SECURITY AUDIT REGISTRY

Identified critical reentrancy vulnerability in the tokenization flow allowing unauthorized asset minting. Exploitable via external contract callback during state transition.

Identified precision loss bug in staking reward distribution where 18-decimal arithmetic causes USDC rewards to round down to zero, resulting in stakers receiving no USDC rewards despite funding being notified.

Found incorrect repayment calculation in the withdraw function where amountOut0 is used instead of amountOut1 when token1 is the borrowed asset, causing under-repayment of debt and leaving positions undercollateralized.

Discovered missing reward index update in setMintRate, allowing mint rate changes to retroactively affect unaccrued rewards — stakers receive more or less than owed for past periods depending on the direction of the rate change.

Finding details are under NDA — contest report is private.

Uncovered reward compounding logic error causing permanent fund lock when claiming during validator slashing events on Ronin chain.

Submitted architectural improvements for pool mechanics on Berachain, focusing on gas optimization patterns for high-frequency gamified interactions.