Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Stratax Contracts
Submissions
First Flights
Stratax Contracts
First Flight #57
Beginner Friendly
DeFi
100
EXP
First Flights
100
EXP
Feb 12th, 2026 → Feb 19th, 2026
View repo
283 / 283
Submissions
Severity
Tags
#1
Missing Oracle Staleness Validation Enables Systematic Leverage Manipulation
High
#2
Missing Zero-Address Validation in Initializer Can Lead to Irrecoverable Misconfiguration
Medium
#3
Untrusted Pool Configuration Enables Full Fund Drain
High
#4
Tether (USDT) Non-Standard ERC20 Behavior Can Cause Flash Loan Reverts and Protocol Denial of Service
High
#5
ERC20 `transfer` Return Value Is Not Checked in `Stratax::recoverTokens`
Medium
#6
Use SafeERC20 in Stratax::recoverTokens for Token Recovery to Support Non-Standard ERC20s
Medium
#7
transferFrom Return Value Not Checked When Pulling Collateral
Medium
#8
Integer Division Truncation in Param Calculations Causes Systematic Under/Over-Estimation (Precision Loss → Unsafe/Failed Positions)
Medium
#9
Precision Loss From Integer Division in Stratax::calculateUnwindParams May Under/Overestimate Collateral Withdrawal
Medium
#10
Unchecked `approve` for Aave `supply` May Fail Silently
Medium
#11
Return Value of `aavePool.repay` Ignored, Potentially Miscomputing Withdrawn Collateral
Medium
#12
Precision Loss Risk Due to Integer Division in collateralToWithdraw
Medium
#13
Atomic Loop Reverts on Single Bad Entry (Single Failure Blocks Batch Update + DoS-on-Batch Risk)
Medium
#14
Oracle Manipulation / Unsafe Oracle Read (Single latestRoundData Read + Price Integrity Risk)
Medium
#15
Floating Pragma May Lead to Inconsistent Compilation both contracts (Stratax and StrataxOracle)
Low
#16
Unused Interface Leads to ABI Drift Risk
Low
#17
Missing Event Emission on Oracle Update Reduces Off-Chain Observability
Low
#18
Missing Input Validation in Stratax::recoverTokens Allows Invalid Parameters
Low
#19
Missing Event Emission on Ownership Transfer Reduces Administrative Traceability
Low
#20
Missing Zero-Address Validation in Stratax::calculateUnwindParams Can Cause Misconfiguration Reverts
Low
#21
Magic Number 2 Used for Interest Rate Mode Reduces Clarity
Low
#22
Inconsistent Storage Naming Convention (Unclear State Variables + Maintainability Impact)
Low
#23
Missing Zero-Address Validation in StrataxOracle::getRoundData (Invalid Input + Defensive Programming Gap)
Low
#24
Findings of L8
Medium
#25
As of L8er
Medium
#26
StrataxOracle fails to validate Chainlink data freshness, risking stale price usage during unwinds
Medium
#27
_executeOpenOperation passes incorrect asset to swap fallback, causing DoS on valid swaps
Low
#28
Shared Liquidity Risk: Global Health Factor Leads to Cross-User Liquidation
High
#29
Upgradeable contracts missing _disableInitializers() in constructors
High
#30
Missing Staleness Check in Oracle Integration Leads to Potential Protocol Insolvency
Medium
Previous
1
2
3
...
More pages
10
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
