Payouts
3rd Places
Top 10
Top 25
All
Code4rena
Nov '23
Oct '23
Jan '23
Aug '22
Jul '22
high
Any fractions deposited into any proposal can be stolen at any time until it is commited
high
Fund will be stuck if a buyout is started while there are pending migration proposals
high
Steal NFTs from a Vault, and ETH + Fractional tokens from users.
high
Division rounding can make fraction-price lower than intended (down to zero)
high
Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract
medium
An attacker can DoS vault's buyout with as little as 1 wei per 4 days
Jun '22
high
ERC5095 redeem/withdraw does not update allowances
high
Incorrect implementation of APWine and Tempus `redeem`
high
Able to mint any amount of PT
high
Illuminate PT redeeming allows for burning from other accounts
high
[H-05] Not minting iPTs for lenders in several lend functions
medium
Centralisation Risk: Admin Can Change Important Variables To Steal Funds
high
Missing Complication check in `takeMultipleOneOrders`
medium
Malicious governance can use `updateWethTranferGas` to steal WETH from buyers
medium
Maker order buyer is forced to reimburse the gas cost at any `tx.gasprice`
medium
Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders
May '22
high
Ineffective ReserveRatio Enforcement
high
BathToken LPs Unable To Receive Bonus Token Due To Lack Of Wallet Setter Method
high
Attacker Could Steal Almost All The Bonus Token In BathBuddy Vesting Wallet
medium
Strategists can't be removed
medium
RubiconRouter: Excess ether did not return to the user
medium
No cap on fees can result in a DOS in BathToken.withdraw()
medium
Missing checks allow strategists to steal all fund via `tailOff`
medium
Outstanding Amount Of A Pool Reduced Although Tokens Are Not Repaid
medium
Admin rug vectors
medium
Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`
medium
Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter
medium
Use safeTransferFrom instead of transferFrom for ERC721 transfers
medium
Owner can modify the feeRate on existing vaults and steal the strike value on exercise
medium
Owner can set the feeRate to be greater than 100% and cause all future calls to `exercise` to revert
medium
Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited
Apr '22
Mar '22
Feb '22
Jan '22
Dec '21
Nov '21
Sep '21