Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
CodeHawks
Mar '25
high
high
high
high
high
high
high
medium
medium
Jan '25
high
high
high
high
medium
high
high
high
medium
medium
Dec '24
high
high
medium
Nov '24
Oct '24
high
medium
high
high
high
medium
Sep '24
high
high
medium
Aug '24
high
Malicious actors can manipulate the `cross_chain_callback` callback
high
There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function
high
Inconsistent Handler Validation Behavior in Cairo ERC20Handler's Cross-Chain Callback
high
Anyone can manipulate user nonce (nonce_manager) in settlement contract
high
In settlement.cairo::receive_cross_chain_msg - the message will always be marked with Status::SUCCESS
high
The LockMint and BurnUnlock modes cannot be used
high
SettlementSignatureVerifier is missing check for duplicate validator signatures
high
In Starknet already processed messages can be re-submitted and by anyone
high
Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission
medium
Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement
medium
The receive_cross_chain_msg function has potential replay attack risks.
high
Missing `lower<upper` check in `mint_position`
high
update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council
high
Parameter Misordering in Fee Collection Function Causes Denial of Service and Fee Loss
medium
If liquidity is insufficient, users may need to pay more tokens in swap2
medium
`decrPosition09293696` will not work due to incorrect function signature
medium
No related function to set fee_protocol
medium
medium
medium
Jul '24
high
Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot
high
in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)
high
[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs
high
Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds
medium
Players can gain more NFTs benefiting from that past remainder in subsequent locks
Jun '24
May '24
high
Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot
high
in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)
high
[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs
high
Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds
medium
Players can gain more NFTs benefiting from that past remainder in subsequent locks
Apr '24
high
`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`
high
`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used
high
In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true
medium
Withdrawals in AccountManager are prone to DOS attacks.
medium
Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently
medium
Incorrect modifier condition
medium
`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should
medium
Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract
medium
`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS
high
Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply
high
Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults
Feb '24
high
Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)
medium
Minter / Staker / Spender roles can never be revoked`..,
Sep '23