Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
Feb '25
high
ExecuteTallyVM has a memory leak which will lead to nodes eventually crashing
high
Gas costs are severely underpriced for certain WASM instructions which can lead to network DoS
high
VM call_result_value function doesn't charge gas which can result in chain DoS
high
Gas free messages can be used to DoS the network
high
A single valid validator can falsify consensus through signature duplication in postBatch
high
Malicious WASM program can cause denial of service attack against SEDA validators through unbounded stdout/stderr
Jan '25
Oct '24
medium
Aug '24
Mar '24
Feb '24
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)
medium
Can mint NFT with the desired attributes by reverting transaction
Nov '23
Oct '23
Aug '23
Jun '23
May '23
high
Lack of access control on crucial USSD minting and burning functionality
high
Hardcoded slippage protection value (amountOutMinimum) of '0' can result in lost funds
high
USSDRebalancer.getOwnValuation and getSupplyProportion are vulnerable to manipulation due to how they calculate token balances
medium
Chainlink oracles are not checked for stale price
Apr '23
Mar '23
Feb '23