Othentic – Invalid EigenLayer reward submission The standard rewards distribution process (as recommended by the CLI) fails, resulting in gas loss for the AVS manager. Vulnerability Details The OperatorDirectedRewardsSubmission struct […]
Othentic – Uncleared claims Operators face the risk of losing rewards on the default L2 and also jeopardizesubsequent rewards on the non-default L2. Vulnerability Details The AVSGovernance contract […]
Othentic – Permanent revert on rewards submission Permanent blockage in the rewards distribution process. Vulnerability Details In the AVSGovernance contract, when processing a payment request from the AttestationCenter contract, the function […]
Othentic – Security Review of Rewards V2 Composable Security partnered with Othentic to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the […]
YieldNest – Invalid decimals used to calculate totalAssets The primary outcome of this vulnerability is that the totalAssets variable will be inaccurately calculated, leading to theft of assets or potential losses for […]
YieldNest – Inflating vault’s share rate via reentrancy This attack results in the theft of assets alongside an inflated share value Vulnerability Details The withdrawal process from the Max Vault works in […]
YieldNest – Invalid amounts of asset returned by strategies This issue prevents the successful withdrawal of assets based on the values returned by the ERC4626 functions and their equivalent versions for different assets. […]
YieldNest – Fee on withdrawal from strategy can lead to protocol’s loss Due to this vulnerability the protocol experiences a loss of assets proportional to the fees charged. Vulnerability Details The Max Vaults allocate assets to […]
YieldNest – Inability to unstake required assets from Kernel The vulnerability leads to the inability to automatically withdraw WBNB from the KernelClisStrategy. Vulnerability Details The KernelClisStrategy contract is designed to stake deposited WBNB […]
