Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
CodeHawks
Nov '24
Collaborative Audit • Sherlock • cccz
May '24
Mar '24
high
high
high
high
high
high
high
high
high
medium
medium
medium
medium
medium
medium
medium
medium
medium
medium
Feb '24
Jan '24
high
Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale
high
Attack to make ````CurveSubject```` to be a ````HoneyPot````
high
Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`
medium
Protocol and referral fee would be permanently stuck in the Curves contract when selling a token
medium
onBalanceChange causes previously unclaimed rewards to be cleared
medium
Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.
medium
If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete
medium
medium
medium
Dec '23
Nov '23
medium
Oct '23
Aug '23
Jul '23
1,864.68 USDC • 2 total findings • CodeHawks • cccz
#8
Jun '23
high
`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa
medium
Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.
medium
Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called
medium
LybraPeUSDVaultBase.rigidRedemption should use getBorrowedOf instead of borrowed
May '23
Apr '23
high
Anyone can call commitCollateral to submit collateral on behalf of the borrower
high
The borrower can call commitCollateral to front run the lender and use very little collateral to get the loan
high
When the lendingToken is USDC, the lender can join the USDC blacklist to prevent the borrower from repaying and thus liquidate the borrower's collateral
medium
setLenderManager may cause some Lenders to lose their assets
medium
Does not support fee-on-transfer tokens as collateral
medium
When there are too many collateral items, unbounded loops in deployAndDeposit and _withdraw can cause gas to be running out and the transaction to fail
medium
lender can front run the liquidator to make the liquidator lose the collateral
high
CHALLENGER_REWARD can be used to drain reserves and free mint
high
When the challenge is successful, the user can send tokens to the position to avoid the position's cooldown period being extended
high
Challenges can be frontrun with de-leveraging to cause lossses for challengers
medium
Later challengers can bid on the previous challenge to extend the expiration time of the previous challenge, so that their own challenge can succeed before the previous challenge and get challenge rewards
medium
No slippage control when minting and redeeming FPS
medium
need alternative ways for fund transfer in `end()` to prevent DoS
medium
function `restructureCapTable()` in Equity.sol not functioning as expected
high
Some positions will get liquidated immediately
high
Reward accounting is incorrect in BathBuddy contract
high
Due to the loss of precision, openPosition will make the user's leverage higher than expected
high
The last borrowed asset will not be collateralized and the user may be liquidated due to insufficient collateral
high
When opening a position, the collateral of the previous position is used for borrowing, which makes the user more easily liquidated
high
RubiconMarket checks slippage incorrectly
medium
BathBuddy contract should implement methods to pause and unpause contract
medium
Fee inclusivity calculations are inaccurate in RubiconMarket
medium
Incorrect fee handling in Position.sol's Market Buy/Sell functions
medium
The curve of short leverage position is not smooth and may cause users to open positions that are different from expectations
medium
Zero reward rate calculation impedes low-decimals token distributions
medium
The return value of buyAllAmount is incorrect
medium
Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`
medium
Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations
Mar '23
high
Carousel.mintRollovers will mint less shares to users, resulting in the loss of users' assets
high
enlistInRollover will set the ownerToRollOverQueueIndex incorrectly
medium
mintRollovers should require entitledShares >= relayerFee
medium
When finalTVL == 0, the emissionsToken in the vault will be locked
Feb '23
high
The cachedUserRewards in _withdrawUpdateRewardState are calculated incorrectly.
medium
claimFees may cause some external rewards to be locked in the contract
medium
SingleSidedLiquidityVault.withdraw will decreases ohmMinted, which will make the calculation involving ohmMinted incorrect
medium
The contract does not decrease cachedUserRewards but directly increases userRewardDebts when the user claims the reward, which will result in an overflow in internalRewardsForToken/externalRewardsForToken when the user claims the reward next time.
medium
When addInternalRewardToken/addExternalRewardToken re-add previously removed reward tokens, it will prevent users from claiming rewards
medium
In addInternalRewardToken, when startTimestamp_ > block.timestamp, _accumulateInternalRewards will revert due to overflow
high
Anyone can deposit tokens outside of the whitelist into the bounty, which may result in the winner not be able to claim the prize
high
claimNft() does not check refunded[_depositId], which will result in the winner not claiming the prize
high
refundDeposit can be called after the bounty is closed, which prevents the winner of the TieredPercentageBounty from claiming the prize
high
Incompatible with revert-on-zero-value-transfers tokens
Jan '23
high
Staking rewards can be drained
high
Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking
medium
`MultiRewardStaking.changeRewardSpeed()` breaks the distribution
medium
syncFeeCheckpoint() does not modify the highWaterMark correctly, sometimes it might even decrease its value, resulting charging more performance fees than it should
medium
AdapterBase should always use delegatecall to call the functions in the strategy
medium
`Vault.redeem` function does not use `syncFeeCheckpoint` modifier
high
When Public Vault A buys out Public Vault B's lien tokens, it does not increase Public Vault A's liensOpenForEpoch, which would result in the lien tokens not being repaid
high
A malicious private vault can preempt the creation of a public vault by transferring lien tokens to the public vault, thereby preventing the borrower from repaying all loans
high
Buying out corrupts the slope of a vault, reducing rewards of LPs
medium
ERC4626RouterBase.withdraw can only be called once
medium
When a private vault offers a loan in ERC777 tokens, the private vault can refuse to receive repayment in the safeTransferFrom callback to force liquidation of the borrower's collateral
medium
Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one
Dec '22
medium
MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker
medium
NodeOp can get rewards even if there was an error in registering the node as a validator
medium
slashing fails when node operator doesn't have enough staked `GGP`
medium
State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool
medium
Bypass `whenNotPaused` modifier
medium
Coding logic of the contract upgrading renders upgrading contracts impractical
Findings not publicly available for private contests.
high
Lock.sol: assets deposited with Lock.extendLock function are lost
medium
Must approve 0 first
medium
GovNFT: maxBridge has no effect
medium
Centralization risks: owner can freeze withdraws and use timelock to steal all funds
medium
Governance NFT holder, whose NFT was minted before `Trading._handleOpenFees` function is called, can lose deserved rewards after `Trading._handleOpenFees` function is called
Nov '22
high
In `ERC20`, `TotalSupply` is broken
high
Stealing Wrapped Manifest in WETH.sol
high
Anyone can create Proposal Unigov Proposal-Store.sol
high
It's not possible to execute governance proposals through the GovernorBravoDelegate contract
high
Comptroller uses the wrong address for the WETH contract
high
Accountant can't be initialized
high
AccountantDelegate: sweepInterest function will destroy the cnote in the contract.
medium
Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail
high
Malicious Users Can Drain The Assets Of Auto Compound Vault
high
Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation
medium
DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier
medium
SafeERC20.sol is imported but not used in the transferBribes() function
medium
Assets may be lost when calling unprotected `AutoPxGlp::compound` function
medium
Deposit Feature Of The Vault Will Break If Update To A New Platform
medium
Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters
high
function withdrawETH from GiantMevAndFeesPool can steal most of eth because of idleETH is reduced before burning token
high
Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.
high
Sender transferring GiantMevAndFeesPool tokens can afterward experience pool DOS and orphaning of future rewards
high
Reentrancy vulnerability in GiantMevAndFeesPool.withdrawETH
high
Old stakers can steal deposits of new stakers in `StakingFundsVault`
medium
Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%
medium
When users transfer GaintLP, some rewards may be lost.
medium
Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData
medium
Variable balance ERC20 support
medium
address.call{value:x}() should be used instead of payable.transfer()
medium
Borrower/Lender excessive ETH not refunded and permanently locked in protocol
Oct '22
medium
Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function
medium
Due to loss of precision, targetVotes may not reach
medium
Owner can transfer all ERC20 reward token out using function recoverERC20
high
premium will not be refunded in lend() for Swivel
high
The unpaused modifier should be added to authRedeem and autoRedeem
high
Users can provide Illuminate principal tokens to mint Illuminate principal tokens, which will reduce the number of underlying tokens redeemed by all users
medium
Incorrect slippage control in ERC5095.mint
Sep '22
medium
Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter
medium
sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working
medium
User fund lost because they can't withdraw() their funds before epoch startTime and they have to stuck in positions that become unprofitable even when epoch is not started
medium
`timewindow` can be changed unexpectedly that blocks users from calling `deposit` function
medium
StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken
medium
StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards
medium
StakingRewards reward rate can be dragged out and diluted
medium
After the vault expires, users may still receive rewards through the StakingRewards contract
medium
AuctionCrowdfund: If the contract was bid on before the NFT was gifted to the contract, lastBid will not be totalContributions
medium
Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid
medium
Early contributor can always become majority of crowdfund leading to rugging risks.
high
Multiple vote checkpoints per block will lead to incorrect vote accounting
medium
A proposal can be cancelled by anyone if the proposal has exactly proposalThreshold votes
medium
Founders can receive less tokens that expected
medium
A proposal can pass with 0 votes in favor at early DAO stages
medium
Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low
Aug '22
medium
Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting
medium
OlympusGovernance: Users can prevent their votes from being revoked
medium
Heart will stop if all rewards are swept
medium
[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results
Jul '22
high
Forced buyouts can be performed by malicious buyers
high
Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract
high
Malicious User Could Burn The Assets After A Successful Migration
medium
An attacker can DoS vault's buyout with as little as 1 wei per 4 days
medium
Delegate call in `Vault#_execute` can alter Vault's ownership
medium
Use of `payable.transfer()` may lock user funds
high
ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC
medium
Grieffer beneficiary can cause DOS
medium
Use a safe transfer helper library for ERC20 transfers
medium
Code credits fee-on-transfer tokens for amount stated, not amount transferred
medium
changeTokenOf makes it impossible for holders of oldToken to redeem the overflowed assets.
medium
JBToken: mint function could mint arbitrary amount of tokens
Jun '22
medium
Order duration can be set to 0 by Malicious maker
medium
An attacker can create a short put option order on an NFT that does not support ERC721(like cryptopunk), and the user can fulfill the order, but cannot exercise the option
medium
`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever
medium
Malicious Token Contracts May Lead To Locking Orders
high
`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`
medium
Staking: the rebase function needs to be called before calling the function in the Yieldy contract that uses the rebasingCreditsPerToken variable
medium
No way to set CURVE_POOL approval after setting new curve pool address
medium
Staking: rebase() does not rebase according to the status of the current epoch.
high
Redeemer.redeem() for Element withdraws PT to wrong address.
high
Tempus lend method wrongly calculates amount of iPT tokens to mint
high
ERC5095 redeem/withdraw does not update allowances
high
Incorrect implementation of APWine and Tempus `redeem`
high
Unable to redeem from Notional
high
The lend function for tempus uses the wrong return value of depositAndFix
high
Illuminate PT redeeming allows for burning from other accounts
high
[H-05] Not minting iPTs for lenders in several lend functions
high
Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`
medium
Swivel lend method doesn't pull protocol fee from user
medium
Lend method signature for illuminate does not track the accumulated fee
medium
[M-01] Easily bypassing admins 'pause' for swivel
medium
`Lender.mint()` May Take The Illuminate PT As Input Which Will Transfer And Mint More Illuminate PT Cause an Infinite Supply
high
In `ERC20`, `TotalSupply` is broken
high
Stealing Wrapped Manifest in WETH.sol
high
Anyone can create Proposal Unigov Proposal-Store.sol
high
It's not possible to execute governance proposals through the GovernorBravoDelegate contract
high
Comptroller uses the wrong address for the WETH contract
high
Accountant can't be initialized
high
AccountantDelegate: sweepInterest function will destroy the cnote in the contract.
medium
Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail
high
Overpayment of native ETH is not refunded to buyer
high
Accumulated ETH fees of InfinityExchange cannot be retrieved
medium
Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders
medium
ETH mistakenly sent over with ERC20 based takeOrders and takeMultipleOneOrders calls will be lost
May '22
high
RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone
high
RubiconRouter: Offers created through offerForETH cannot be cancelled
high
First depositor can break minting of shares
medium
RubiconRouter: Excess ether did not return to the user
medium
No cap on fees can result in a DOS in BathToken.withdraw()
medium
Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`
medium
Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter
medium
Duplicate LP token could lead to incorrect reward distribution
medium
ConvexMasterChef: When using add() and set(), it should always call massUpdatePools() to update all pools
medium
ConvexMasterChef: When _lpToken is cvx, reward calculation is incorrect
medium
ConvexMasterChef: safeRewardTransfer can cause loss of funds
Apr '22
Mar '22
Feb '22
high
Malicious Users Can Drain The Assets Of Auto Compound Vault
high
Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation
medium
DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier
medium
SafeERC20.sol is imported but not used in the transferBribes() function
medium
Assets may be lost when calling unprotected `AutoPxGlp::compound` function
medium
Deposit Feature Of The Vault Will Break If Update To A New Platform
medium
Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters
Jan '22
Dec '21