
Payouts

1st Places

Top 10

Top 25
All
Sherlock
Blackthorn
Cantina
Immunefi
Jan '26
Collaborative Audit • Sherlock • deadmanwalking
Dec '25
Collaborative Audit • Sherlock • deadmanwalking
high
Unbacked token minting through share ratio manipulation when totalFreeDebt reaches zero
medium
No gap between borrow LTV and liquidation LTV allows instant liquidation at position open
medium
An attacker can exploit continuous writeOff in an empty market to allow minting unbacked tokens when bad debt exists
medium
`updateBorrower` redeem collateral cap can create a global collateral deficit, causing the coin to become undercollateralized
medium
Interest accrual can freeze via `wadExp()` returning 0 when calculating `growthDecay` if interest has not been accrued for a sufficiently long timedelta
Nov '25
medium
Collaborative Audit • Blackthorn • deadmanwalking
Oct '25
high
high
high
high
medium
medium
medium
medium
medium
medium
low
Sep '25
high
Staking and unstaking advance the token-specific reward index without distributing rewards, potentially causing `_handleDistributionAndSettelement` to never distribute rewards.
high
Fee collection will always fail for initial positions of SuperDCA pools that contain native tokens
high
`_calculateEpochData` only calculates trade rewards based on the trade start time, not the start of the cashback campaign, allowing users to claim cashback for flows that occured before the campaign even started
Aug '25
medium
The flat liquidation fee creates an "effective liquidation threshold" that can be much higher than the nominal `liquidationThreshold`, disincetivising liquidators and potentially making a market accrue bad debt
medium
`OraclePendlePT` assumes 1:1 ratio of pegged assets to base assets when no Chainlink price feed for PeggedAsset<>USD is available
medium
Refunding native ETH in `ZappingProxy` after a router call will fail, potentially impacting protocol functions.
medium
`WStable` does not account for ERC4626 yield bearing tokens with non-atomic deposit and withdraw functions