Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
Mar '25
Collaborative Audit • Sherlock • g
Feb '25
high
Attacker can front-run Withdraw and steal the withdrawal
high
Memory leak when executing Tally VM
high
A jailed validator with no registered key blocks proving scheme activation
high
Malicious proposer can submit a request with large invalid transactions because of no mempool to bloat the block store
high
Any malicious validator can submit a vote extension with length < 65 bytes to crash validators
high
Tallying a Data Request with a wildcard expression in its consensus filter will store non-deterministic data and cause a chain halt
high
Attackers can flood validators with Commit/Reveal execution messages to delay blocks or DOS the node
high
Anyone can crash validators with a Tally VM program that panics the call_result_write import
high
`call_result_write` import can be exploited for unmetered execution and memory growth
high
WASI imports can be exploited for unmetered execution or unbounded memory growth
high
Anyone can pass any length to some Tally imports to inflate memory, induce OOM, and crash validators
high
A malicious validator can post arbitrary batches with just one signature
high
A request poster can set gas_price to 1 and pay minimal fees for a lot of gas and drain validators' resources
medium
A result can be censored by a request poster that submits a `payback_address` that can not accept ETH transfers
medium
Anyone can post a request with `gasPrice` of 0 to cause SEDA chain to halt
medium
Chain can deadlock due to no consensus because New Validators can not submit vote extensions
medium
Anyone can front-run the creation of a vesting account to block it
medium
Executors/Proxies can game the rewards system by using a pubkey that will be sorted first
medium
The outlier gets the reduced payout when there is consensus on errors
Jan '25
Collaborative Audit • Sherlock • g
Dec '24
Collaborative Audit • Sherlock • g
Oct '24
Sep '24
high
Transfers from the rebate manager's token vault always fail due to lack of bump seed
high
Quote pools are expected to have same base token and quote token but this is not enforced in swaps
medium
Attacker can control rebate managers for supported tokens since there is only 1 rebate manager per quote token
medium
Rebate authority is unable to claim fee due to incorrect constraint not allowing rebate manager admin authority
high
Attacker can relist a floor item and cancel the listing to underflow `listingCount` and block collection shutdown execution
high
Voters can not recover their collection tokens after shutdown is canceled
high
Non-existent checkpoint index is used when creating Protected Listings
high
Borrowers can bypass interest payments and pay off principal until 0.06 ether remains
medium
Fee exemptions do not work since incorrect value is packed in `feeOverrides` storage
medium
Admin can not set the pool fee since it is only set in memory
medium
Swaps will revert or unnecessarily cancel due to a mismatched comparison of fTokens with ETH specified amount
medium
AMM beneficiary can not collect fees when beneficiary is a pool
medium
FTokens are burned after `quorumVotes` are recorded making a portion of the shares unclaimable
Aug '24
Jul '24
Jun '24
high
Minting and batch minting auth can be bypassed by anyone
medium
Limited users are allowed access when not strict but instead fail due to underflow
medium
Expired blacklisting leads to greater access
medium
Permission checks will unnecessarily consume Limited uses
medium
Valid VFS paths with usernames can always fail validation
medium
Calculating tax amount does not include taxes in `WasmMsg::Execute` messages
Apr '24
Feb '24
high
Increase in exchange rate between queueing and rebalancing can break withdrawals
high
Undelegating Operator can break withdrawals and lead to insolvency
high
Eigenlayer withdrawals brick future withdrawals due to no update of current epoch
high
Deactivating an operator with a validator cap will always revert
high
Inflated operator utilization when out-of-order exits are reported can block ETH allocations
Jan '24
medium
medium
medium
Aug '23
high
The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP
high
Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation
high
Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`
medium
reLP() mintokenAAmount the calculations are wrong.
medium
Can not withdraw RDPX if WETH withdrawn is zero
May '23
Mar '23
Feb '23
Jan '23
high
First vault depositor can steal other's assets
high
Attacker can steal 99% of total balance from any reward token in any Staking contract
high
Attacker can deploys vaults with a malicious Staking contract
high
Staking rewards can be drained
high
Modifier VaultController._verifyCreatorOrOwner does not work as intented
medium
DOS any Staking contract with Arithmetic Overflow
medium
`MultiRewardStaking.changeRewardSpeed()` breaks the distribution
medium
Faulty Escrow config will lock up reward tokens in Staking contract