Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
Findings not publicly available for private contests.
Apr '25
high
high
high
medium
Mar '25
Feb '25
high
RAACNFT mint function receives funds to address(this) but has no way of withdrawing them
high
Users can borrow more assets than they have deposited as collateral
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Incorrect Debt Token Accounting Due to Multiple Scaling Issues
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator
medium
The earned yield from the Curve vault can never be utilized when withdrawing or borrowing
medium
When the prime rate is updated by the oracle, the values of the sub-rates are not ajdusted accordingly, which can cause loss of assets for borrowers
medium
reserve.totalUsage variable is not properly updated
medium
Unnecessary Vault Withdrawals Due to Unchecked User Withdrawal Amounts
medium
Interest rates will be incorrectly updated, which will result in higher borrowing costs for borrowers
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
low
Wrong event emitted in `LendingPool::_repay`
low
`collateralLiquidated` value is always 0 when emitted in the `LiquidationFinalized` event
Jan '25
high
Dec '24
Nov '24
Oct '24
medium
Sep '24
high
medium
medium
Aug '24
Jul '24
May '24
Apr '24