| Protocol Name | Results | Shares | Report | Contest Platform | |
|---|---|---|---|---|---|
| 1 | Lido | 1/7 | $13,071 | click | Stronghold |
| 2 | Asymmetry_safETH | 5/246 | $1,057 | click | Code4rena |
| 3 | KelpDAO | 1/194 | $1,250 | click | Code4rena |
| 4 | Asymmetry_afETH | 4/5 | $3,062 | click | Code4rena |
| 5 | Centrifuge | 78/84 | $12 | click | Code4rena |
| 6 | The Wildcat | NA/144 | N/A | click | Code4rena |
| Protocol Name | Bug | Shares | Report | Severity | |
|---|---|---|---|---|---|
| 1 | Multichain | White Holder allows to claim infinity amount of IDNFTs for a whitelisted user. | N/A(dup) | click | High |
| 2 | Multichain | Lack of chainID in transferWithPermit()::hashStruct leads to spending funds on other chains as well using the same signature |
N/A(dup) | click | Crit |
| 3 | Multichain | AnyCallProxyV7 contract user's balance drainage | N/A(dup) | click | Crit |
| 4 | Yield Protocol | permit()may trigger deposit() though a fallback() for tokens that are not compliant with ERC2612 | $2,000 | click | Medium |
| 5 | Yield Protocol | Malicious Bob is able to dramatically increase the gas usage, when NotionalJoin::exit() is invoked by auth account. | $2,000 | click | Medium |
| 6 | Wormhole | ecrecover() returns address(0), when sig doesn't belong to signatory | $500 | click | Low |
| 7 | Polygon | Jailed Validator can claim fees during reward distribution process | $500 | click | Low |
| 8 | Mean Finance | Due to the gas usage limit for .transfer() and .send(), the .transfer() will be reverted, if the msg.sender is not an EOA. | $1,000 | click | Low |
| 9 |