Moonwell

DeFiFoundry

15,000 USDC

Submission Details

Severity: high

Invalid

Attacker can repeatedly call the function `repayBadDebtWithReserves` before the state changes are completed, manipulate the contract's state, drain its reserves/disrupt its normal operation.

Updates

0xnevi Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Total prize

15,000 USDC

nSLOC

394

38 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Judges

1,500 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being reviewed by the community.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can’t find an answer? Join our Discord or follow us on Twitter.