Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Feb '25
Dec '24
high
A malicious attacker can drain the protocol by using duplicated orderId
high
Reentrancy vulnerability in the `OracleLess.fillOrder` function
high
The `StopLimit` contract should receive tokens from the creator of orders instead of recipients
medium
A malicious attacker can create many orders that is not cancelable.
medium
In some cases, slippage can be inverted
Nov '24