DateFindingImpact
July 4, 2025Proposals can be passed without quorum and threshold requirements being met Medium July 4, 2025Zero TargetBlockUtilization disables fee market Medium July 4, 2025The min_quorum > max_quorum flips interpolation Low May 30, 2025Incorrect position update order relative to isLiquidatable check in processMakerFill permits fund theft Critical May 30, 2025The isLong flag for a position is not reset to false during liquidation, preventing users from opening long positions High May 30, 2025The _gtlHook is not triggered when a GTL limit order is fully filled, resulting in inflated GTL totalAssets High May 30, 2025Stale price pointer after expired-order removal Medium May 30, 2025Time-weighted average price is manipulatable High May 30, 2025Incorrect shortcut used in isLiquidatable Medium May 30, 2025A malicious actor could block a market if minLimitOrderAmountInBase is set too low High May 30, 2025Incorrect ZeroCostTrade revert condition Medium May 30, 2025Unhandled edge case in the twap function of PriceHistoryLib Low May 30, 2025The queueWithdraw function lacks a zero-value check for the shares parameter Low May 30, 2025Inflated funding rate during first settlement Medium May 30, 2025Incorrect condition check in setMinLimitOrderAmountInBase Low May 19, 2025Excessive GitHub organization permissions High May 19, 2025Secrets in source code Medium May 19, 2025Pull requests merged without code reviews Low May 5, 2025Lack of a whitelist check High April 16, 2025Full base-token balance can be drained from CLOBManager Critical April 16, 2025Noncompetitive orders can be replaced with smaller orders Medium April 16, 2025Invalid baseReserve stalls buy on bonding curve High April 16, 2025The VIRTUAL_BASE upper-bound stalls buy on bonding curve High April 16, 2025Front-running orders is possible through order amendments Medium April 16, 2025Global bondingCurve misuse in SimpleLaunchPad functions Medium April 16, 2025WETH unwrap fails due to incorrect token flow Medium April 16, 2025Invalid fee tiers cause permanent order-matching denial of service Medium April 16, 2025Inconsistent amountIn handling in the first swap of executeRoute Low April 9, 2025Insufficient block validation High March 26, 2025Nonce reuse in adaptor signatures allows recovering signing key Critical March 26, 2025CosmWasm Stargate/Any messages bypass AnteHandler checks Critical March 26, 2025Incorrect parity check in adaptor signatures Critical March 26, 2025Panic triggered by incorrect logic in finality module’s EndBlock Critical March 26, 2025Slashed finality provider retaining voting power Critical March 26, 2025Slashed finality provider restoring voting power through pending delegations Critical March 26, 2025Arbitrary Deduction of Total Bond Satoshi from Unbonding Delegation Handling Critical March 26, 2025The btclightclient module design flaw after Babylon chain halt Critical March 26, 2025Arbitrary Deduction of Total Bond Satoshi from Expiring Delegation Handling Critical March 26, 2025Incorrect Delegation Status Check Leading to Chain Halt Critical March 26, 2025Variable-time multiplication by nonce in adaptor signatures, EOTSs, ECDSA, and Schnorr signatures High March 26, 2025Unauthenticated exposed Prometheus High March 26, 2025Unauthenticated exposed Prometheus High March 26, 2025Griefing vector through fork handling in btclightclient Medium March 26, 2025Floating values result in nondeterminism Medium March 26, 2025BLS keystore password is stored as plaintext High March 26, 2025The test keyring backend is used Medium March 26, 2025Inability to restore confirmed checkpoints to sealed state Low March 26, 2025Lack of commission-rate change restrictions in EditFinalityProvider Low March 26, 2025Hide slashing targets from vigilante by spamming Low March 26, 2025Public randomness reset due to block-height overflow Low March 26, 2025Proposal vote extensions' byte limit Medium March 26, 2025Incorrect negative checks Low March 26, 2025Unsafe swagger Content Security Policy Low March 26, 2025Multiple issues when inputting password for the BLS keystore Low March 25, 2025Untrusted input is used as trusted consensus state Critical March 25, 2025Merkle verification could be bypassed Critical March 25, 2025IBC does not work with chains that generate subsecond blocks Critical March 25, 2025Attested header is stored instead of finalized header High March 18, 2025Proof-set owner can reset proofSetLastProvenEpoch to avoid accumulated fees Medium March 18, 2025Fee refund can revert due to the gas limit or smart wallets Low March 17, 2025Users' funds can be stolen Critical March 17, 2025Fee can be minted multiple times High March 17, 2025Drain and financial loss resulting from rounding issue Medium March 17, 2025Freezing of users' funds due to excessive fee settings Medium March 17, 2025Precision loss prevents harvesting fees Low March 17, 2025Centralization risk Medium March 7, 2025Incorrect maturityFeeGrowthX128 may lead to miscalculated rewards Medium March 7, 2025Function _cleanupMaturedBuckets may run out of gas Low March 7, 2025Attacker can manipulate the initial price in the Uniswap pool Critical March 7, 2025Purchase token with zero USDC repeat Critical March 7, 2025Remove launchpadSell function from MegaRouterFacet Medium March 7, 2025MegaRouterFacet does not validate that clob is trusted Low March 7, 2025The Uniswap router contract still retains an approval after an unsuccessful swap Low February 24, 2025Broken lineage check due to governance-coin unwrap logic Critical February 24, 2025Missing MOD_HASH validation Critical February 24, 2025Improper condition filters in savings vault Critical February 24, 2025Missing condition filters in outlier resolver Critical February 24, 2025Incorrect STATUTES_MAX_IDX for statutes mutation High February 24, 2025Mistakes in auction-collateral calculations High February 24, 2025Outlier resolution--logic bugs High February 24, 2025Unverified solution parameters in announcer_registry could lead to loss of rewards High February 24, 2025Unverified solution parameters in recharge_win could lead to loss of tokens High February 24, 2025Missing timestamp validation in collateral vault High February 24, 2025Treasury withdrawals can create unauthorized treasury coins Medium February 24, 2025Unverified MIN_DEPOSIT value High February 24, 2025Veto from proposal coin has limited effect Low February 24, 2025Low gas costs of precompiles lead to denial of service High February 24, 2025The ECRecover precompile computes an incorrect key Medium February 24, 2025Missing overflow check in AddTransientGasWanted Medium February 24, 2025Lack of validation in ElasticityMultiplier causes division by zero Medium February 24, 2025Unbounded originalData can be provided Low February 24, 2025The EvmDenom can be updated by the EVM module's MsgUpdateParams Low February 24, 2025Potential division by zero in fee_checker Low February 24, 2025Potential overflow in fee_checker Low February 20, 2025Weights are calculated through total balances of tokens Medium February 20, 2025The _checkCap function is missing a check Low February 6, 2025Bypassing daily quota may lead to stuck funds High February 4, 2025Incorrect account bindings allows admin to deduct from vester Low February 4, 2025Broken uniqueness invariant in binary search Low January 31, 2025Struct not shared Low January 31, 2025Incorrect check for claimable amount Low January 31, 2025Bypass overriding index Low January 31, 2025Malformed Ether address could be added Low January 21, 2025Burn request emitted on identical amounts Low January 21, 2025Denial of service on pending requests Low January 21, 2025Debts owed by blacklisted users cannot be liquidated Critical January 21, 2025AssetDeployer deploys tokens that are vulnerable to inflation attacks High January 21, 2025Lack of freshness check in Api3Aggregator and LinkedAssetAggregator High January 21, 2025Underlying tokens can be swept by the admin Medium January 21, 2025Markets entered automatically can be exited Low January 21, 2025Infinite token approval is triggered outside the spec Low January 21, 2025Nonce collision in permit and delegateBySig functions Low January 21, 2025Potential underflow in getUnderlyingPrice due to high decimals Low January 17, 2025Signature bypass Critical January 17, 2025Migration applicable to already migrated storage account Low January 16, 2025ERC20Plugins token can lead to reentrancy issues High January 16, 2025Tokens with callback support can inflate the actualAmount High December 23, 2024Missing validation check on ERC-20 transfer Medium December 23, 2024Lack of comprehensive test suite Medium December 23, 2024Centralization risk Critical December 23, 2024Fee transfers occur without owner consent and can be front-run Low December 23, 2024Lack of access control in requestDeposit Critical December 23, 2024Potential price manipulation via read-only reentrancy in BasketToken.proRataRedeem() Medium December 23, 2024Potential asset manipulation via read-only reentrancy in BasketManagerUtils.proRataRedeem()L!\label{reentrancy_transfer} Low December 23, 2024Underflow when calculating basket balances Critical December 23, 2024Missing rebalance-status check in updateBitFlag() leads to incorrect rebalancing High December 23, 2024Incorrect swap-fee calculation on feeOnBuy High December 23, 2024Management-fee calculation results in lower effective rate High December 23, 2024Missing mapping update in BasketToken.updateBitFlag() causes rebalancing failure Medium December 20, 2024Return value of transferFrom is not checked Critical December 20, 2024Signatures can be replayed Critical December 20, 2024Validator public key is not checked Critical December 20, 2024Function getValidatorIndex returns index of first validator for every public key Critical December 20, 2024The protocol owner can withdraw all funds from the bridge High December 20, 2024Validators cannot be removed Medium December 20, 2024No domain separation for validator signatures High December 13, 2024Fees could be overcharged by duplicated chainIds during broadcast Medium December 13, 2024High voting power could be usable without minimum lock time Medium December 13, 2024Incorrect use of totalPendingTokens leads to inability to rescue ERC-1155 tokens Medium December 13, 2024Rounding issue in USDz markets High December 13, 2024Cross-chain VotingEscrow sync temporarily fails Low December 13, 2024Missing expiration time check in the fillOffer function Low December 10, 2024Missing subgroup check in BLS12-381 key and signature aggregation High December 10, 2024Memory resource exhaustion via untracked buffers Medium December 10, 2024Gas-accounting discrepancy for infinite loops Medium December 10, 2024Inefficient Metadata array validation sequence Low December 10, 2024Unbounded transaction reference validation Low November 29, 2024Message Nonce uniqueness lacks guarantees Low November 28, 2024Withdrawal does not send tokens Critical November 27, 2024Accounting validator bonds share could be broken High November 27, 2024Function BeforeTokenizeShareRecordRemoved does not work as expected Low November 19, 2024Distributor could be drained by fake pool Critical November 19, 2024Decimals of the data in the function latestRoundData High November 19, 2024The start time could be updated during the predeposit period Medium November 19, 2024The function removeExcessBids may cause internal accounting inconsistencies Medium November 19, 2024Incorrect initialization of the contract BalancerOracleAdapter Medium November 19, 2024Precision loss in the getCreateAmount and getRedeemAmount functions Medium November 19, 2024The function getOraclePrice may return an incorrect price High November 19, 2024The governance may fail to set the fee Low November 19, 2024OracleReader does not have a storage gap Low November 19, 2024Potentially obtaining a stale price Low November 19, 2024A malicious bidder could drain the Auction contract Critical November 19, 2024Incorrect PreDeposit reward High November 19, 2024Claim function could be broken by timing attack High November 19, 2024Lack of handling of auction failures High November 19, 2024Bidders are unable to claim the expected amount of reserve tokens High November 19, 2024Distribution's claim function does not update storage variables High November 19, 2024Huge bid could cause overflow in subsequent bids High November 19, 2024Number of coupon tokens obtained from the auction may differ from number of coupon tokens to be distributed High November 19, 2024Unstake could be blocked for certain users Medium November 15, 2024DOS vulnerability via MsgRegisterContract due to unlimited gas execution in BeginBlock Critical November 15, 2024DOS vulnerability from inaccurate gas estimation in BeginBlock via simCheck Critical November 15, 2024Gas-price calculation error due to integer division rounding High November 15, 2024Insufficient error handling in gas deduction for failed transactions Medium November 15, 2024Inconsistent keyshare verification and logging due to Epoch switch Low November 15, 2024Slice append issue Low November 13, 2024Using the FromValues method for the Int248 type can lead to incorrect cached SignBit Critical November 13, 2024Unconstrained arithmetic operations Critical November 13, 2024Input-uniqueness check in CircuitAPI is ignored Critical November 13, 2024Function assertInputUniqueness is unsound Critical November 13, 2024Missing fields in calculation of verifying key hash High November 13, 2024Shallow copies leading to unintended side effects High November 13, 2024Function ConstInt248 allows invalid ranges for arguments, returning incorrect values High November 13, 2024Conversion functions fromInterface and Var2BigInt return zero instead of erroring on unrecognized types High November 13, 2024No range check in ToBinary of Uint521 Medium November 13, 2024Keccak padding circuit incorrect for some input lengths Medium November 13, 2024Native Keccak padding and round-index functions incorrect Medium November 13, 2024Padding incorrect for output-commitment computation Medium November 13, 2024Assumptions made regarding log topics are not correct in full generality Medium November 13, 2024Selector not constrained to be Boolean for Select High November 13, 2024Conversion from Uint248 to Uint521 fails for values wider than 96 bits Low November 13, 2024Prover assignment will fail for custom inputs Low November 13, 2024Function to export Groth16 proofs only works for proofs with exactly one commitment Low November 13, 2024Incorrect constant used in twosComplement Low November 13, 2024Unexpected behavior for decompose-related functions on negative input Low November 13, 2024Mismatch between Uint521 type and its documentation Low November 13, 2024Raw data may be overwritten by index reuse Low November 13, 2024Data might be arranged incorrectly by rawData[T].list Low November 13, 2024Invalid receipts with empty LogField entries may be assigned Low November 13, 2024Parsing errors ignored in GetHexArray Low November 13, 2024Incorrect elliptic curve Low November 13, 2024Proof submission calls callback even if submission fails Low November 13, 2024Native tokens are not transferred to the exchange contracts High November 13, 2024No test suite High November 13, 2024The function supportToken does not configure the yield mode Medium November 13, 2024Calling the function configure regardless of whether the token is rebasing Low November 13, 2024Use of identical domain separators Low November 13, 2024Lack of storage gap in the contract EIP712VerifierU Low November 12, 2024Long-position--reserved collateral cannot be rebased High November 12, 2024VaultPriceFeed may be misconfigured, causing unexpected pricing calculations Low November 12, 2024Price feed may be gamed if insufficient rounds are captured Low November 12, 2024Extra calls into timelock EOA will fail High October 22, 2024Reachable unwrap panic in ics23_prove Critical October 21, 2024The changeOwner function does not update the UPGRADER_ROLE Low October 21, 2024Duplicate values of registry Low October 21, 2024Arithmetic overflow leading to DOS High October 21, 2024Router fee is bypassable Low October 21, 2024Missing function to remove a delegated signer High October 21, 2024Missing function to remove tokens from the whitelist Medium October 21, 2024Unset state variable custodianList Low October 21, 2024Mismatched function parameter types affecting inheritance Low October 21, 2024MoneyBrinter susceptible to stealth deposit Critical October 21, 2024Lack of user access control in StakeV2 Critical October 21, 2024Formulaic error allows stakers to steal excess rewards Critical October 21, 2024The rewardIndex only increases, leading to eventual inability to claim rewards High October 21, 2024Manager can leak funds during reward distribution Medium October 21, 2024Zapper contract leaks excess token balance to OBRouter Low October 21, 2024Circuit Breaker's unsafe casting results in errors during liquidity tracking Low October 15, 2024Log parsing issue in extract_required_fee_from_log Low October 15, 2024Soft-block channel capacity misconfiguration Low October 15, 2024Potential overflow in celestia_block_variance to usize conversion Low October 15, 2024Universal XSS in Fuelet dApp WebView Critical October 15, 2024Origin impersonation via URL username and elision High October 15, 2024Optimizable PasswordManager check Medium October 15, 2024Insecure cloud-backup encryption Medium October 15, 2024Type confusion between Withdrawal and Cancel actions Critical October 15, 2024Reentrancy issue allowing repeat withdrawals Critical October 15, 2024Improper status tracking High October 15, 2024Raw ERC-20 interface usage Medium October 15, 2024Incorrect tracking of in-use status for alias accounts Low October 15, 2024Missing maximum-number-of-sequencers check Low September 11, 2024Signature replay allows unauthorized migrations Critical September 11, 2024No test suite High September 11, 2024Tokens from previous migrations may be lost Medium September 11, 2024Uneffective wETH limit Low September 3, 2024Fee-recipient reentrancy High September 3, 2024Fee recipient can censor forum posts High September 3, 2024Constructor left uninitialized Medium September 3, 2024Identifiable anonymous tokens Low September 3, 2024Fee amount may be rounded to zero Low September 3, 2024Edit function does not change ERC-20 symbol and name Low September 3, 2024Native ETH may be sent by mistake in some cases Low August 28, 2024Range check in add_slice_at_offset Low August 16, 2024ERC-1155 mint can be reentered with Critical August 16, 2024Possible fee leeching Medium August 16, 2024Possible DOS Medium August 16, 2024The costSharePrice is not properly maintained Low August 13, 2024There is no upper limit to the time-out on PFM packets Medium August 13, 2024Missing prefix for RefundPacketKey Medium August 3, 2024Invalid address could break down the bridge withdrawer High August 3, 2024Arbitrary withdrawal could be executed by bridge admin High August 3, 2024Withdrawal event could be reused by bridge admin High August 3, 2024TOCTOU bugs in ActionHandler Medium August 3, 2024Withdrawer address is not working in ICS20 withdrawal Low July 23, 2024Range check in unsafe_evaluate_multiply_add may be ineffective Critical July 23, 2024Underflow possible in evaluate_non_native_field_multiplication Critical July 23, 2024Overflow possible in evaluate_non_native_field_multiplication Critical July 23, 2024Missing field_t normalization in constructor Critical July 23, 2024Missing range check in constructors Critical July 23, 2024Missing consistency check for prime limb in constructor Critical July 23, 2024Proving that multiples of L!$p$ are unequal to L!$0$ modulo L!$p$ possible Critical July 23, 2024Equation checks not enforced Medium July 23, 2024Large limbs for constant inputs to conditional_negate Medium July 23, 2024Incomplete constant check Low July 23, 2024Null-pointer dereference Low July 23, 2024Handling of max argument to Limb constructor Low July 23, 2024Mistakes in calculation of MAX_UNREDUCED_LIMB_SIZE Low July 23, 2024Behavior of assert_equal for constant operands Low July 23, 2024Assert for add_to_lower_limb could be ineffective due to overflow Low July 15, 2024Chain halt due to unbounded votes by proposer High July 12, 2024Reward-token registration is irreversible Critical July 12, 2024PDT can be set as a reward token and withdrawn by admin Medium July 12, 2024The transferFrom function could fail Medium July 12, 2024The approve function could fail Medium July 12, 2024Rounding errors in computing fee Medium July 9, 2024Aggregation ISM cannot skip ISMs Critical July 9, 2024Modules cannot be removed from routing ISM Medium July 9, 2024Routing ISM with the fallback configuration does not show fallback behavior Medium July 9, 2024Owner address is not initialized Medium July 9, 2024Incorrect size for fetching branches of the Merkle tree Medium July 9, 2024Message can be sent multiple times to an untrusted recipient Medium July 9, 2024Announcing a new storage location overwrites the previous storage location Low July 9, 2024Aggregation ISM misfunctions if more than 255 modules exist Low July 9, 2024ISM configuration of MailboxComponent is disregarded Low July 9, 2024Unclear behavior of the function set_modules Low July 9, 2024Incorrect size of StoreFelt252Array Low July 9, 2024Incorrect splitting of a number in Keccak implementation Critical July 9, 2024Improper optimization in Keccak implementation Critical July 9, 2024Dynamic variable size for hash parameters Critical July 9, 2024Message incorrectly includes the size of body Critical July 9, 2024Multisig ISM allows duplicated signatures High July 9, 2024The protocol fee hook will always be reverted High July 9, 2024The contractAddress type cannot use the 32-byte addressing mechanism High July 9, 2024Input arguments in the Bytes type may be invalid High July 8, 2024Potential vulnerability in _aggregatePubkey update mechanism Critical July 8, 2024Lack of proof-of-possession verification High July 8, 2024Incorrect curve mapping Medium July 8, 2024Bias in hashToField function Low June 28, 2024Lack of input validations Low June 28, 2024Invalid creation of unbonding TX leads to loss of gas Medium June 28, 2024Authz module can be used to bypass validator message checks Critical June 28, 2024Finality provider can crash when submitting signature on finalized block Critical June 28, 2024Finality provider can get stuck in an infinite loop Critical June 28, 2024BTC reorg would lead to slash avoidance Critical June 28, 2024Vigilante makes an unnecessary report to Babylon Low June 28, 2024Differences between signHash and Sign Low June 28, 2024Finality provider BTC private key used as HMAC key for generating nonces Low June 18, 2024Unsound native-function declaration leading to critical verifier bypass Critical June 18, 2024Infinite recursion possible with module dependencies Critical June 18, 2024Unchecked UTF-8 decoding enables memory corruption Critical June 18, 2024Missing gas charge on memo in native_nft_transfer High June 18, 2024Next zapping ID potentially duplicated High June 18, 2024Published module names do not necessarily match binary module High June 18, 2024Ability to bypass swap fees Low June 18, 2024Module can be duplicated in module publish requests Low June 18, 2024Hex decode accepting invalid characters Low June 18, 2024Stablepools can be created with one or no assets High June 18, 2024Bad decimal-parsing function accepts multiple dots Low June 18, 2024Potential out-of-gas reversion when checking object permissions Low June 18, 2024Stablepool swap can be called, repeating the same asset High June 18, 2024Incorrect string-formatting helper Low June 18, 2024Incorrect minimum-TVL module-parameter check Low June 18, 2024Frozen module coin store can cause chain halt High June 18, 2024Malicious proposer can skip fee check High June 18, 2024A malicious user can become a permissioned relayer for IBC Medium June 18, 2024Move coins can be burned twice High June 18, 2024Move coin transfer can bypass blocked accounts Medium June 18, 2024Error not checked when fetching starting info Low June 18, 2024Move coins are case-insensitive in cosmos Low June 18, 2024Query gas limit not enforced through bank module High June 18, 2024Incorrect signer check for shorthand accounts High June 18, 2024Validator set updates can skip current validators High June 18, 2024Challenger can increase the next output index Medium June 18, 2024Missing token pair will crash the bridge executor Medium June 18, 2024Withdrawal hash clash using variable-length fields High June 14, 2024Fake pool could drain all the pool's tokens Critical June 14, 2024The redeemShort function is available before the pool is closed Critical June 14, 2024Simultaneous pool starting and closing is possible High June 14, 2024Order could be executed after the end of the pool's duration Medium June 14, 2024Bounty does not work with low-decimal tokens Medium June 14, 2024Lack of check that an order has already been canceled Low June 14, 2024Redeem functions do not work correctly Critical June 7, 2024Public input length might not be checked as intended due to overflow Low June 7, 2024Function AssignedKeccakInputs::to_instance_values incorrect for fixed-length inputs Low June 6, 2024Maximum supply cap is not immutable Low June 5, 2024Missing constraints in the copy circuit for MCOPY allow inserting illegitimate entries in the rw table Critical June 5, 2024Lack of constraints specific to transient storage and transaction receipts in the state circuit Critical June 5, 2024Source address is not constrained for ErrorOOGMemoryCopyGadget, allowing illegitimate reverts on MCOPY Critical June 5, 2024Step transition for end_tx not constrained Critical June 5, 2024Completeness issue for some out-of-gas cases for MCOPY Medium June 4, 2024Lack of stale price check in getAssetPrice function High June 4, 2024Unnecessary parameter usage in getRoundData function Low June 4, 2024Centralization risk in setPyth function Low May 22, 2024The supply limit limits issue, not supply High May 22, 2024Anyone can create tokens before initialization High May 22, 2024The `AssertContractInitialized` function should check `Initialized` High May 22, 2024Calling `ChangeOwner` may lock ownership upon user error Medium May 22, 2024No guard on admin-set fee rate Medium May 22, 2024Deadline-enforcement unit is inconsistent Low May 21, 2024Wrong fee mechanism in redeemBackSPCT Medium May 21, 2024Transfer event is emitted twice for minting or burning USDz Medium May 21, 2024Protection logic in rescueERC20 can be bypassed Low May 20, 2024Verification-batching implementation unsound Critical May 20, 2024Proving fails for public inputs that are all zero Medium May 9, 2024Centralization risk Medium May 9, 2024Underflow Medium May 8, 2024Missing yield-mode configuration Low May 8, 2024Minimum amount of `claimYield` does not work Low April 30, 2024Centralization risk Critical April 30, 2024Fee amount not burned Low April 30, 2024No genesis state validation Low April 19, 2024Reentrancy in withdrawals Critical April 19, 2024Centralization Risk High April 19, 2024Nonpayable `bridgeTokenConnext` function Low April 19, 2024Nonpayable `bridgeTokenArb` function Medium April 19, 2024Allowance given to incorrect address Medium April 19, 2024Fixed depositor reentrancy can take all the ETH Critical April 19, 2024Unsafe handling of over-100% early exit fees Critical April 19, 2024Clone construction leaves constants uninitialized High April 19, 2024Quadratic-complexity logic risks gas-limit attacks High April 19, 2024Inconsistent division of fixed-side withdrawals High April 19, 2024Variable-side yield on yield is unfairly split Medium April 19, 2024Variable side cannot always withdraw fee share Medium April 19, 2024Open receive function can lock native ETH Low April 19, 2024Implementation contract can be used Low April 19, 2024Incorrect withdrawnFeeEarnings after finalization Low April 19, 2024Reentrancy can falsify isStarted in emitted event Low April 19, 2024Inactive variable depositor locks protocol fees Low April 16, 2024Successful swaps do not update spread High April 16, 2024Griefing potential High April 16, 2024The fallback function can collide with selectors Medium April 16, 2024Halving spread in base-to-base may be unsafe Medium April 16, 2024Chainlink data staleness Medium April 16, 2024Sandwich attack can affect base-to-base swap fee Low April 16, 2024Arbitrary calldata in `externalSwap` may be unsafe Low April 12, 2024Double spend for multi-input-actions Critical April 12, 2024Note-footer reuse within same action High April 12, 2024Note footer reuse in DarkpoolAssetManager High April 12, 2024Uniswap liquidity fee manipulation Medium April 12, 2024No slippage limits in UniswapLiquidityAssetManager Medium April 12, 2024Relayers can drain Curve asset managers Medium April 12, 2024Transfer and approval done by `_transferERC20` Medium April 12, 2024Low-entropy note generation Medium April 12, 2024Pool parameters are not verified Low April 12, 2024Signatures in circuits are not domain separated Low April 12, 2024Incomplete asset-validation logic Low April 12, 2024Reentrancy in withdrawals leading to double-spend Critical April 12, 2024Uniswap liquidity positions stealable Critical April 12, 2024Lack of wraparound protection in circuits Critical April 12, 2024Uniswap swaps can get stolen Critical April 12, 2024Fund lock via dummy notes in curve\_add\_liquidity Critical April 12, 2024Reentrancy for multi-asset-actions Critical April 12, 2024Relayers can steal from users/relayers Critical April 12, 2024Note footers not checked by `uniswapCollectFees` High April 11, 2024No withdrawal function High April 10, 2024Centralization risk High April 10, 2024Withdrawal bricks High March 29, 2024Infinite loop in `_getSelfDelegations` High March 29, 2024Minimum staking is only checked in registration High March 29, 2024States are not automatically synced Medium March 28, 2024Calling reconcile can lead to stuck funds High March 28, 2024First depositor Issue Low March 18, 2024Stale prices from oracle High March 18, 2024Zero price from the fallback oracle High March 18, 2024The leverage closing function fails in most cases Medium March 18, 2024Inconsistent sources of decimal information Medium March 18, 2024Suspending a token does not clear the variable High March 18, 2024The locked amount is truncated to `int128` High March 18, 2024Emergency withdrawal mechanism breaks assumptions Low March 18, 2024An interest portion of collected fees are locked High March 18, 2024Collected fees cannot be claimed after withdrawal Medium March 13, 2024Deposit/stake functions are front-runnable High March 13, 2024Updating when `TRIGGERED` High March 13, 2024Centralized control of fee-dripping model High March 13, 2024round-issue-in-reward Medium March 13, 2024Fee dripped in any state Medium March 13, 2024Wrong ERC bricks fee system Medium March 13, 2024Deprivileging manager by owner Low March 13, 2024Deterministic address Low March 13, 2024Repeated validator IDs, `batchRevertExitRequest` Critical March 13, 2024ETH sent to wrong address on cancellation Critical March 13, 2024BNFT holder is compared with an incorrect address Medium March 13, 2024Repeated validator IDs, `batchSendExitRequest` Critical March 13, 2024BNFT holder could cancel the deposit Critical March 13, 2024Malicious users could mint themselves NFTs Critical March 13, 2024Wrong rewards calculation High March 13, 2024Queued withdrawals are not claimed by `forcePartialWithdraw` Medium March 13, 2024Deposit cancellation may fail Medium March 13, 2024Reward and withdrawal payout getters might fail Low March 5, 2024Owner set for implementation instead of proxy Medium March 5, 2024Using deprecated Chainlink function Medium March 5, 2024Using invalid Maker token address Low March 5, 2024Incorrect ICS-20 balance on time-out Critical March 5, 2024Arbitrary balance via dummy spend Critical March 5, 2024Asset total supply can be inflated Critical March 5, 2024Delegation tokens can be forged Critical March 5, 2024Multiple positions with the same ID Critical March 5, 2024IBC time-out packet is fallible High March 5, 2024Division by zero in SwapExecution::max\_price High March 5, 2024Duplicate `validator::Definitions` in transaction High March 5, 2024SwapClaim proof panic High March 5, 2024Panic in `handle_batch_swaps` High March 5, 2024Limit orders can be erroneously closed Medium March 5, 2024Gas fees can be paid in any asset Medium March 5, 2024Incorrect denom prefix replacement Medium March 5, 2024Malicious validator can trigger epoch Low March 5, 2024Unchecked addition in ICS-20 transfer Low March 5, 2024No mechanism for debt write-off Medium March 5, 2024Rate limiter can be abused Medium March 4, 2024Data hash underconstrained Critical March 4, 2024End hash underconstrained Critical March 4, 2024Underconstrained `prove_subchain` inputs Critical March 4, 2024End block height not range checked Critical March 4, 2024Tendermint X skip underconstrained Critical March 4, 2024Data commitment batch-size undeflow Low February 29, 2024Transfer return Medium February 29, 2024Lack-of-pool check Low February 28, 2024Origin spoofing High February 28, 2024Improper URL handling High February 28, 2024Improper host High February 28, 2024Suboptimal symmetric key derivation Medium February 28, 2024Suboptimal symmetric key derivation Medium February 28, 2024Calm period detection Critical February 28, 2024TWAP interval High February 28, 2024Balances discontinuous High February 28, 2024Calm period not checked High February 28, 2024Paused state Medium February 28, 2024Withdrawals might revert Medium February 28, 2024Withdraw might not add liquidity again Low February 28, 2024Vault withdraw slippage Low February 28, 2024Deposit rounding Low February 28, 2024Uniswap mint edge case Low February 22, 2024Traders can increase collateral Critical February 22, 2024Order ID reuse due to multiple `PriceUpkeeps` Critical February 22, 2024Incorrect funding-rate calculation High February 22, 2024Total open PNL improperly adjusted at zero price High February 22, 2024Vault PNL per token is only scaled if negative High February 22, 2024The `maxAllowedCollateral` check could be bypassed Medium February 22, 2024Premium price feeds are not used Medium February 22, 2024Value of `groupsCollaterals` could exceed Medium February 22, 2024Extra `PRECISION_6` divides `utilizationFee` Medium February 22, 2024Incorrect funding-rate calculation due to rounding Medium February 22, 2024Centralization risk of trusted owner Medium February 22, 2024Any allowance allows unlimited withdrawal changes Low February 22, 2024Market-close time-out reissuance can be skipped Low February 22, 2024Unexecutable trades added to `tradesToTrigger` Low February 22, 2024No penalty for missed withdrawals from OstiumVault Low February 22, 2024Trade closing can revert in `sendAssets` Low February 22, 2024Locked deposit-discount accounting time Low February 22, 2024Erroneous token transfer in `UpdateTokenShares` High February 22, 2024The `_toLower` incorrectly handles Unicode Medium February 14, 2024Session key `maxAmount` parameter is not stateful Critical February 12, 2024Potential DOS Critical February 12, 2024Preferential swaps Critical February 12, 2024Withdraw leads to loss of stake Critical February 12, 2024Centralization risks High February 6, 2024Potential front-running for `buy` Medium February 5, 2024Minimum confirmations check High February 5, 2024Malicious libraries Medium January 26, 2024Invariant may be calculated incorrectly Medium January 26, 2024Incorrect operator in `_tweakPrice` Low January 26, 2024Exit-fee arbitrage Low January 26, 2024Rebalance asset/liability slippage Low January 26, 2024Seed-deposit mispricing Low January 11, 2024Incorrect calculation effectively removes fee High January 11, 2024Front-runners can cancel any permit deposit High January 11, 2024Completing unqueued withdrawal loses/locks funds High January 11, 2024More than one strategy per token breaks accounting Medium January 11, 2024Admins can steal funds by self-sandwiching swaps Medium January 11, 2024Accumulated fee logic can prevent withdrawals Low January 11, 2024ERC-20 deposit and queued withdrawal whitelists Low January 9, 2024Centralization risk Critical January 9, 2024Incorrect down payment calculation Critical January 9, 2024Unused on-chain interest calculation High January 9, 2024Zero interest automatically changed to maximum Low January 9, 2024Loss of precision Low January 9, 2024Missing length check Low January 9, 2024Initializers not disabled Low January 9, 2024User is able to revert a position being closed Medium December 21, 2023Lack of input validation Low December 21, 2023Reentrancy in the `manage` function Low December 8, 2023Calls may be queued multiple times High December 8, 2023Funds may be trapped in the protocol Medium December 8, 2023Broker fees are not taken from swap amount Critical December 4, 2023Removal-of-owners underflow Medium December 4, 2023Wrong parameter used in revert Low December 4, 2023Entries of `eoaOwners` not checked Low December 1, 2023Stop loss higher than `openPrice` causes fund loss Critical December 1, 2023Unsafe cast in take profit can lead to fund loss Critical December 1, 2023No access control on `setWithdrawThreshold` Critical December 1, 2023Reserve requirement checked before withdrawal Critical December 1, 2023Locked shares have undue access to rewards Critical December 1, 2023Max profit can exceed amount reserved from vault Critical December 1, 2023Update margin uses new leverage High December 1, 2023Partial trades update open-interest incorrectly High December 1, 2023Referrer rebates must not decrease `totalRewards` High December 1, 2023Precision loss in `totalLockPoints` High December 1, 2023Wrong reserve ratio returned by getReserveRatio High December 1, 2023Loss-protection tier is reduced for larger trades High December 1, 2023Trading inflow much less than zero skew outflow High December 1, 2023Arbitrage opportunities with older price feeds Medium December 1, 2023Margin update assumes zero price in backup mode Medium December 1, 2023Referral close function includes referrer rebate Medium December 1, 2023Bot latency prevents limit-close order execution High December 1, 2023Referrer-code transfer process breaks assumptions Medium December 1, 2023Delayed force unlock causes reward insolvency High December 1, 2023Price impact is not tracked cumulatively Medium December 1, 2023Loss protection reduces the -100% cap on losses Medium December 1, 2023Miscalculation of `totalPrincipalDeposited` Low December 1, 2023Fee charged without market-order placement Low December 1, 2023One account can register multiple referral codes Low December 1, 2023Vault manager cannot access entire junior tranche Low December 1, 2023The maxRedeem function should comply with ERC-4626 Low December 1, 2023Incorrect access control causes update lockout Low December 1, 2023Trader contract can bypass max trades per pair Low December 1, 2023Limit-order timelock not initialized on open Low December 1, 2023Partial closes emit incorrect value Low December 1, 2023Function lacks incorrect-payment sanity checks Low November 24, 2023Anyone can become a validator Critical November 24, 2023Storage not set properly High November 24, 2023Out-of-bounds access High November 24, 2023Inaccurate handling in `findModelerUpperBound` Medium November 24, 2023Storage gaps improperly defined Medium November 24, 2023Incorrect removal logic Medium November 24, 2023Properties should be updated in `updateModel` Low November 14, 2023No enforced minimum value on `fixedPriceMarkup` Medium November 14, 2023Multiple events in the same TX cause loss of funds Critical November 14, 2023TSS funds migration may not be done correctly Medium November 14, 2023ZRC-20 mapping is overwritten on new deployment Medium November 14, 2023ZRC-20 paused status can be bypassed High November 14, 2023No slippage limit set in Uniswap swap Medium November 14, 2023Median gas-price threshold Medium November 14, 2023ZetaChain pays gas costs for EVM-to-zEVM transfers High November 9, 2023Possible DOS on cross-chain messages Critical November 9, 2023Large withdrawal may be blocked High November 9, 2023No health checks High November 9, 2023The `ecrecover` malleability Medium November 9, 2023Function inputs need validation High November 9, 2023Nonces not used in signatures Medium November 9, 2023Default blocking behavior on LZ High November 9, 2023Restore frozen balance Medium November 7, 2023Incorrect trade-volume calculation High November 6, 2023Missing selector validation High November 6, 2023Potential guardian deanonymization risk Low October 30, 2023Addition for equal summands wrong High October 30, 2023Signatures with large `r` rejected High October 30, 2023Validity of public keys High October 30, 2023Collateral inflation Critical October 30, 2023Free liquidation Critical October 30, 2023Interest theft Critical October 30, 2023Centralized pricing arbitrage High October 30, 2023Slippage is set to zero during swap High October 30, 2023EIP-712 fork replayable signature High October 30, 2023Assure debtors are auctionable Medium October 30, 2023Calculations reduce value of user collateral Low October 30, 2023ERC-4626 vault inflation Medium October 30, 2023Emissions can be claimed multiple times Critical October 30, 2023Value can be artificially inflated High October 30, 2023The lack of token addresses' verification High October 30, 2023The lack of verification of the payload data High October 30, 2023Incorrect loop implementation in function Low October 30, 2023Array out-of-bound exception in `_removeVaults` Low October 30, 2023The function `_removeVaults` returns early Low October 30, 2023The `weightStrategy` range violation Low October 30, 2023Incompatibility with USDT token Medium October 30, 2023Conversion does not account for token decimals Medium October 30, 2023Malicious users can profit Medium October 30, 2023Incorrect `weights` calculation Medium October 30, 2023Incorrect return value in `fetchEpochIds` Medium October 20, 2023Attacker-deployed ERC-20s High October 20, 2023Arbitrage opportunities bypass deposit limits High October 20, 2023Bundler calls can be identified and front-run Low October 20, 2023Operation with zero joinsplits can be tampered Low October 20, 2023Note encryption is unconstrained Low October 16, 2023Denial of service Low October 12, 2023Authentication bypass Critical October 12, 2023Fee payer authentication Critical October 12, 2023Any/all authenticators skip postexecution checks High October 12, 2023Multiple signers' auth bypass High October 12, 2023Incorrect validation Medium October 12, 2023Authentication bypass Medium October 12, 2023Incorrect error check Low October 12, 2023Panic for zero signers Low October 12, 2023Fee payer authentication Low October 2, 2023Insufficient test coverage Low September 21, 2023Vester incorrect burn High September 21, 2023Cancellation still allows rewards to be claimed Medium September 15, 2023Test coverage Low Sept 13, 2023First depositor issue Low September 7, 2023Flywheel index mismatch issue during `optOut` High August 25, 2023ERC-4626 inflation attack Critical August 25, 2023Negative liquidations can cause bank run High August 25, 2023Markets missing slippage protection Medium August 25, 2023Reentrancy due to unauthenticated calls Low August 25, 2023Malicious market can drain funds from MultiInvoker Low August 17, 2023The `lastWithdrawalAt` is not initialized Low August 14, 2023Signature bypass Critical August 14, 2023PasskeyDecodeError High August 14, 2023Missing tests Medium August 14, 2023Modexp gas limit High August 14, 2023CurveTestFailures High August 14, 2023Withdrawal finalization does not work High August 14, 2023Disputed actions are not blocked High July 31, 2023High-fraction liquidations Critical July 31, 2023Boost delegator might not receive delegate fee Low July 25, 2023Risk of unintended token minting High July 25, 2023Possible DOS Medium July 25, 2023No storage gap Medium July 12, 2023Migrate recalled Medium July 12, 2023Param limit Low July 12, 2023Ethermint Ante handler bypass High July 12, 2023Missing `nil` check in Zetaclient High July 12, 2023Admin policy check will always fail Medium July 11, 2023Initializer High July 11, 2023Fee-on-transfer tokens Low July 10, 2023Insecure default value for JWT secret Medium July 5, 2023Inconsistencies in signers and roles Medium July 5, 2023Lack of input validation Low July 3, 2023Margin ratio not checked Critical July 3, 2023Iterating over maps High July 3, 2023AMM price manipulation Critical July 3, 2023Sender is not checked Critical July 3, 2023Wasm bindings validation Critical July 3, 2023Incorrect TWAP price High July 3, 2023Panic in `EndBlock` hooks High July 3, 2023TWAP not updated High July 3, 2023`BeginBlocker` chain halt High July 3, 2023Large `rewardSpread` High June 26, 2023ZK and MPT Verifiers High June 26, 2023Test suite Low May 12, 2023Missing registry check in `restrict` Low May 12, 2023Restriction pattern creates centralization risk Low March 9, 2023Missing valid vault address check in processDepositQueue High March 9, 2023A malicious or compromised trader admin may lead to locked funds Medium March 9, 2023The vaultAddress validity check can be bypassed Medium March 9, 2023Ability to deposit on other users' behalf Medium March 9, 2023Missing status check in openVaultDeposits Low March 9, 2023Missing sanity checks for crucial protocol parameters Medium March 9, 2023Gas griefing using zero-value deposits and withdrawals Low Proposals can be passed without quorum and threshold requirements being metLearn more↗
July 4, 2025 MediumZero TargetBlockUtilization disables fee marketLearn more↗
July 4, 2025 MediumThe min_quorum > max_quorum flips interpolationLearn more↗
July 4, 2025 LowIncorrect position update order relative to isLiquidatable check in processMakerFill permits fund theftLearn more↗
May 30, 2025 CriticalThe isLong flag for a position is not reset to false during liquidation, preventing users from opening long positionsLearn more↗
May 30, 2025 HighThe _gtlHook is not triggered when a GTL limit order is fully filled, resulting in inflated GTL totalAssetsLearn more↗
May 30, 2025 HighStale price pointer after expired-order removalLearn more↗
May 30, 2025 MediumTime-weighted average price is manipulatableLearn more↗
May 30, 2025 HighA malicious actor could block a market if minLimitOrderAmountInBase is set too lowLearn more↗
May 30, 2025 HighUnhandled edge case in the twap function of PriceHistoryLibLearn more↗
May 30, 2025 LowThe queueWithdraw function lacks a zero-value check for the shares parameterLearn more↗
May 30, 2025 LowInflated funding rate during first settlementLearn more↗
May 30, 2025 MediumIncorrect condition check in setMinLimitOrderAmountInBaseLearn more↗
May 30, 2025 LowFull base-token balance can be drained from CLOBManagerLearn more↗
April 16, 2025 CriticalNoncompetitive orders can be replaced with smaller ordersLearn more↗
April 16, 2025 MediumInvalid baseReserve stalls buy on bonding curveLearn more↗
April 16, 2025 HighThe VIRTUAL_BASE upper-bound stalls buy on bonding curveLearn more↗
April 16, 2025 HighFront-running orders is possible through order amendmentsLearn more↗
April 16, 2025 MediumGlobal bondingCurve misuse in SimpleLaunchPad functionsLearn more↗
April 16, 2025 MediumWETH unwrap fails due to incorrect token flowLearn more↗
April 16, 2025 MediumInvalid fee tiers cause permanent order-matching denial of serviceLearn more↗
April 16, 2025 MediumInconsistent amountIn handling in the first swap of executeRouteLearn more↗
April 16, 2025 LowNonce reuse in adaptor signatures allows recovering signing keyLearn more↗
March 26, 2025 CriticalCosmWasm Stargate/Any messages bypass AnteHandler checksLearn more↗
March 26, 2025 CriticalIncorrect parity check in adaptor signaturesLearn more↗
March 26, 2025 CriticalPanic triggered by incorrect logic in finality module’s EndBlockLearn more↗
March 26, 2025 CriticalSlashed finality provider retaining voting powerLearn more↗
March 26, 2025 CriticalSlashed finality provider restoring voting power through pending delegationsLearn more↗
March 26, 2025 CriticalArbitrary Deduction of Total Bond Satoshi from Unbonding Delegation HandlingLearn more↗
March 26, 2025 CriticalThe btclightclient module design flaw after Babylon chain haltLearn more↗
March 26, 2025 CriticalArbitrary Deduction of Total Bond Satoshi from Expiring Delegation HandlingLearn more↗
March 26, 2025 CriticalIncorrect Delegation Status Check Leading to Chain HaltLearn more↗
March 26, 2025 CriticalVariable-time multiplication by nonce in adaptor signatures, EOTSs, ECDSA, and Schnorr signaturesLearn more↗
March 26, 2025 HighGriefing vector through fork handling in btclightclientLearn more↗
March 26, 2025 MediumBLS keystore password is stored as plaintextLearn more↗
March 26, 2025 HighInability to restore confirmed checkpoints to sealed stateLearn more↗
March 26, 2025 LowLack of commission-rate change restrictions in EditFinalityProviderLearn more↗
March 26, 2025 LowHide slashing targets from vigilante by spammingLearn more↗
March 26, 2025 LowPublic randomness reset due to block-height overflowLearn more↗
March 26, 2025 LowMultiple issues when inputting password for the BLS keystoreLearn more↗
March 26, 2025 LowUntrusted input is used as trusted consensus stateLearn more↗
March 25, 2025 CriticalIBC does not work with chains that generate subsecond blocksLearn more↗
March 25, 2025 CriticalAttested header is stored instead of finalized headerLearn more↗
March 25, 2025 HighProof-set owner can reset proofSetLastProvenEpoch to avoid accumulated feesLearn more↗
March 18, 2025 MediumFee refund can revert due to the gas limit or smart walletsLearn more↗
March 18, 2025 LowDrain and financial loss resulting from rounding issueLearn more↗
March 17, 2025 MediumFreezing of users' funds due to excessive fee settingsLearn more↗
March 17, 2025 MediumIncorrect maturityFeeGrowthX128 may lead to miscalculated rewardsLearn more↗
March 7, 2025 MediumFunction _cleanupMaturedBuckets may run out of gasLearn more↗
March 7, 2025 LowAttacker can manipulate the initial price in the Uniswap poolLearn more↗
March 7, 2025 CriticalRemove launchpadSell function from MegaRouterFacetLearn more↗
March 7, 2025 MediumMegaRouterFacet does not validate that clob is trustedLearn more↗
March 7, 2025 LowThe Uniswap router contract still retains an approval after an unsuccessful swapLearn more↗
March 7, 2025 LowBroken lineage check due to governance-coin unwrap logicLearn more↗
February 24, 2025 CriticalFebruary 24, 2025 Critical February 24, 2025 Critical Missing condition filters in outlier resolverLearn more↗
February 24, 2025 CriticalIncorrect STATUTES_MAX_IDX for statutes mutationLearn more↗
February 24, 2025 HighUnverified solution parameters in announcer_registry could lead to loss of rewardsLearn more↗
February 24, 2025 HighUnverified solution parameters in recharge_win could lead to loss of tokensLearn more↗
February 24, 2025 HighMissing timestamp validation in collateral vaultLearn more↗
February 24, 2025 HighTreasury withdrawals can create unauthorized treasury coinsLearn more↗
February 24, 2025 MediumLow gas costs of precompiles lead to denial of serviceLearn more↗
February 24, 2025 HighThe ECRecover precompile computes an incorrect keyLearn more↗
February 24, 2025 MediumMissing overflow check in AddTransientGasWantedLearn more↗
February 24, 2025 MediumLack of validation in ElasticityMultiplier causes division by zeroLearn more↗
February 24, 2025 MediumThe EvmDenom can be updated by the EVM module's MsgUpdateParamsLearn more↗
February 24, 2025 LowWeights are calculated through total balances of tokensLearn more↗
February 20, 2025 MediumBypassing daily quota may lead to stuck fundsLearn more↗
February 6, 2025 HighIncorrect account bindings allows admin to deduct from vesterLearn more↗
February 4, 2025 LowBroken uniqueness invariant in binary searchLearn more↗
February 4, 2025 LowDebts owed by blacklisted users cannot be liquidatedLearn more↗
January 21, 2025 CriticalAssetDeployer deploys tokens that are vulnerable to inflation attacksLearn more↗
January 21, 2025 HighLack of freshness check in Api3Aggregator and LinkedAssetAggregatorLearn more↗
January 21, 2025 HighInfinite token approval is triggered outside the specLearn more↗
January 21, 2025 LowNonce collision in permit and delegateBySig functionsLearn more↗
January 21, 2025 LowPotential underflow in getUnderlyingPrice due to high decimalsLearn more↗
January 21, 2025 LowJanuary 17, 2025 Critical Migration applicable to already migrated storage accountLearn more↗
January 17, 2025 LowERC20Plugins token can lead to reentrancy issuesLearn more↗
January 16, 2025 HighTokens with callback support can inflate the actualAmountLearn more↗
January 16, 2025 HighDecember 23, 2024 Critical Fee transfers occur without owner consent and can be front-runLearn more↗
December 23, 2024 LowDecember 23, 2024 Critical Potential price manipulation via read-only reentrancy in BasketToken.proRataRedeem()Learn more↗
December 23, 2024 MediumPotential asset manipulation via read-only reentrancy in BasketManagerUtils.proRataRedeem()L!\label{reentrancy_transfer}Learn more↗
December 23, 2024 LowDecember 23, 2024 Critical Missing rebalance-status check in updateBitFlag() leads to incorrect rebalancingLearn more↗
December 23, 2024 HighManagement-fee calculation results in lower effective rateLearn more↗
December 23, 2024 HighMissing mapping update in BasketToken.updateBitFlag() causes rebalancing failureLearn more↗
December 23, 2024 MediumDecember 20, 2024 Critical December 20, 2024 Critical December 20, 2024 Critical Function getValidatorIndex returns index of first validator for every public keyLearn more↗
December 20, 2024 CriticalThe protocol owner can withdraw all funds from the bridgeLearn more↗
December 20, 2024 HighNo domain separation for validator signaturesLearn more↗
December 20, 2024 HighFees could be overcharged by duplicated chainIds during broadcastLearn more↗
December 13, 2024 MediumHigh voting power could be usable without minimum lock timeLearn more↗
December 13, 2024 MediumIncorrect use of totalPendingTokens leads to inability to rescue ERC-1155 tokensLearn more↗
December 13, 2024 MediumCross-chain VotingEscrow sync temporarily failsLearn more↗
December 13, 2024 LowMissing expiration time check in the fillOffer functionLearn more↗
December 13, 2024 LowMissing subgroup check in BLS12-381 key and signature aggregationLearn more↗
December 10, 2024 HighMemory resource exhaustion via untracked buffersLearn more↗
December 10, 2024 MediumGas-accounting discrepancy for infinite loopsLearn more↗
December 10, 2024 MediumInefficient Metadata array validation sequenceLearn more↗
December 10, 2024 LowNovember 28, 2024 Critical Accounting validator bonds share could be brokenLearn more↗
November 27, 2024 HighFunction BeforeTokenizeShareRecordRemoved does not work as expectedLearn more↗
November 27, 2024 LowNovember 19, 2024 Critical Decimals of the data in the function latestRoundDataLearn more↗
November 19, 2024 HighThe start time could be updated during the predeposit periodLearn more↗
November 19, 2024 MediumThe function removeExcessBids may cause internal accounting inconsistenciesLearn more↗
November 19, 2024 MediumIncorrect initialization of the contract BalancerOracleAdapterLearn more↗
November 19, 2024 MediumPrecision loss in the getCreateAmount and getRedeemAmount functionsLearn more↗
November 19, 2024 MediumThe function getOraclePrice may return an incorrect priceLearn more↗
November 19, 2024 HighA malicious bidder could drain the Auction contractLearn more↗
November 19, 2024 CriticalClaim function could be broken by timing attackLearn more↗
November 19, 2024 HighBidders are unable to claim the expected amount of reserve tokensLearn more↗
November 19, 2024 HighDistribution's claim function does not update storage variablesLearn more↗
November 19, 2024 HighHuge bid could cause overflow in subsequent bidsLearn more↗
November 19, 2024 HighNumber of coupon tokens obtained from the auction may differ from number of coupon tokens to be distributedLearn more↗
November 19, 2024 HighDOS vulnerability via MsgRegisterContract due to unlimited gas execution in BeginBlockLearn more↗
November 15, 2024 CriticalDOS vulnerability from inaccurate gas estimation in BeginBlock via simCheckLearn more↗
November 15, 2024 CriticalGas-price calculation error due to integer division roundingLearn more↗
November 15, 2024 HighInsufficient error handling in gas deduction for failed transactionsLearn more↗
November 15, 2024 MediumInconsistent keyshare verification and logging due to Epoch switchLearn more↗
November 15, 2024 LowUsing the FromValues method for the Int248 type can lead to incorrect cached SignBitLearn more↗
November 13, 2024 CriticalNovember 13, 2024 Critical Input-uniqueness check in CircuitAPI is ignoredLearn more↗
November 13, 2024 CriticalNovember 13, 2024 Critical Missing fields in calculation of verifying key hashLearn more↗
November 13, 2024 HighShallow copies leading to unintended side effectsLearn more↗
November 13, 2024 HighFunction ConstInt248 allows invalid ranges for arguments, returning incorrect valuesLearn more↗
November 13, 2024 HighConversion functions fromInterface and Var2BigInt return zero instead of erroring on unrecognized typesLearn more↗
November 13, 2024 HighKeccak padding circuit incorrect for some input lengthsLearn more↗
November 13, 2024 MediumNative Keccak padding and round-index functions incorrectLearn more↗
November 13, 2024 MediumPadding incorrect for output-commitment computationLearn more↗
November 13, 2024 MediumAssumptions made regarding log topics are not correct in full generalityLearn more↗
November 13, 2024 MediumSelector not constrained to be Boolean for SelectLearn more↗
November 13, 2024 HighConversion from Uint248 to Uint521 fails for values wider than 96 bitsLearn more↗
November 13, 2024 LowProver assignment will fail for custom inputsLearn more↗
November 13, 2024 LowFunction to export Groth16 proofs only works for proofs with exactly one commitmentLearn more↗
November 13, 2024 LowUnexpected behavior for decompose-related functions on negative inputLearn more↗
November 13, 2024 LowMismatch between Uint521 type and its documentationLearn more↗
November 13, 2024 LowData might be arranged incorrectly by rawData[T].listLearn more↗
November 13, 2024 LowInvalid receipts with empty LogField entries may be assignedLearn more↗
November 13, 2024 LowProof submission calls callback even if submission failsLearn more↗
November 13, 2024 LowNative tokens are not transferred to the exchange contractsLearn more↗
November 13, 2024 HighThe function supportToken does not configure the yield modeLearn more↗
November 13, 2024 MediumCalling the function configure regardless of whether the token is rebasingLearn more↗
November 13, 2024 LowLack of storage gap in the contract EIP712VerifierULearn more↗
November 13, 2024 LowLong-position--reserved collateral cannot be rebasedLearn more↗
November 12, 2024 HighVaultPriceFeed may be misconfigured, causing unexpected pricing calculationsLearn more↗
November 12, 2024 LowPrice feed may be gamed if insufficient rounds are capturedLearn more↗
November 12, 2024 LowOctober 22, 2024 Critical The changeOwner function does not update the UPGRADER_ROLELearn more↗
October 21, 2024 LowMissing function to remove a delegated signerLearn more↗
October 21, 2024 HighMissing function to remove tokens from the whitelistLearn more↗
October 21, 2024 MediumMismatched function parameter types affecting inheritanceLearn more↗
October 21, 2024 LowOctober 21, 2024 Critical October 21, 2024 Critical Formulaic error allows stakers to steal excess rewardsLearn more↗
October 21, 2024 CriticalThe rewardIndex only increases, leading to eventual inability to claim rewardsLearn more↗
October 21, 2024 HighManager can leak funds during reward distributionLearn more↗
October 21, 2024 MediumZapper contract leaks excess token balance to OBRouterLearn more↗
October 21, 2024 LowCircuit Breaker's unsafe casting results in errors during liquidity trackingLearn more↗
October 21, 2024 LowLog parsing issue in extract_required_fee_from_logLearn more↗
October 15, 2024 LowSoft-block channel capacity misconfigurationLearn more↗
October 15, 2024 LowPotential overflow in celestia_block_variance to usize conversionLearn more↗
October 15, 2024 LowOctober 15, 2024 Critical Origin impersonation via URL username and elisionLearn more↗
October 15, 2024 HighType confusion between Withdrawal and Cancel actionsLearn more↗
October 15, 2024 CriticalReentrancy issue allowing repeat withdrawalsLearn more↗
October 15, 2024 CriticalIncorrect tracking of in-use status for alias accountsLearn more↗
October 15, 2024 LowSignature replay allows unauthorized migrationsLearn more↗
September 11, 2024 CriticalSeptember 11, 2024 Medium Edit function does not change ERC-20 symbol and nameLearn more↗
September 3, 2024 LowNative ETH may be sent by mistake in some casesLearn more↗
September 3, 2024 LowThe costSharePrice is not properly maintainedLearn more↗
August 16, 2024 LowThere is no upper limit to the time-out on PFM packetsLearn more↗
August 13, 2024 MediumInvalid address could break down the bridge withdrawerLearn more↗
August 3, 2024 HighArbitrary withdrawal could be executed by bridge adminLearn more↗
August 3, 2024 HighWithdrawal event could be reused by bridge adminLearn more↗
August 3, 2024 HighWithdrawer address is not working in ICS20 withdrawalLearn more↗
August 3, 2024 LowRange check in unsafe_evaluate_multiply_add may be ineffectiveLearn more↗
July 23, 2024 CriticalUnderflow possible in evaluate_non_native_field_multiplicationLearn more↗
July 23, 2024 CriticalOverflow possible in evaluate_non_native_field_multiplicationLearn more↗
July 23, 2024 CriticalMissing field_t normalization in constructorLearn more↗
July 23, 2024 CriticalMissing consistency check for prime limb in constructorLearn more↗
July 23, 2024 CriticalProving that multiples of L!$p$ are unequal to L!$0$ modulo L!$p$ possibleLearn more↗
July 23, 2024 CriticalLarge limbs for constant inputs to conditional_negateLearn more↗
July 23, 2024 MediumHandling of max argument to Limb constructorLearn more↗
July 23, 2024 LowMistakes in calculation of MAX_UNREDUCED_LIMB_SIZELearn more↗
July 23, 2024 LowBehavior of assert_equal for constant operandsLearn more↗
July 23, 2024 LowAssert for add_to_lower_limb could be ineffective due to overflowLearn more↗
July 23, 2024 LowChain halt due to unbounded votes by proposerLearn more↗
July 15, 2024 HighPDT can be set as a reward token and withdrawn by adminLearn more↗
July 12, 2024 MediumRouting ISM with the fallback configuration does not show fallback behaviorLearn more↗
July 9, 2024 MediumIncorrect size for fetching branches of the Merkle treeLearn more↗
July 9, 2024 MediumMessage can be sent multiple times to an untrusted recipientLearn more↗
July 9, 2024 MediumAnnouncing a new storage location overwrites the previous storage locationLearn more↗
July 9, 2024 LowAggregation ISM misfunctions if more than 255 modules existLearn more↗
July 9, 2024 LowISM configuration of MailboxComponent is disregardedLearn more↗
July 9, 2024 LowUnclear behavior of the function set_modulesLearn more↗
July 9, 2024 LowIncorrect splitting of a number in Keccak implementationLearn more↗
July 9, 2024 CriticalImproper optimization in Keccak implementationLearn more↗
July 9, 2024 CriticalMessage incorrectly includes the size of bodyLearn more↗
July 9, 2024 CriticalThe protocol fee hook will always be revertedLearn more↗
July 9, 2024 HighThe contractAddress type cannot use the 32-byte addressing mechanismLearn more↗
July 9, 2024 HighInput arguments in the Bytes type may be invalidLearn more↗
July 9, 2024 HighPotential vulnerability in _aggregatePubkey update mechanismLearn more↗
July 8, 2024 CriticalInvalid creation of unbonding TX leads to loss of gasLearn more↗
June 28, 2024 MediumAuthz module can be used to bypass validator message checksLearn more↗
June 28, 2024 CriticalFinality provider can crash when submitting signature on finalized blockLearn more↗
June 28, 2024 CriticalFinality provider can get stuck in an infinite loopLearn more↗
June 28, 2024 CriticalVigilante makes an unnecessary report to BabylonLearn more↗
June 28, 2024 LowFinality provider BTC private key used as HMAC key for generating noncesLearn more↗
June 28, 2024 LowUnsound native-function declaration leading to critical verifier bypassLearn more↗
June 18, 2024 CriticalInfinite recursion possible with module dependenciesLearn more↗
June 18, 2024 CriticalUnchecked UTF-8 decoding enables memory corruptionLearn more↗
June 18, 2024 CriticalMissing gas charge on memo in native_nft_transferLearn more↗
June 18, 2024 HighPublished module names do not necessarily match binary moduleLearn more↗
June 18, 2024 HighModule can be duplicated in module publish requestsLearn more↗
June 18, 2024 LowStablepools can be created with one or no assetsLearn more↗
June 18, 2024 HighBad decimal-parsing function accepts multiple dotsLearn more↗
June 18, 2024 LowPotential out-of-gas reversion when checking object permissionsLearn more↗
June 18, 2024 LowStablepool swap can be called, repeating the same assetLearn more↗
June 18, 2024 HighIncorrect minimum-TVL module-parameter checkLearn more↗
June 18, 2024 LowFrozen module coin store can cause chain haltLearn more↗
June 18, 2024 HighA malicious user can become a permissioned relayer for IBCLearn more↗
June 18, 2024 MediumMove coin transfer can bypass blocked accountsLearn more↗
June 18, 2024 MediumError not checked when fetching starting infoLearn more↗
June 18, 2024 LowQuery gas limit not enforced through bank moduleLearn more↗
June 18, 2024 HighIncorrect signer check for shorthand accountsLearn more↗
June 18, 2024 HighValidator set updates can skip current validatorsLearn more↗
June 18, 2024 HighChallenger can increase the next output indexLearn more↗
June 18, 2024 MediumMissing token pair will crash the bridge executorLearn more↗
June 18, 2024 MediumWithdrawal hash clash using variable-length fieldsLearn more↗
June 18, 2024 HighThe redeemShort function is available before the pool is closedLearn more↗
June 14, 2024 CriticalSimultaneous pool starting and closing is possibleLearn more↗
June 14, 2024 HighOrder could be executed after the end of the pool's durationLearn more↗
June 14, 2024 MediumBounty does not work with low-decimal tokensLearn more↗
June 14, 2024 MediumLack of check that an order has already been canceledLearn more↗
June 14, 2024 LowPublic input length might not be checked as intended due to overflowLearn more↗
June 7, 2024 LowFunction AssignedKeccakInputs::to_instance_values incorrect for fixed-length inputsLearn more↗
June 7, 2024 LowMissing constraints in the copy circuit for MCOPY allow inserting illegitimate entries in the rw tableLearn more↗
June 5, 2024 CriticalLack of constraints specific to transient storage and transaction receipts in the state circuitLearn more↗
June 5, 2024 CriticalSource address is not constrained for ErrorOOGMemoryCopyGadget, allowing illegitimate reverts on MCOPYLearn more↗
June 5, 2024 CriticalCompleteness issue for some out-of-gas cases for MCOPYLearn more↗
June 5, 2024 MediumLack of stale price check in getAssetPrice functionLearn more↗
June 4, 2024 HighUnnecessary parameter usage in getRoundData functionLearn more↗
June 4, 2024 LowAnyone can create tokens before initializationLearn more↗
May 22, 2024 HighThe `AssertContractInitialized` function should check `Initialized`Learn more↗
May 22, 2024 HighCalling `ChangeOwner` may lock ownership upon user errorLearn more↗
May 22, 2024 MediumTransfer event is emitted twice for minting or burning USDzLearn more↗
May 21, 2024 MediumProtection logic in rescueERC20 can be bypassedLearn more↗
May 21, 2024 LowVerification-batching implementation unsoundLearn more↗
May 20, 2024 CriticalProving fails for public inputs that are all zeroLearn more↗
May 20, 2024 MediumMinimum amount of `claimYield` does not workLearn more↗
May 8, 2024 LowFixed depositor reentrancy can take all the ETHLearn more↗
April 19, 2024 CriticalUnsafe handling of over-100% early exit feesLearn more↗
April 19, 2024 CriticalClone construction leaves constants uninitializedLearn more↗
April 19, 2024 HighQuadratic-complexity logic risks gas-limit attacksLearn more↗
April 19, 2024 HighInconsistent division of fixed-side withdrawalsLearn more↗
April 19, 2024 HighVariable-side yield on yield is unfairly splitLearn more↗
April 19, 2024 MediumVariable side cannot always withdraw fee shareLearn more↗
April 19, 2024 MediumIncorrect withdrawnFeeEarnings after finalizationLearn more↗
April 19, 2024 LowReentrancy can falsify isStarted in emitted eventLearn more↗
April 19, 2024 LowInactive variable depositor locks protocol feesLearn more↗
April 19, 2024 LowThe fallback function can collide with selectorsLearn more↗
April 16, 2024 MediumHalving spread in base-to-base may be unsafeLearn more↗
April 16, 2024 MediumSandwich attack can affect base-to-base swap feeLearn more↗
April 16, 2024 LowArbitrary calldata in `externalSwap` may be unsafeLearn more↗
April 16, 2024 LowNo slippage limits in UniswapLiquidityAssetManagerLearn more↗
April 12, 2024 MediumTransfer and approval done by `_transferERC20`Learn more↗
April 12, 2024 MediumSignatures in circuits are not domain separatedLearn more↗
April 12, 2024 LowReentrancy in withdrawals leading to double-spendLearn more↗
April 12, 2024 CriticalFund lock via dummy notes in curve\_add\_liquidityLearn more↗
April 12, 2024 CriticalNote footers not checked by `uniswapCollectFees`Learn more↗
April 12, 2024 HighMinimum staking is only checked in registrationLearn more↗
March 29, 2024 HighThe leverage closing function fails in most casesLearn more↗
March 18, 2024 MediumSuspending a token does not clear the variableLearn more↗
March 18, 2024 HighEmergency withdrawal mechanism breaks assumptionsLearn more↗
March 18, 2024 LowAn interest portion of collected fees are lockedLearn more↗
March 18, 2024 HighCollected fees cannot be claimed after withdrawalLearn more↗
March 18, 2024 MediumRepeated validator IDs, `batchRevertExitRequest`Learn more↗
March 13, 2024 CriticalBNFT holder is compared with an incorrect addressLearn more↗
March 13, 2024 MediumRepeated validator IDs, `batchSendExitRequest`Learn more↗
March 13, 2024 CriticalQueued withdrawals are not claimed by `forcePartialWithdraw`Learn more↗
March 13, 2024 MediumReward and withdrawal payout getters might failLearn more↗
March 13, 2024 LowOwner set for implementation instead of proxyLearn more↗
March 5, 2024 MediumDivision by zero in SwapExecution::max\_priceLearn more↗
March 5, 2024 HighDuplicate `validator::Definitions` in transactionLearn more↗
March 5, 2024 HighFebruary 28, 2024 Critical February 22, 2024 Critical Order ID reuse due to multiple `PriceUpkeeps`Learn more↗
February 22, 2024 CriticalTotal open PNL improperly adjusted at zero priceLearn more↗
February 22, 2024 HighVault PNL per token is only scaled if negativeLearn more↗
February 22, 2024 HighThe `maxAllowedCollateral` check could be bypassedLearn more↗
February 22, 2024 MediumExtra `PRECISION_6` divides `utilizationFee`Learn more↗
February 22, 2024 MediumIncorrect funding-rate calculation due to roundingLearn more↗
February 22, 2024 MediumAny allowance allows unlimited withdrawal changesLearn more↗
February 22, 2024 LowMarket-close time-out reissuance can be skippedLearn more↗
February 22, 2024 LowUnexecutable trades added to `tradesToTrigger`Learn more↗
February 22, 2024 LowNo penalty for missed withdrawals from OstiumVaultLearn more↗
February 22, 2024 LowErroneous token transfer in `UpdateTokenShares`Learn more↗
February 22, 2024 HighSession key `maxAmount` parameter is not statefulLearn more↗
February 14, 2024 CriticalFebruary 12, 2024 Critical February 12, 2024 Critical February 12, 2024 Critical Incorrect calculation effectively removes feeLearn more↗
January 11, 2024 HighCompleting unqueued withdrawal loses/locks fundsLearn more↗
January 11, 2024 HighMore than one strategy per token breaks accountingLearn more↗
January 11, 2024 MediumAdmins can steal funds by self-sandwiching swapsLearn more↗
January 11, 2024 MediumAccumulated fee logic can prevent withdrawalsLearn more↗
January 11, 2024 LowERC-20 deposit and queued withdrawal whitelistsLearn more↗
January 11, 2024 LowZero interest automatically changed to maximum Learn more↗
January 9, 2024 LowUser is able to revert a position being closedLearn more↗
January 9, 2024 MediumDecember 8, 2023 Critical Stop loss higher than `openPrice` causes fund lossLearn more↗
December 1, 2023 CriticalUnsafe cast in take profit can lead to fund lossLearn more↗
December 1, 2023 CriticalDecember 1, 2023 Critical Reserve requirement checked before withdrawalLearn more↗
December 1, 2023 CriticalDecember 1, 2023 Critical Max profit can exceed amount reserved from vaultLearn more↗
December 1, 2023 CriticalPartial trades update open-interest incorrectlyLearn more↗
December 1, 2023 HighReferrer rebates must not decrease `totalRewards`Learn more↗
December 1, 2023 HighWrong reserve ratio returned by getReserveRatioLearn more↗
December 1, 2023 HighLoss-protection tier is reduced for larger tradesLearn more↗
December 1, 2023 HighTrading inflow much less than zero skew outflowLearn more↗
December 1, 2023 HighArbitrage opportunities with older price feedsLearn more↗
December 1, 2023 MediumMargin update assumes zero price in backup modeLearn more↗
December 1, 2023 MediumReferral close function includes referrer rebateLearn more↗
December 1, 2023 MediumBot latency prevents limit-close order executionLearn more↗
December 1, 2023 HighReferrer-code transfer process breaks assumptionsLearn more↗
December 1, 2023 MediumDelayed force unlock causes reward insolvencyLearn more↗
December 1, 2023 HighLoss protection reduces the -100% cap on lossesLearn more↗
December 1, 2023 MediumOne account can register multiple referral codesLearn more↗
December 1, 2023 LowVault manager cannot access entire junior trancheLearn more↗
December 1, 2023 LowThe maxRedeem function should comply with ERC-4626Learn more↗
December 1, 2023 LowIncorrect access control causes update lockoutLearn more↗
December 1, 2023 LowTrader contract can bypass max trades per pairLearn more↗
December 1, 2023 LowLimit-order timelock not initialized on openLearn more↗
December 1, 2023 LowFunction lacks incorrect-payment sanity checksLearn more↗
December 1, 2023 LowNovember 24, 2023 Critical Inaccurate handling in `findModelerUpperBound`Learn more↗
November 24, 2023 MediumProperties should be updated in `updateModel`Learn more↗
November 24, 2023 LowNo enforced minimum value on `fixedPriceMarkup`Learn more↗
November 14, 2023 MediumMultiple events in the same TX cause loss of fundsLearn more↗
November 14, 2023 CriticalTSS funds migration may not be done correctlyLearn more↗
November 14, 2023 MediumZRC-20 mapping is overwritten on new deploymentLearn more↗
November 14, 2023 MediumZetaChain pays gas costs for EVM-to-zEVM transfersLearn more↗
November 14, 2023 HighNovember 9, 2023 Critical October 30, 2023 Critical October 30, 2023 Critical October 30, 2023 Critical Calculations reduce value of user collateralLearn more↗
October 30, 2023 LowOctober 30, 2023 Critical The lack of verification of the payload dataLearn more↗
October 30, 2023 HighArray out-of-bound exception in `_removeVaults`Learn more↗
October 30, 2023 LowConversion does not account for token decimalsLearn more↗
October 30, 2023 MediumArbitrage opportunities bypass deposit limitsLearn more↗
October 20, 2023 HighBundler calls can be identified and front-runLearn more↗
October 20, 2023 LowOperation with zero joinsplits can be tamperedLearn more↗
October 20, 2023 LowOctober 12, 2023 Critical October 12, 2023 Critical Any/all authenticators skip postexecution checksLearn more↗
October 12, 2023 HighCancellation still allows rewards to be claimedLearn more↗
September 21, 2023 MediumFlywheel index mismatch issue during `optOut`Learn more↗
September 7, 2023 HighMalicious market can drain funds from MultiInvokerLearn more↗
August 25, 2023 LowBoost delegator might not receive delegate feeLearn more↗
July 31, 2023 LowRestriction pattern creates centralization riskLearn more↗
May 12, 2023 LowMissing valid vault address check in processDepositQueueLearn more↗
March 9, 2023 HighA malicious or compromised trader admin may lead to locked fundsLearn more↗
March 9, 2023 MediumThe vaultAddress validity check can be bypassedLearn more↗
March 9, 2023 MediumMissing sanity checks for crucial protocol parametersLearn more↗
March 9, 2023 MediumGas griefing using zero-value deposits and withdrawalsLearn more↗
March 9, 2023 Low