6x
Payouts
1x
3rd Places
5x
Top 10
6x
Top 25
All
Sherlock
Code4rena
Hats Finance
May '25
high
A user will receive over-minted lTokens affecting supply accuracy
high
A supplier will receive incorrect LEND rewards due to reward index update after minting
high
Redeeming lTokens will underestimate borrow balances, allowing collateral withdrawal that violates protocol liquidity rules
high
Incorrect chain ID check causes cross-chain borrow data to be skipped, leading to liquidity errors
high
User will bypass borrow limits due to ignoring cross-chain debt
high
Protocol will lose unbounded LEND tokens due to missing reset after reward claim
high
User will over-leverage across chains as protocol accepts already-utilized collateral
high
Outdated borrowIndex will cause inaccurate debt tracking and protocol accounting errors when CrossChainBorrow
high
Cross-chain repayment will incorrectly update same-chain borrow state, causing protocol state inconsistency
high
Protocol will miscalculate seized collateral amount during cross-chain liquidation
high
Protocol will allow invalid liquidation due to incorrect borrow-collateral comparison logic
high
Cross-chain liquidation uses incorrect lToken address, preventing repayment and breaking liquidation flow
high
Seized Collateral Amount Incorrectly Used as Borrow Repayment in Cross-Chain Liquidation Success
high
Liquidator will steal collateral without repaying debt on cross-chain liquidation
medium
Liquidator will prematurely liquidate healthy users due to double-counted interest
Feb '24
Jan '24
Nov '23
Oct '23
high
Borrower has no way to update `maxTotalSupply` of `market` or close market.
high
Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last
high
Borrower can drain all funds of a sanctioned lender
medium
Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range