Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Jan '25
Aug '24
Jul '24
high
`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.
medium
Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws
medium
`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`
Jun '24
May '24
Apr '24
high
BalancerConnector has incorrect implementation of totalSupply, positionTVL and total TVL will be invalid
high
PrismaConnector are not able to claim surplus collateral in removery mode
high
`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`
high
Numerous errors when calculating the TVL for the MorphoBlue connector
medium
Lack of function to claim reward in `AaveConnector`
medium
Stale price can be used in `getValueFromChainlinkFeed` function
medium
`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should
medium
Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract
medium
If a curve pool which CurveConnector uses is killed the vault manager can't close the position leading to loss of funds
medium
Balancer flashloan contract can be DOSed completely by sending 1 wei to it
high
Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
medium
Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position
medium
No incentive to liquidate small positions could result in protocol going underwater
medium
Liquidation bonus logic is wrong
Mar '24
high
`_getReferencePoolPriceX96()` will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them
medium
V3Oracle susceptible to price manipulation
medium
Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares
medium
No `minLoanSize` means liquidators will have no incentive to liquidate small positions
Feb '24
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
Can mint NFT with the desired attributes by reverting transaction
medium
DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.
Jan '24
medium
`_getUniswapTwapWei()` will show incorrect price for negative ticks cause it doesn't round up for negative ticks.
medium
Chainlink price feed uses BTC, not WBTC. In case of depegging, oracles will become easier to manipulate.
medium
Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.
high
Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale
high
Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`
high
Unauthorized Access to setCurves Function
medium
Protocol and referral fee would be permanently stuck in the Curves contract when selling a token
medium
Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.
medium
Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject
Dec '23
high
Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss
high
The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt
medium
Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt
medium
Anyone can prolong the time for the rewards to get distributed
medium
Malicious borrower can decrease Guild holders reward
Nov '23
Sep '23
Aug '23
Jul '23