Learning by Breaking - A LayerZero Case Study - Part 3
Learning by Breaking - A LayerZero Case Study - Part 2
Learning by Breaking - A LayerZero Case Study - Part One
Permission denied - The story of an EIP that sinned
Breaking Fluidity for glory and $50K
Taking home a $20K bounty with Oasis platform shutdown vulnerability
Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform
Critical finding - Stealing tokens from O3 bridge users
Tokemak liquidity operator can steal funds
MED - Brahma.Fi - Wrong oracle used to calculate min slippage may cause loss of over 80% of rewards
MED - Brahma-Fi - Curve miscalculations may cause user withdraws to fail
CRIT - Brahma.Fi - L2 Position handler miscalculates position value leading to severe risks
CRIT - Brahma.Fi - Fee collection does not take previous losses into account 🚩
LOW - ANKR - User gets more gas than supposed to when distributing rewards
HIGH - Iron Bank - Collateral cap is not enforced at account initialization
HIGH - Iron Bank - Liquidator is not credited with correct collateral amount
HIGH - ANKR/Stader - Reward distribution is vulnerable to MEV leading to theft of reward 🚩
CRIT - Compound - Liquidators may seize assets not held as collateral - Closed as known issue
MED - Morpho Finance - Logic contract might be destructible via controlled delegatecall
LOW - Polygon token-swap rounding error