Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
Feb '25
medium
medium
Jan '25
Dec '24
Aug '24
Jun '24
high
Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect
medium
Fragmentation fee is not taken if user compensates with newly created position
medium
Inadequate checks to confirm the correct status of the sequecnce/sequecncerUptimeFeed in `PriceFeed.getPrice()` contract.
May '24
Mar '24
high
Flawed if check causes inaccurate tracking of the protocol's ercDebt and collateral
high
Users can mint DUSD with less collateral than required which gives them free DUSD and may open a liquidatable position
medium
oracleCircuitBreaker: Not checking if price information of asset is stale
medium
The `shortOrder` verification bug on the `RedemptionFacet::proposeRedemption()` allows an attacker to leave a small `shortOrder` on the order book, leading to the protocol's bad debt
Feb '24
high
Incorrect bad debt accounting can lead to a state where the `claimFeesBeneficial` function is permanently bricked and no new incentives can be distributed, potentially locking pending and future protocol fees in the `FeeManager` contract
medium
Unchecked return value bug on `TransferHelper::_safeTransferFrom()`
medium
Off-by-one bug prevents the `_compareMinMax()` from detecting Chainlink aggregators' circuit-breaking events
medium
The protocol allows borrowing small positions that can create bad debt
Jan '24
Dec '23
high
Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss
medium
Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism
medium
Replay attack to suddenly offboard the re-onboarded lending term
medium
SurplusGuildMinter.getReward() is susceptible to DoS due to unbounded loop
Oct '23
high
Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want
high
Borrower has no way to update `maxTotalSupply` of `market` or close market.
high
Borrower can drain all funds of a sanctioned lender
medium
Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range
Sep '23
high
Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id
high
Flag can be overriden by another user
medium
Using a cached price in the critical shutdownMarket()
medium
Primary short liquidation can not be completed in the last hour of the liquidation timeline
medium
Secondary short liquidation reverts due to arithmetic underflow in volatile market conditions
medium
Lack of essential stale check in oracleCircuitBreaker()
medium
Decreasing and increasing a short's collateral potentially uses an outdated asset price to calculate the collateral ratio
low
Unhandled chainlink revert in case its multisigs block access to price feeds
low
Use of hardcoded price deviation in baseOracleCircuitBreaker()
low
Emitting incorrect event value
Aug '23
high
The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations
medium
Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever
low
Owner can incorrectly pull funds from contests not yet expired
low
Lack of checking the existence of the Proxy contract
low
Insufficient validation leads to locking up prize tokens forever
Jul '23
233.87 USDC • 16 total findings • CodeHawks • serialcoder
#15
high
Sandwich attack to steal all ERC-20 tokens in the Fees contract
high
During refinance() new Pool balance debt is subtracted twice
high
[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control
high
Using forged/fake lending pools to steal any loan opening for auction
high
Stealing any loan opening for auction through others' lending pool
high
Forcing a borrower to pay a huge debt via the giveLoan()
medium
Precision loss allows users to giveLoans to pools with less collateral then required
medium
No expiration deadline leads to losing a lot of funds
medium
Rounding error leads to borrowing loans without paying interest
low
Zero address leads to transaction reverts
low
Wrong Amount of Loan Interest is Calculated
low
Emitting incorrect event parameters
low
Lenders could receive interest less than expected
gas
Unnecessary If condition in update() of Staking.sol
gas
Caching the pool variable for gas savings
gas
Lack of updating the auctionLength parameter in the giveLoan() and buyLoan()
77.09 USDC • 9 total findings • CodeHawks • serialcoder
#21
high
Theft of collateral tokens with fewer than 18 decimals
medium
staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.
medium
DSC protocol can consume stale price data or cannot operate on some EVM chains
medium
Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`
medium
All of the USD pair price feeds doesn't have 8 decimals
medium
Double-spending vulnerability leads to a disruption of the DSC token
medium
Lack of fallbacks for price feed oracle
low
Improving the burnDsc() to allow users to mitigate their liquidation's impact
low
Precision loss when calculating the health factor
97.92 USDC • 2 total findings • CodeHawks • serialcoder
#36
Jan '23
Oct '22