`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa

medium

Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.

medium

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

medium

LybraPeUSDVaultBase.rigidRedemption should use getBorrowedOf instead of borrowed

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

3,858.84 USDC • Code4rena • cccz

#13

Apr '23

JOJO Exchange

JOJO Exchange

2,446.59 USDC • 2 total findings • Sherlock • cccz

#6

medium

In over liquidation, if the liquidatee has USDC-denominated assets for sale, the liquidator can buy the assets with USDC to avoid paying USDC to the liquidatee

medium

FlashLoanLiquidate.JOJOFlashLoan has no slippage control when swapping USDC

Teller

Teller

1,492.72 USDC • 7 total findings • Sherlock • cccz

#4

high

Anyone can call commitCollateral to submit collateral on behalf of the borrower

high

The borrower can call commitCollateral to front run the lender and use very little collateral to get the loan

high

When the lendingToken is USDC, the lender can join the USDC blacklist to prevent the borrower from repaying and thus liquidate the borrower's collateral

medium

setLenderManager may cause some Lenders to lose their assets

medium

Does not support fee-on-transfer tokens as collateral

medium

When there are too many collateral items, unbounded loops in deployAndDeposit and _withdraw can cause gas to be running out and the transaction to fail

medium

lender can front run the liquidator to make the liquidator lose the collateral

Frankencoin

Frankencoin

4,388.24 USDC • 7 total findings • Code4rena • cccz

bronze

high

CHALLENGER_REWARD can be used to drain reserves and free mint

high

When the challenge is successful, the user can send tokens to the position to avoid the position's cooldown period being extended

high

Challenges can be frontrun with de-leveraging to cause lossses for challengers

medium

Later challengers can bid on the previous challenge to extend the expiration time of the previous challenge, so that their own challenge can succeed before the previous challenge and get challenge rewards

medium

No slippage control when minting and redeeming FPS

medium

need alternative ways for fund transfer in `end()` to prevent DoS

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Rubicon v2

Rubicon v2

10,531.29 USDC • 14 total findings • Code4rena • cccz

gold

high

Some positions will get liquidated immediately

high

Reward accounting is incorrect in BathBuddy contract

high

Due to the loss of precision, openPosition will make the user's leverage higher than expected

high

The last borrowed asset will not be collateralized and the user may be liquidated due to insufficient collateral

high

When opening a position, the collateral of the previous position is used for borrowing, which makes the user more easily liquidated

high

RubiconMarket checks slippage incorrectly

medium

BathBuddy contract should implement methods to pause and unpause contract

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Incorrect fee handling in Position.sol's Market Buy/Sell functions

medium

The curve of short leverage position is not smooth and may cause users to open positions that are different from expectations

medium

Zero reward rate calculation impedes low-decimals token distributions

medium

The return value of buyAllAmount is incorrect

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Mar '23

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

3,269.95 USDC • 1 total finding • Code4rena • cccz

bronze

medium

If the underlying NFT is burned, getPFP may returns incorrect results

Y2K

Y2K

1,747.77 USDC • 4 total findings • Sherlock • cccz

#9

high

Carousel.mintRollovers will mint less shares to users, resulting in the loss of users' assets

high

enlistInRollover will set the ownerToRollOverQueueIndex incorrectly

medium

mintRollovers should require entitledShares >= relayerFee

medium

When finalTVL == 0, the emissionsToken in the vault will be locked

Neo Tokyo contest

Neo Tokyo contest

154.74 USDC • 1 total finding • Code4rena • cccz

#18

high

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Feb '23

Surge

Surge

161.13 USDC • 2 total findings • Sherlock • cccz

#11

high

A malicious early user/attacker can manipulate pricePerShare to take an unfair share of future users' deposits

medium

getCurrentState: When converting fee to fee_share, the latest loan_supplied should be used

Hats

Hats

257.96 USDC • 3 total findings • Sherlock • cccz

#13

high

reconcileSignerCount calls safe.changeThreshold with incorrect parameters

medium

The Hats contract needs to override the ERC1155.balanceOfBatch function

medium

reconcileSignerCount may not update safe's threshold when safe's threshold > traget

OlympusDAO

OlympusDAO

2,574.84 USDC • 6 total findings • Sherlock • cccz

bronze

high

The cachedUserRewards in _withdrawUpdateRewardState are calculated incorrectly.

medium

claimFees may cause some external rewards to be locked in the contract

medium

SingleSidedLiquidityVault.withdraw will decreases ohmMinted, which will make the calculation involving ohmMinted incorrect

medium

The contract does not decrease cachedUserRewards but directly increases userRewardDebts when the user claims the reward, which will result in an overflow in internalRewardsForToken/externalRewardsForToken when the user claims the reward next time.

medium

When addInternalRewardToken/addExternalRewardToken re-add previously removed reward tokens, it will prevent users from claiming rewards

medium

In addInternalRewardToken, when startTimestamp_ > block.timestamp, _accumulateInternalRewards will revert due to overflow

OpenQ

OpenQ

1,241.20 USDC • 4 total findings • Sherlock • cccz

#12

high

Anyone can deposit tokens outside of the whitelist into the bounty, which may result in the winner not be able to claim the prize

high

claimNft() does not check refunded[_depositId], which will result in the winner not claiming the prize

high

refundDeposit can be called after the bounty is closed, which prevents the winner of the TieredPercentageBounty from claiming the prize

high

Incompatible with revert-on-zero-value-transfers tokens

Jan '23

Popcorn contest

Popcorn contest

1,163.03 USDC • 6 total findings • Code4rena • cccz

#20

high

Staking rewards can be drained

high

Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking

medium

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

medium

syncFeeCheckpoint() does not modify the highWaterMark correctly, sometimes it might even decrease its value, resulting charging more performance fees than it should

medium

AdapterBase should always use delegatecall to call the functions in the strategy

medium

`Vault.redeem` function does not use `syncFeeCheckpoint` modifier

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

48.11 USDC • 4 total findings • Code4rena • cccz

#46

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

medium

Possible scenario for Signature Replay Attack

medium

Users may not claim Erc1155 rewards when the Quest has ended

medium

User may loose rewards if the receipt is minted after quest end time

Cooler

Cooler

411.43 USDC • 3 total findings • Sherlock • cccz

#6

high

Cooler: the lender can liquidate the borrower by refusing to be repaid.

high

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

medium

When the interest is 0, roll() may fail

Ondo Finance contest

Ondo Finance contest

2,517.13 USDC • 1 total finding • Code4rena • cccz

#8

high

Loss of user funds when completing CASH redemptions

Illuminate Round 2

Illuminate Round 2

823.33 USDC • 1 total finding • Sherlock • cccz

silver

medium

ERC5095 has not approved MarketPlace to spend tokens in ERC5095

Astaria contest

Astaria contest

4,450.66 USDC • 6 total findings • Code4rena • cccz

#5

high

When Public Vault A buys out Public Vault B's lien tokens, it does not increase Public Vault A's liensOpenForEpoch, which would result in the lien tokens not being repaid

high

A malicious private vault can preempt the creation of a public vault by transferring lien tokens to the public vault, thereby preventing the borrower from repaying all loans

high

Buying out corrupts the slope of a vault, reducing rewards of LPs

medium

ERC4626RouterBase.withdraw can only be called once

medium

When a private vault offers a loan in ERC777 tokens, the private vault can refuse to receive repayment in the safeTransferFrom callback to force liquidation of the borrower's collateral

medium

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

528.53 USDC • 1 total finding • Code4rena • cccz

#24

high

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

UXD Protocol

UXD Protocol

735.41 USDC • 3 total findings • Sherlock • cccz

#11

high

TwapInterval in getPositionValue is too small

medium

PerpDepository: totalFeesPaid calculated incorrectly

medium

No approve spotSwapper in _rebalanceNegativePnlWithSwap

Dec '22

GoGoPool contest

GoGoPool contest

790.62 USDC • 6 total findings • Code4rena • cccz

#28

medium

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

medium

NodeOp can get rewards even if there was an error in registering the node as a validator

medium

slashing fails when node operator doesn't have enough staked `GGP`

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

Bypass `whenNotPaused` modifier

medium

Coding logic of the contract upgrading renders upgrading contracts impractical

Forgeries contest

Forgeries contest

45.71 USDC • Code4rena • cccz

#21

Caviar contest

Caviar contest

798.23 USDC • 3 total findings • Code4rena • cccz

#12

high

Reentrancy in buy function for ERC777 tokens allows buying funds with considerable discount

high

Liquidity providers may lose funds when adding liquidity

high

First depositor can break minting of shares

Rain

Rain

716.94 USDC • Sherlock • cccz

#4

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

618.8 USDC • 5 total findings • Code4rena • cccz

#23

high

Lock.sol: assets deposited with Lock.extendLock function are lost

medium

Must approve 0 first

medium

GovNFT: maxBridge has no effect

medium

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

medium

Governance NFT holder, whose NFT was minted before `Trading._handleOpenFees` function is called, can lose deserved rewards after `Trading._handleOpenFees` function is called

prePO contest

prePO contest

794.07 USDC • 3 total findings • Code4rena • cccz

#11

high

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

medium

`PrePOMarket.setFinalLongPayout()` shouldn't be called twice.

medium

Manager can get around min reserves check, draining all funds from Collateral.sol

Escher contest

Escher contest

349.29 USDC • 3 total findings • Code4rena • cccz

#17

medium

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

medium

Escher721 contract does not have setTokenRoyalty function

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

PoolTogether contest

PoolTogether contest

1,702.5 USDC • 1 total finding • Code4rena • cccz

#5

medium

When a smart contract calls CrossChainRelayerArbitrum.processCalls, excess submission fees may be lost

Maverick contest

Maverick contest

59.84 USDC • Code4rena • cccz

#13

NounsDAO

NounsDAO

464.15 USDC • 2 total findings • Sherlock • cccz

#4

medium

When the tokens sent by the payer to the stream are greater than tokenAmount, the excess tokens can only be withdrawn by calling cancel()

medium

If the recipient is added to the USDC blacklist, then cancel() does not work

Nov '22

ParaSpace contest

ParaSpace contest

3,241.84 USDC • 3 total findings • Code4rena • cccz

#10

high

Anyone can steal CryptoPunk during the deposit flow to WPunkGateway

high

Interest rates are incorrect on Liquidation

medium

NTokenMoonBirds Reserve Pool Cannot Receive Airdrops

Canto contest

Canto contest

59.89 CANTO • 8 total findings • Code4rena • cccz

#11

high

In `ERC20`, `TotalSupply` is broken

high

Stealing Wrapped Manifest in WETH.sol

high

Anyone can create Proposal Unigov Proposal-Store.sol

high

It's not possible to execute governance proposals through the GovernorBravoDelegate contract

high

Comptroller uses the wrong address for the WETH contract

high

Accountant can't be initialized

high

AccountantDelegate: sweepInterest function will destroy the cnote in the contract.

medium

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Opyn Crab Netting

Opyn Crab Netting

685.68 USDC • 2 total findings • Sherlock • cccz

#7

high

Anyone can call checkOrder to front-run depositAuction/withdrawAuction

high

USDC banned addresses can DOS netAtPrice/withdrawAuction function

Isomorph

Isomorph

1,358.34 USDC • 2 total findings • Sherlock • cccz

#8

high

Vault_Synths.openLoan: totalUSDborrowed calculated incorrectly

medium

priceLiquidity() may not work if PriceFeed.aggregator() is updated

Redacted Cartel contest

Redacted Cartel contest

368.68 USDC • 7 total findings • Code4rena • cccz

#24

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier

medium

SafeERC20.sol is imported but not used in the transferBribes() function

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

medium

Deposit Feature Of The Vault Will Break If Update To A New Platform

medium

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

Telcoin

Telcoin

536.51 USDC • 1 total finding • Sherlock • cccz

#5

medium

Users can front-run StakingModule.slash

Buffer Finance

Buffer Finance

71.36 USDC • 2 total findings • Sherlock • cccz

#9

medium

Use oz's safeERC20 library to transfer tokens.

medium

Not compatible with fee-on-transfer tokens

Bull v Bear

Bull v Bear

72.30 USDC • 2 total findings • Sherlock • cccz

#14

medium

withdrawToken may not work

medium

Not compatible with fee-on-transfer tokens

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

5,122.24 USDC • 7 total findings • Code4rena • cccz

bronze

high

function withdrawETH from GiantMevAndFeesPool can steal most of eth because of idleETH is reduced before burning token

high

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

high

Sender transferring GiantMevAndFeesPool tokens can afterward experience pool DOS and orphaning of future rewards

high

Reentrancy vulnerability in GiantMevAndFeesPool.withdrawETH

high

Old stakers can steal deposits of new stakers in `StakingFundsVault`

medium

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

medium

When users transfer GaintLP, some rewards may be lost.

Blur Exchange contest

Blur Exchange contest

3,805.59 USDC • 2 total findings • Code4rena • cccz

silver

medium

Protocol can be easily rug-pulled by the owner

medium

All orders which use expirationTime == 0 to support oracle cancellation are not executable.

FrankenDAO

FrankenDAO

1,574.14 USDC • 2 total findings • Sherlock • cccz

#5

high

Incorrect logic when Staking.unstake is called by the approved user

medium

Governance.queue should increase proposalsPassed instead of proposalsCreated

LooksRare Aggregator contest

LooksRare Aggregator contest

10,871.41 USDC • 1 total finding • Code4rena • cccz

gold

medium

Too much fee charged when Seaport is partially filled

SIZE contest

SIZE contest

221.94 USDC • 2 total findings • Code4rena • cccz

#15

medium

Denial of service when `baseAmount` is equal to zero

medium

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Debt DAO contest

Debt DAO contest

252 USDC • 4 total findings • Code4rena • cccz

#33

medium

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oct '22

Rage Trade

Rage Trade

2,679.08 USDC • 2 total findings • Sherlock • cccz

bronze

high

WithdrawPeriphery: withdrawToken/redeemToken allows users to withdraw other users' approved shares

medium

Attacker can manipulate the pricePerShare to profit from future users' deposits

zkSync v2 contest

zkSync v2 contest

250.77 USDC • Code4rena • cccz

#8

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

5,659.22 USDC • 3 total findings • Code4rena • cccz

silver

medium

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

medium

Due to loss of precision, targetVotes may not reach

medium

Owner can transfer all ERC20 reward token out using function recoverERC20

Inverse Finance contest

Inverse Finance contest

343.35 USDC • 2 total findings • Code4rena • cccz

#27

medium

User can free from liquidation fee if its escrow balance is less than the calculated liquidation fee.

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Illuminate

Illuminate

1,787.49 USDC • 4 total findings • Sherlock • cccz

#7

high

premium will not be refunded in lend() for Swivel

high

The unpaused modifier should be added to authRedeem and autoRedeem

high

Users can provide Illuminate principal tokens to mint Illuminate principal tokens, which will reduce the number of underlying tokens redeemed by all users

medium

Incorrect slippage control in ERC5095.mint

Astaria

Astaria

65.78 USDC • 1 total finding • Sherlock • cccz

#27

high

protocolFee/buyoutFee cannot be set

NFTPort

NFTPort

1,401.74 USDC • 2 total findings • Sherlock • cccz

#6

medium

The supply of NFT for each tokenID in ERC1155NFTProduct cannot be modified after the first minting

medium

NFTCollection: No limit on royaltiesBps

Holograph contest

Holograph contest

62.52 USDC • 2 total findings • Code4rena • cccz

#34

medium

Bond tokens (HLG) can get permanently stuck in operator

medium

`_payoutToken[s]()` is not compatible with tokens with missing return value

3xcalibur contest

3xcalibur contest

214.97 USDC • Code4rena • cccz

#21

Juicebox contest

Juicebox contest

1,811.08 USDC • 3 total findings • Code4rena • cccz

#8

high

Outstanding reserved tokens are incorrectly counted in total redemption weight

high

Making a payment to the protocol with `_dontMint` parameter will result in lost fund for user.

medium

NFT not minted when contributed via a supported payment terminal

Union Finance

Union Finance

2,802.31 USDC • 2 total findings • Sherlock • cccz

bronze

high

Borrowers can borrow to update vouch.lastUpdated before the loan is overdue, thus avoiding the staked tokens from being frozen

medium

AssetManager.withdraw may not withdraw the correct amount of tokens

Trader Joe v2 contest

Trader Joe v2 contest

6,049.06 USDC • 3 total findings • Code4rena • cccz

#6

high

Transfering funds to yourself increases your balance

high

Incorrect output amount calculation for Trader Joe V1 pools

high

Wrong calculation in function `LBRouter._getAmountsIn` make user lose a lot of tokens when swap through JoePair (most of them will gifted to JoePair freely)

The Graph L2 bridge contest

The Graph L2 bridge contest

1,803.21 USDC • 1 total finding • Code4rena • cccz

#5

medium

Governor can rug pull the escrow

Blur Exchange contest

Blur Exchange contest

2,437.81 USDC • 2 total findings • Code4rena • cccz

#11

medium

Protocol can be easily rug-pulled by the owner

medium

All orders which use expirationTime == 0 to support oracle cancellation are not executable.

Mycelium

Mycelium

99.78 USDC • 1 total finding • Sherlock • cccz

#9

high

First depositor can break minting of shares

Sep '22

Knox Finance

Knox Finance

20.77 USDC • 1 total finding • Sherlock • cccz

#12

medium

Chainlink's latestRoundData might return stale or incorrect results

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

4,936.22 USDC • 1 total finding • Code4rena • cccz

bronze

high

Malicious users can provide liquidity on behalf of others to keep others in the liquidity cooldown

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

413.04 USDC • 2 total findings • Code4rena • cccz

#13

medium

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

medium

sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working

VTVL contest

VTVL contest

19.6 USDC • 1 total finding • Code4rena • cccz

#74

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

Art Gobblers contest

Art Gobblers contest

1,913.41 USDC • 1 total finding • Code4rena • cccz

#12

high

Can Recover Gobblers Burnt In Legendary Mint

Harpie

Harpie

68.99 USDC • 3 total findings • Sherlock • cccz

#16

medium

Not compatible with Rebasing/Deflationary/Inflationary tokens

medium

Using the transferFrom function of an ERC721 contract may freeze the user's NFT

medium

withdrawPayments() calls native payable.transfer, which can be unusable for smart contract calls

Y2k Finance contest

Y2k Finance contest

4,088.76 USDC • 6 total findings • Code4rena • cccz

#5

medium

User fund lost because they can't withdraw() their funds before epoch startTime and they have to stuck in positions that become unprofitable even when epoch is not started

medium

`timewindow` can be changed unexpectedly that blocks users from calling `deposit` function

medium

StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken

medium

StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards

medium

StakingRewards reward rate can be dragged out and diluted

medium

After the vault expires, users may still receive rewards through the StakingRewards contract

PartyDAO contest

PartyDAO contest

3,406.84 USDC • 3 total findings • Code4rena • cccz

#5

medium

AuctionCrowdfund: If the contract was bid on before the NFT was gifted to the contract, lastBid will not be totalContributions

medium

Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid

medium

Early contributor can always become majority of crowdfund leading to rugging risks.

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

18,933.67 USDC • 1 total finding • Code4rena • cccz

silver

medium

A malicious user can send tokens to the TribeRedeemer contract to make the redeem function work, and other users may lose assets as a result

Canto Dex Oracle contest

Canto Dex Oracle contest

210.46 CANTO • 1 total finding • Code4rena • cccz

#9

medium

Hackers can deploy token with respective name as the stable one to impersonate the stable token

Nouns Builder contest

Nouns Builder contest

802.02 USDC • 5 total findings • Code4rena • cccz

#26

high

Multiple vote checkpoints per block will lead to incorrect vote accounting

medium

A proposal can be cancelled by anyone if the proposal has exactly proposalThreshold votes

medium

Founders can receive less tokens that expected

medium

A proposal can pass with 0 votes in favor at early DAO stages

medium

Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low

Aug '22

Sentiment

Sentiment

670.34 USDC • 2 total findings • Sherlock • cccz

#14

high

LEther: beforeDeposit()/beforeWithdraw() should be called at the beginning of depositEth()/redeemEth()

medium

Chainlink's latestRoundData might return stale or incorrect results

Olympus DAO contest

Olympus DAO contest

1,415.91 USDC • 4 total findings • Code4rena • cccz

#17

medium

Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting

medium

OlympusGovernance: Users can prevent their votes from being revoked

medium

Heart will stop if all rewards are swept

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

1,718.74 USDC • 1 total finding • Code4rena • cccz

#5

high

ERC721Checkpointable: delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

FIAT DAO veFDT contest

FIAT DAO veFDT contest

389.99 USDC • 1 total finding • Code4rena • cccz

#17

medium

The current implementation of the VotingEscrow contract doesn't support fee on transfer tokens

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

2,520.45 USDC • 2 total findings • Code4rena • cccz

#7

high

`liquidate()` doesn't mark off bad debt, leading to a 'last lender to withdraw looses' scenario

medium

Wrong percent for `FraxlendPairCore.dirtyLiquidationFee`.

Foundation Drop contest

Foundation Drop contest

97.2 USDC • 2 total findings • Code4rena • cccz

#24

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

medium

Possible to bypass saleConfig.limitPerAccount

Mimo August 2022 contest

Mimo August 2022 contest

1,222.28 USDC • 2 total findings • Code4rena • cccz

#10

high

Registry.sol works bad - it fails to delivere expected functionality

medium

Malicious targets can manipulate MIMOProxy permissions

Rigor Protocol contest

Rigor Protocol contest

920.74 USDC • 3 total findings • Code4rena • cccz

#15

high

Builder can call `Community.escrow` again to reduce debt further using same signatures

medium

In Project.setComplete(), the signature can be reused when the first call is reverted for some reason.

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

56.32 USDC • Code4rena • cccz

#40

Golom contest

Golom contest

3,168.07 USDC • Code4rena • cccz

#5

Swivel v3 contest

Swivel v3 contest

1,049.88 USDC • 1 total finding • Code4rena • cccz

#12

medium

unpaused(p) modifier missing in authRedeem function

ENS contest

ENS contest

1,108.71 USDC • 3 total findings • Code4rena • cccz

#14

medium

transfer() depends on gas consts

medium

The `unwrapETH2LD` use `transferFrom` instead of `safeTransferFrom` to transfer ERC721 token

medium

Renew of 2nd level domain is not done properly

Fractional v2 contest

Fractional v2 contest

4,819.19 USDC • 6 total findings • Code4rena • cccz

bronze

high

Forced buyouts can be performed by malicious buyers

high

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

high

Malicious User Could Burn The Assets After A Successful Migration

medium

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

medium

Delegate call in `Vault#_execute` can alter Vault's ownership

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

Juicebox V2 contest

11,055.17 USDC • 6 total findings • Code4rena • cccz

silver

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

Grieffer beneficiary can cause DOS

medium

Use a safe transfer helper library for ERC20 transfers

medium

Code credits fee-on-transfer tokens for amount stated, not amount transferred

medium

changeTokenOf makes it impossible for holders of oldToken to redeem the overflowed assets.

medium

JBToken: mint function could mint arbitrary amount of tokens

Jun '22

Putty contest

Putty contest

827.89 USDC • 4 total findings • Code4rena • cccz

#21

medium

Order duration can be set to 0 by Malicious maker

medium

An attacker can create a short put option order on an NFT that does not support ERC721(like cryptopunk), and the user can fulfill the order, but cannot exercise the option

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

medium

Malicious Token Contracts May Lead To Locking Orders

Canto v2 contest

Canto v2 contest

1,190.06 USDC • 2 total findings • Code4rena • cccz

#9

high

AccountantDelegate: The sweepInterest function sweeps an incorrect number of cnote.

medium

Stableswap - Deadline do not work

Nibbl contest

Nibbl contest

1,312.51 USDC • 2 total findings • Code4rena • cccz

#8

medium

NibblVault: In the buy function, users can avoid paying fees

medium

Basket NFT have no name and symbol

Yieldy contest

Yieldy contest

2,790.65 USDC • 4 total findings • Code4rena • cccz

#5

high

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

medium

Staking: the rebase function needs to be called before calling the function in the Yieldy contract that uses the rebasingCreditsPerToken variable

medium

No way to set CURVE_POOL approval after setting new curve pool address

medium

Staking: rebase() does not rebase according to the status of the current epoch.

Illuminate contest

Illuminate contest

3,614.61 USDC • 13 total findings • Code4rena • cccz

bronze

high

Redeemer.redeem() for Element withdraws PT to wrong address.

high

Tempus lend method wrongly calculates amount of iPT tokens to mint

high

ERC5095 redeem/withdraw does not update allowances

high

Incorrect implementation of APWine and Tempus `redeem`

high

Unable to redeem from Notional

high

The lend function for tempus uses the wrong return value of depositAndFix

high

Illuminate PT redeeming allows for burning from other accounts

high

[H-05] Not minting iPTs for lenders in several lend functions

high

Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`

medium

Swivel lend method doesn't pull protocol fee from user

medium

Lend method signature for illuminate does not track the accumulated fee

medium

[M-01] Easily bypassing admins 'pause' for swivel

medium

`Lender.mint()` May Take The Illuminate PT As Input Which Will Transfer And Mint More Illuminate PT Cause an Infinite Supply

Nested Finance contest

Nested Finance contest

104.6 USDC • Code4rena • cccz

#14

Badger-Vested-Aura contest

Badger-Vested-Aura contest

286.3 USDC • 2 total findings • Code4rena • cccz

#11

medium

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

medium

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

418.6 USDC • 4 total findings • Code4rena • cccz

#24

high

Overpayment of native ETH is not refunded to buyer

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

medium

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

medium

ETH mistakenly sent over with ERC20 based takeOrders and takeMultipleOneOrders calls will be lost

Canto contest

Canto contest

11,649.33 USDC • 8 total findings • Code4rena • cccz

silver

high

In `ERC20`, `TotalSupply` is broken

high

Stealing Wrapped Manifest in WETH.sol

high

Anyone can create Proposal Unigov Proposal-Store.sol

high

It's not possible to execute governance proposals through the GovernorBravoDelegate contract

high

Comptroller uses the wrong address for the WETH contract

high

Accountant can't be initialized

high

AccountantDelegate: sweepInterest function will destroy the cnote in the contract.

medium

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Connext Amarok contest

Connext Amarok contest

699.64 USDC • Code4rena • cccz

#19

Notional x Index Coop

Notional x Index Coop

89.19 USDC • Code4rena • cccz

#38

May '22

Backd Tokenomics contest

Backd Tokenomics contest

224.21 USDC • Code4rena • cccz

#22

veToken Finance contest

veToken Finance contest

199.53 USDT • 1 total finding • Code4rena • cccz

#37

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Velodrome Finance contest

Velodrome Finance contest

2,118.51 USDC • 2 total findings • Code4rena • cccz

#12

medium

Malicious user can populate `rewards` array with tokens of their interest reaching limits of `MAX_REWARD_TOKENS`

medium

VeloGovernor: proposalNumerator and team are updated by team, not governance

Rubicon contest

Rubicon contest

3,469.41 USDC • 7 total findings • Code4rena • cccz

silver

high

RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone

high

RubiconRouter: Offers created through offerForETH cannot be cancelled

high

First depositor can break minting of shares

medium

RubiconRouter: Excess ether did not return to the user

medium

No cap on fees can result in a DOS in BathToken.withdraw()

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

medium

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

OpenSea Seaport contest

OpenSea Seaport contest

2,429.38 USDC • Code4rena • cccz

#21

Sturdy contest

Sturdy contest

298.4 USDC • 2 total findings • Code4rena • cccz

#17

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

medium

Possible lost msg.value

Aura Finance contest

Aura Finance contest

18,051.25 USDC • 4 total findings • Code4rena • cccz

silver

medium

Duplicate LP token could lead to incorrect reward distribution

medium

ConvexMasterChef: When using add() and set(), it should always call massUpdatePools() to update all pools

medium

ConvexMasterChef: When _lpToken is cvx, reward calculation is incorrect

medium

ConvexMasterChef: safeRewardTransfer can cause loss of funds

Cally contest

Cally contest

116.64 USDC • 3 total findings • Code4rena • cccz

#31

medium

Use safeTransferFrom instead of transferFrom for ERC721 transfers

medium

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

medium

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Enso Finance contest

Enso Finance contest

1,415.64 USDT • Code4rena • cccz

#20

Alchemix contest

Alchemix contest

6,632.09 DAI • 1 total finding • Code4rena • cccz

#5

medium

AutoleverageBase: Must approve 0 first

FactoryDAO contest

FactoryDAO contest

67.11 DAI • 2 total findings • Code4rena • cccz

#54

high

SpeedBumpPriceGate: Excess ether did not return to the user

medium

amount requires to be updated to contract balance increase (1)

Cudos contest

Cudos contest

1,236.59 USDC • 2 total findings • Code4rena • cccz

#14

medium

Missing check in the updateValset function

medium

Protocol doesn't handle fee on transfer tokens

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

78.87 USDC • 1 total finding • Code4rena • cccz

#43

medium

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

bunker.finance contest

bunker.finance contest

298.58 USDC • 1 total finding • Code4rena • cccz

#13

medium

Chainlink pricer is using a deprecated API

Apr '22

PoolTogether Aave v3 contest

PoolTogether Aave v3 contest

309.16 USDC • 1 total finding • Code4rena • cccz

#14

medium

_depositAmount requires to be updated to contract balance increase

Mimo DeFi contest

Mimo DeFi contest

336.92 USDC • 1 total finding • Code4rena • cccz

#17

medium

SuperVault's leverageSwap and emptyVaultOperation can become stuck

AbraNFT contest

AbraNFT contest

1,265.22 MIM • 2 total findings • Code4rena • cccz

#11

high

The return value `success` of the get function of the INFTOracle interface is not checked

high

Critical Oracle Manipulation Risk by Lender

Backd contest

Backd contest

128.95 USDC • 2 total findings • Code4rena • cccz

#38

medium

Chainlink's latestRoundData might return stale or incorrect results

medium

`call()` should be used instead of `transfer()` on an `address payable`

xTRIBE contest

xTRIBE contest

4,218.75 USDC • 1 total finding • Code4rena • cccz

#7

medium

ERC20Gauges: The _incrementGaugeWeight function does not check the gauge parameter enough, so the user may lose rewards.

Phuture Finance contest

Phuture Finance contest

906.87 USDC • 2 total findings • Code4rena • cccz

#8

high

IndexLogic: An attacker can mint tokens for himself using assets deposited by other users

medium

Chainlink's latestRoundData might return stale or incorrect results

Badger Citadel contest

Badger Citadel contest

4,260.89 USDC • 5 total findings • Code4rena • cccz

#4

high

StakedCitadel doesn't use correct balance for internal accounting

high

StakedCitadel: wrong setupVesting function name

medium

[WP-H3] `saleRecipient` can rug buyers

medium

New vest reset `unlockBegin` of existing vest without removing vested amount

medium

KnightingRound tokenOutPrice changes

JPEG'd contest

JPEG'd contest

1,241.61 USDC • 2 total findings • Code4rena • cccz

#13

medium

When _lpToken is jpeg, reward calculation is incorrect

medium

Chainlink pricer is using a deprecated API

Axelar Network contest

Axelar Network contest

6,332.02 USDC • 1 total finding • Code4rena • cccz

#5

medium

Unsupported fee-on-transfer tokens

Duality Focus contest

Duality Focus contest

1,699.91 USDC • 1 total finding • Code4rena • cccz

#4

medium

Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

Backed Protocol contest

Backed Protocol contest

139.95 USDC • 1 total finding • Code4rena • cccz

#22

medium

Protocol doesn't handle fee on transfer tokens

Mar '22

Volt Protocol contest

Volt Protocol contest

148.99 USDC • Code4rena • cccz

#24

Joyn contest

Joyn contest

103.96 USDC • 1 total finding • Code4rena • cccz

#30

high

Splitter: Anyone can call incrementWindow to steal the tokens in the contract

Paladin contest

Paladin contest

1,120.98 USDC • 2 total findings • Code4rena • cccz

#10

medium

Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.

medium

cooldown is set to 0 when the user sends all tokens to himself.

LI.FI contest

LI.FI contest

1,331.62 USDC • 2 total findings • Code4rena • cccz

#14

medium

`AnyswapFacet` can be exploited to approve arbitrary tokens.

medium

LibSwap: Excess funds from swaps are not returned

prePO contest

prePO contest

51.88 USDC • 3 total findings • Code4rena • cccz

#29

high

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

medium

`PrePOMarket.setFinalLongPayout()` shouldn't be called twice.

medium

Manager can get around min reserves check, draining all funds from Collateral.sol

Rolla contest

Rolla contest

1,201.19 USDC • 2 total findings • Code4rena • cccz

#8

medium

COLLATERAL_MINTER_ROLE can be granted by the deployer of QuantConfig and mint arbitrary amount of tokens

medium

Usage of deprecated Chainlink functions

Maple Finance contest

Maple Finance contest

21,534.05 USDC • 1 total finding • Code4rena • cccz

gold

medium

Incorrect implementation of Lender can result in lost tokens

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

659.57 USDT • 2 total findings • Code4rena • cccz

#21

medium

`sharesToTokenAmount`: Division by zero

medium

Owners have absolute control over protocol

Feb '22

Anchor contest

Anchor contest

572.98 UST • Code4rena • cccz

#15

Foundation contest

Foundation contest

3,530.39 USDC • 2 total findings • Code4rena • cccz

#6

medium

SendValueWithFallbackWithdraw: withdrawFor function may fail to withdraw ether recorded in pendingWithdrawals

medium

`adminAccountMigration()` Does Not Update `buyPrice.seller`

JPYC contest

JPYC contest

603.43 USDC • Code4rena • cccz

#21

SKALE contest

SKALE contest

5,394.12 USDC • 2 total findings • Code4rena • cccz

#8

medium

BURNER_ROLE can burn any amount of EthErc20 from an arbitrary address

medium

transferredAmount on mainnet can be drained if a malicious account can mint more tokens on Schain

Hubble contest

Hubble contest

250.24 USDC • 1 total finding • Code4rena • cccz

#26

medium

Liquidations can be run on the bogus Oracle prices

Tribe Turbo contest

Tribe Turbo contest

6,099.18 USDC • 1 total finding • Code4rena • cccz

#5

high

TurboRouter: deposit(), mint(), createSafeAndDeposit() and createSafeAndDepositAndBoost() functions do not work

Ooki contest

Ooki contest

5,100 USDC • Code4rena • cccz

bronze
Redacted Cartel contest

Redacted Cartel contest

1,833.86 USDC • 7 total findings • Code4rena • cccz

#7

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier

medium

SafeERC20.sol is imported but not used in the transferBribes() function

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

medium

Deposit Feature Of The Vault Will Break If Update To A New Platform

medium

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

Aave Lens contest

Aave Lens contest

3,441.6 USDC • 1 total finding • Code4rena • cccz

#6

medium

[WP-M1] Inappropriate handling of `referralFee` makes collecting Mirror fails without error when `referrerProfileId` is burned

Badger Citadel contest

Badger Citadel contest

625.19 USDC • 5 total findings • Code4rena • cccz

#13

high

StakedCitadel doesn't use correct balance for internal accounting

high

StakedCitadel: wrong setupVesting function name

medium

[WP-H3] `saleRecipient` can rug buyers

medium

New vest reset `unlockBegin` of existing vest without removing vested amount

medium

KnightingRound tokenOutPrice changes

Concur Finance contest

Concur Finance contest

883.88 USDC • 2 total findings • Code4rena • cccz

#18

high

Wrong reward token calculation in MasterChef contract

high

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

Jan '22

Yield-Convex contest

Yield-Convex contest

69.12 USDC • 1 total finding • Code4rena • cccz

#15

medium

Oracle data feed is insufficiently validated.

Notional contest

Notional contest

0 USDC • Code4rena • cccz

#23

OpenLeverage contest

OpenLeverage contest

296.63 USDT • Code4rena • cccz

#14

Behodler contest

Behodler contest

1,505.8 USDC • 1 total finding • Code4rena • cccz

#13

high

Double transfer in the `transferAndCall` function of `ERC677`

Trader Joe contest

Trader Joe contest

952.01 USDT • 1 total finding • Code4rena • cccz

#17

medium

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Sherlock contest

Sherlock contest

1,753.14 USDC • Code4rena • cccz

#12

ElasticSwap contest

ElasticSwap contest

0 USDC • Code4rena • cccz

#25

Livepeer contest

Livepeer contest

2,423.52 tokens) • 1 total finding • Code4rena • cccz

#7

medium

[WP-M1] `BURNER_ROLE` can burn any amount of L2LivepeerToken from an arbitrary address

InsureDAO contest

InsureDAO contest

527.31 tokens) • Code4rena • cccz

#21

Sandclock contest

Sandclock contest

195.56 USDC • 2 total findings • Code4rena • cccz

#23

high

deposit() function is open to reentrancy attacks

high

Vaults with non-UST underlying asset vulnerable to flash loan attack on curve pool

XDEFI contest

XDEFI contest

806.34 USDC • 1 total finding • Code4rena • cccz

#8

high

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

Timeswap contest

Timeswap contest

0 USDC • Code4rena • cccz

#29

Dec '21

Vader Protocol contest

Vader Protocol contest

141.51 USDC • 1 total finding • Code4rena • cccz

#13

high

`VaderPoolV2` minting synths & fungibles can be frontrun

Yeti Finance contest

Yeti Finance contest

12.81 USDC • Code4rena • cccz

#24

NFTX contest

NFTX contest

10,676.86 USDC • 3 total findings • Code4rena • cccz

gold

high

buyAndSwap1155WETH() function may cause loss of user assets

high

The return value of the _sendForReceiver function is not set, causing the receiver to receive more fees

medium

Malicious receiver can make distribute function denial of service