Payouts
3rd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
high
Users will drain LEND tokens by claiming rewards multiple times
high
Protocol will lose accumulated liquidation rewards due to missing withdrawal mechanism
high
Users will receive incorrect token amounts due to stale exchange rates
high
User will clear same-chain debt by repaying only cross-chain debt
high
User will clear same-chain debt on destination chain by repaying only cross-chain debt
high
User will increase same-chain debt on destination chain by repaying cross-chain debt
high
Incorrect liquidation validation leads to loss of funds for borrowers or protocol insolvency
high
User will over-borrow across multiple chains by exploiting stale collateral checks
high
First-time borrowers will drain protocol liquidity by bypassing collateral requirements
high
Invariant check will cause complete denial of service for borrowers when users perform bidirectional cross-chain operations
high
Users will receive double LEND rewards when having cross-chain positions
medium
Borrower will lose seized collateral when liquidator repays debt during cross-chain liquidation with an invalid amount
medium
User will be unable to borrow up to their full collateral capacity due to double application of interest calculation
medium
Liquidator will be unable to liquidate up to the proper close factor due to incorrect principal amount usage in liquidation calculations
Apr '25
medium
Mar '25
high
Missing authorization check in `Payment::payWithERC20()` allows unauthorized token transfers
medium
Missing worker deployment timeout mechanism leads to permanently stuck deployments
medium
Missing signature invalidation in `BlueprintCore::updateWorkerDeploymentConfigWithSig()` allows token balance draining and configuration update replay
medium
Incomplete whitelist implementation in `BlueprintCore` allows bypass of agent creation restrictions
high
Feb '25
high
ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price
high
Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens
high
`BaseGauge` users can claim rewards without staking
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
Reward manipulation vulnerability in StabilityPool
high
RToken's transfer function lead to loss of funds due to incorrect math
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers
high
Hardcoded Exchange Rate Leading to Incorrect Deposits and Redemptions
high
Users can lose additional collateral by depositing NFTs after grace period expiration
high
Gauge reward system can be gamed with repeatedly stake/withdraw
medium
Missing Vote Frequency Control in GaugeController
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry
medium
Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check
medium
Using balanceOf Instead of Voting Power
medium
There is no logic checking for RAACNFT price staleness before minting it
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations
medium
`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution
medium
Fee-on-transfer token handling issue in `Treasury::deposit` leads to permanent fund loss
medium
Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`
medium
`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting
medium
Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.
low
Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.
low
`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users
low
`Auction::checkAuctionEnded()` function fails to handle early auction completion when all ZENO tokens are sold, potentially blocking critical post-auction processes
Jan '25
high
high
high
high
high
high
medium
May '23
Sep '21
Aug '21
Jul '21