Payouts
2nd Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
Apr '25
Mar '25
Feb '25
high
high
high
medium
medium
high
Reward manipulation vulnerability in StabilityPool
high
Users can borrow more assets than they have deposited as collateral
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
Boost Miscalculation Leads to Excess Distribution
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
medium
Gauge reward period can be extended indefinitely
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Using balanceOf Instead of Voting Power
medium
Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing
medium
LendingPool.getUserDebt returns outdated value and can lead to liquidation failure
medium
No check for sequencer uptime can lead to Zeno auctions being executed at lower prices or may result in incomplete auctions
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay
medium
Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.
Jan '25
high
medium
medium
Oct '24
medium
medium
Sep '24
medium
medium
Aug '24
high
medium
medium
medium
May '24
medium
incorrect price for negative ticks due to lack of rounding down
medium
`updateIRMParams` does not call `applyInterestForToken` before updating `irmParams` which leads to incorrect calculation of interest rate for subsequent trades.
medium
Liquidity manipulation is possible when trading
medium
Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address
medium
Chainlink's `latestRoundData` might return stale or incorrect results
Apr '24
high
`PendleConnector` incorrectly sends the redeemed `PT` tokens to the market instead of the
high
`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`
high
Numerous errors when calculating the TVL for the MorphoBlue connector
high
In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true
medium
LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector
medium
Withdrawals in AccountManager are prone to DOS attacks.
medium
The total deposit amount limit in `AccountingManager.sol` can be bypassed
medium
Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry
medium
Incorrect modifier condition
medium
`AccountingManager` contract's `previewDeposit`, `previewMint`, `previewWithdraw`, and `previewRedeem` functions are not compliant with EIP-4626 standard
medium
Extra rewards are not updated in curve connector when harvestConvexRewards is called
medium
Camelot and Aerodrome Connector TVL susceptible to manipulation attack
medium
Using the same heartbeat for multiple price feeds
Mar '24
Feb '24
Jan '24
Dec '23
Oct '23
Aug '23
Jul '23
high
Sandwich attack to steal all ERC-20 tokens in the Fees contract
high
Token spending by Uniswap router doesn't get approved
high
Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks
medium
The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates
medium
No expiration deadline leads to losing a lot of funds
medium
Fixed fee level is used when swap tokens on Uniswap
medium
Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum
medium
Some ERC20 tokens would revert on zero value fee transfers.
low
Rounding error risk in borrow() function in Lender.sol
gas
Cannot use `_burn` Function in Beedle.sol Contract
gas
Uncheck Arithmetic where overflow/underflow impossible
2.02 USDC • 6 total findings • CodeHawks • ni8mare
#112
medium
staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.
medium
DSC protocol can consume stale price data or cannot operate on some EVM chains
medium
Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`
medium
All of the USD pair price feeds doesn't have 8 decimals
low
Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum
gas
`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops
Jun '23
May '23
Mar '23