13x
Payouts
4x
2nd Places
1x
3rd Places
9x
Top 10
All
Sherlock
Jul '24
Apr '24
high
Editions's mintBatch() function does not pay enough fee
high
FeeManager._splitProtocolFee() uses wrong collection referrer fee recipient
medium
TitlesGraph._setAcknowledged() does not acknowledge an edge
medium
TitlesGraph's `checkSignature()` does not properly check replayability
medium
mintBatch() function cannot mint batch with mint fee
medium
Edition._refundExcess() never refunds any excess
medium
ERC2981 royalties discrepancy with strategy
medium
Edition does not support ERC1155 interfaceId
Jan '24
Nov '23
Apr '23
high
Borrower can front-run lender's acceptBid to lower/remove its collateral
high
Anyone can commit collateral for someone else
high
_repayLoan will fail if lender is blacklisted
high
Missing access control in setCollateralEscrowBeacon
medium
Bid submission vulnerable to market parameters changes
medium
lenderAcceptBid vulnearble to changes in market fees
medium
CollateralManager.withdraw function lacks access control
medium
Racing condition in between withdrawing a defaulted loan collateral and repaying the loan
medium
Fee on transfer tokens not handled
medium
Loans are liquidateable even when honest if bidDefaultDuration < paymentCycle
medium
Unsafe use of AddressSet in LenderCommitmentForwarder allows unauthorized borrowers
Mar '23
Feb '23
high
checkAfterExecution threshold constraints incorrect
high
Increase the number of valid signers past maxSigners
high
Move tree root to different tree without consent
medium
Fail to set safe threshold to targetThreshold
medium
_guardEntries not protecting against re-entry
medium
Prevent deployment of HSG when safe has more than 5 modules
medium
Usage of HSG for existing safe can brick safe
medium
setTargetThreshold can set target below minThreshold
Jan '23
