Vulnerability | Date | Protocol Type | Severity |
---|---|---|---|
Attacker Can Front Run New Reward Periods and Steal Reward From Existing Stakers | January 2024 | Yield Aggregator and LST | Medium |
Attacker Can Lock Reward from Users by Claiming for Them | January 2024 | Yield Aggregator and LST | Medium |
Borrower Can Bypass Credit Cap for Unlimited Borrowing Power | January 2024 | Yield Aggregator and LST | Medium |
First Depositor Attack For New Vaults | January 2024 | Yield Aggregator and LST | Critical |
Attacker Can Steal Funds on Swaps | January 2024 | Yield Aggregator | Critical |
Attacker Can Front-Run Fund Function to Harvest Rewards Early | June 2023 | Staking Launchpad | Low |