High
Total
Medium
Solo
Total
Total Earnings
#100 All Time
Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Code4rena
CodeHawks
Feb '25
Collaborative Audit • Sherlock • jokr
Dec '24
high
An attacker can drain NumaVault right after deployment
high
cLST market can be drained using a fake collateral token address in leverageStrategy function
medium
leverageStrategy will revert due users interest rate accrual
medium
Precision loss in setMaxSpotOffsetBps function leads to Incorrect Numa Prices
medium
No slippage check for leverageStrategy function
medium
Numa tokens fee on transfer can be bypassed
Oct '24
Findings not publicly available for private contests.
Jul '24
high
`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`
high
The Bridging Process will revert if the Collection is matched on the destination chain and not matched on the source chain
high
Infinite loop breaks whitelist removal funtionality on L2
high
`Bridge` is unable to transfer ownership and upgrade on `ERC721Bridgeable`
medium
Starknet tokens deposited with use_withdraw_auto can never be withdrawn
medium
Tokens irrecoverable by owner on L1 if not an `ERC721` receiver
low
Upon the transfer of an escrowed NFT from the bridge to the user on StarkNet, the escrow status remains unaltered, failing to be reset
Findings not publicly available for private contests.
Apr '24
high
The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1
high
Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps
high
Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate
medium
stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage
medium
Deposits will always revert if the amount being deposited is less than the bufferToFill value
medium
Lack of slippage and deadline during withdraw and deposit
Feb '24