Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
Jan '25
high
Sep '24
medium
Jul '24
high
Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens
high
Invalid validation allows users to unlock early
high
Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot
high
Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds
medium
When `LockManager.lockOnBehalf` is called from `MigrationManager`, the user's `reminder` will be set to 0, resulting in fewer received `MunchableNFTs`
medium
Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal
May '24
high
Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens
high
Invalid validation allows users to unlock early
high
Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot
high
Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds
medium
When `LockManager.lockOnBehalf` is called from `MigrationManager`, the user's `reminder` will be set to 0, resulting in fewer received `MunchableNFTs`
medium
Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal
Apr '24
high
`SNXConnector.sol` TVL calculation is incorrect.
high
`AccountingManager::resetMiddle` will not behave as expected
high
`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used
high
Numerous errors when calculating the TVL for the MorphoBlue connector
medium
PendleConnector.sol::supply doesn't pass a valid slippance protection min
medium
Improper price validation in CompoundConnector.sol will lead to stale prices being used.
medium
First depositor can make subsequent depositor lose all of her or his deposit
medium
MorphoBlueConnector:withdraw withdraws supplied tokens in a market order
high
burnSharesToWithdrawEarnings burns shares before calculating the principal token amount to withdraw
high
Unchecked principal token transfers may lead to false adding of principal to commitments and burning of shares without receiving assets back
high
lenderCloseLoanWithRecipient internal function does not send the collateral to the collateral recipient argument of the call
high
liquidateDefaultedLoanWithIncentive can be gamed to avoid paying loans interest
medium
Malicious borrower can pay each payment and make its own loan default 1 month later
Mar '24
Feb '24
Jan '24
high
medium
medium
medium
Dec '23
Nov '23
Oct '23
Sep '23
Aug '23
Jul '23