Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
Immunefi
Hats Finance
Feb '25
Jan '25
high
medium
medium
medium
Dec '24
high
high
high
high
high
high
high
medium
medium
low
low
low
Sep '24
high
medium
medium
Stakers lose their commission if they unstake as they cannot claim their pending rewards anymore after unstaking
medium
If `withdrawalLockBlocks < proofWindow`, stakers can act maliciously without risking loss of their stake
medium
A single malicious challenger can DoS the L1 rollup permanently because `Rollup.sol::_defenderWin` does not burn a portion of the `challengeDeposit`
medium
Attacker can fill merkle tree in `L2ToL1MessagePasser`, blocking any future withdrawals
Aug '24
high
high
high
medium
medium
medium
medium
medium
medium
Jul '24
Jun '24
medium
medium
May '24
high
high
high
high
medium
medium
medium
Apr '24
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply
medium
Incorrect deployment / missing contract will break functionality
Mar '24