| Vulnerability | Date | Protocol Type | Severity |
|---|---|---|---|
| Attacker Can Front Run New Reward Periods and Steal Reward From Existing Stakers | January 2024 | Yield Aggregator and LST | Medium |
| Attacker Can Lock Reward from Users by Claiming for Them | January 2024 | Yield Aggregator and LST | Medium |
| Borrower Can Bypass Credit Cap for Unlimited Borrowing Power | January 2024 | Yield Aggregator and LST | Medium |
| First Depositor Attack For New Vaults | January 2024 | Yield Aggregator and LST | Critical |
| Attacker Can Steal Funds on Swaps | January 2024 | Yield Aggregator | Critical |
| Attacker Can Front-Run Fund Function to Harvest Rewards Early | June 2023 | Staking Launchpad | Low |