Vulnerabilities

Vulnerabilities we found and the impact of our security expertise.

medium

Node Operator can exit and slash their validator to move withdrawal finalization border epoch

Learn more

medium

Uncaught exception on creating ejection report

Learn more

high

Uncleared claims

Learn more

medium

Invalid EigenLayer reward submission

Learn more

medium

Permanent revert on rewards submission

Learn more

high

Invalid decimals used to calculate totalAssets

Learn more

medium

Inflating vault’s share rate via reentrancy

Learn more

medium

Invalid amounts of asset returned by strategies

Learn more

medium

Fee on withdrawal from strategy can lead to protocol’s loss

Learn more

medium

Inability to unstake required assets from Kernel

Learn more

medium

Rate provider for ynBNBx is missing ynClisBNBk strategy

Learn more

medium

Invalid rate for vaults

Learn more

medium

Vault not compliant with ERC4626 in maxWithdraw function

Learn more

medium

Back-running the rewards transfer

Learn more

high

Users suffer from other projects LST price fluctuations

Learn more

high

Enabling stETH deposits causes miscalculations and permanent losses for users as rebase tokens are not supported

Learn more

medium

Inability to deposit funds due to incorrect filling the withdraw buffer

Learn more

medium

Voting power remains despite withdrawal

Learn more

high

OFT can be impersonated through _lzCompose with multiple compose messages

Learn more

high

Nesting remote transfer messages to steal tokens

Learn more

high

Unprotected executeModule function allows to steal the tokens

Learn more

high

Unverified _srcChainSender parameter allows to impersonate the sender

Learn more

medium

SOFT_RESTRICTED_STAKER_ROLE can withdraw stUSDe for USDe

Learn more

medium

FULL_RESTRICTED stakers can bypass restriction through approvals

Learn more

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit