Welcome to the Move Vulnerability Database (MVD) v2.0!

A comprehensive collection of vulnerability patterns in the Move ecosystem.

What's Inside

Vulnerability Patterns - Categorized security issues with examples and severity ratings
Appendix - Audit reports and protocol references
Learning Resources - Curated materials for learning Move security

This resource consolidates 500+ security vulnerabilities extracted from 150+ public Move audit reports across multiple firms and auditors. The database categorizes vulnerabilities into common patterns—from Input Validation and Business Logic flaws to Access Control and State Management issues—providing a central reference for developers, auditors, and security researchers to understand, recognize, and learn from real-world mistakes in Move codebases.

Vulnerability Patterns	Findings
Business Logic	137
Calculation Errors	87
Input Validation	59
Access Control	41
State Management	37
Denial of Service	27
Oracle Issues	19
Data Inconsistency	17
Missing Functions	17
Centralization Risk	16
Gas-related Issues	11
Runtime/Development Issues	10
Constant Definition	7
Looping Issues	6
Front-running	5
Cross-Implementation	2
Missing Version Check	2
Inflation Attacks	1
Total	501

Data sourced from public Move audit reports by the following auditors/firms:

Audit Firm/Auditor	Report Links
OtterSec	Sampled Public Audit Reports (OtterSec Notion)
MoveBit	MoveBit — Sampled Audit Reports
MoveJay	MoveJay (Jayfromthe13th)
Zellic	Zellic Reports
Spearbit	Spearbit Reports
Cantina	Cantina Reports
Code4Arena	Code4Arena Reports
Certora	Certora Security Reports
Hacken	Hacken Audits
Pashov Audit Group	Pashov Audit Group — Audits
ExVul Security	ExVul Audits
Quantstamp	Quantstamp Reports
SlowMist	SlowMist Reports
Three Sigma	Three Sigma Reports

Refer to the Appendix for the full list of reports and protocols.

⚠️ Disclaimer

All findings and summaries in this database are sourced from publicly available audit reports.

I do not own or claim ownership of any reports, documents, or content referenced here — all rights belong to their respective auditors, firms, and project teams.

This repository is an independent, educational, and non-commercial project created to help the community study and understand common vulnerability patterns in the Move ecosystem.

While I aim for accuracy, there may be typos, errors, broken links, or misattributed information.

If you spot any mistakes or missing details, please open an issue or reach out so I can correct them.

💬 Support & Contributions

If you'd like to learn more about the project or support future development, see the About section.

About the Move Vulnerability Database

The Move Vulnerability Database (MVD), maintained by Maverick Security Research, was created to support the growing field of Move security. The MVD aims to:

Help developers identify and understand common coding mistakes.
Provide security researchers, auditors, and bug hunters with patterns and examples to locate vulnerabilities in Move codebases.

The database consolidates findings from public audits, creating a central resource for the Move ecosystem to learn from real-world vulnerabilities.

💬 Support & Contributions

If you’ve found this database useful, consider supporting its continued development. Contributions help fund:

Ongoing curation of Move ecosystem vulnerability data
Updates to audit mappings
Expansion into cross-chain vulnerability pattern analysis

Donation Addresses:

Sui: 0xda0a78ad38da929d16676c7d64fe195cc4becd2985b68bdda7ab991187085614
Ethereum: 0x5F672E842C15C7A9be40B93c9Eb4F78caE389cd1

Your support directly helps maintain and improve open-source security knowledge for the Web3 community.

Thank you,

— MoveMaverick

Vulnerability Patterns Overview

The table below presents the total number of findings for each vulnerability pattern across all analyzed contracts.

Vulnerability Patterns	Findings
Business Logic	137
Calculation Errors	87
Input Validation	59
Access Control	41
State Management	37
Denial of Service	27
Oracle Issues	19
Data Inconsistency	17
Missing Functions	17
Centralization Risk	16
Gas-related Issues	11
Runtime/Development Issues	10
Constant Definition	7
Looping Issues	6
Front-running	5
Cross-Implementation	2
Missing Version Check	2
Inflation Attacks	1
Total	501

As we can see, business logic vulnerabilities account for more than 25% of the database findings. Calculation errors were the second most common issue, followed by input validation.

Next, let's examine the vulnerability patterns in detail, broken down by severity.

Vulnerability Patterns	RWE	C	H	M	Total
Business Logic		17	50	70	137
Calculation Errors		10	25	52	87
Input Validation		14	23	22	59
Access Control		12	18	11	41
State Management		7	13	17	37
Denial of Service		1	2	24	27
Oracle Issues	1	3	4	11	19
Data Inconsistency		2	9	6	17
Missing Functions		1	3	13	17
Centralization Risk			8	8	16
Gas-related Issues				11	11
Runtime/Development Issues				10	10
Constant Definition		2	1	4	7
Looping Issues		1	2	3	6
Front-running			3	2	5
Cross-Implementation				2	2
Missing Version Check			2		2
Inflation Attacks				1	1
Total	1	70	163	267	501

Based on Criticals and Highs: Business Logic, Input Validation, Calculation Errors, Access Control, and State Management are the top 5 vulnerability classes.

Based on Mediums: Business Logic, Calculation Errors, and Denial of Service are the top 3 most commonly found vulnerability patterns.

💡 Note

The Move Vulnerability Database provides a comprehensive overview of vulnerabilities observed across audited Move protocols and serves as a guide to understanding risk concentration. Readers are encouraged to use the data to draw their own conclusions, identify trends, and consider protocol context, design, and specific use cases when assessing potential vulnerabilities.

Access Control — Overview

Missing or flawed authorization checks allow unauthorized users to perform restricted actions.

Access Control	Findings
Critical	12
High	18
Medium	11
Total	41

Description:

The swap_v2.set_dex_liquidity_fee() function is marked as public(friend), indicating that it is accessible to modules declared as "friends" of the current module.

However, in the protocol, only baptswap_v2::router_v2 is declared as a friend.

The issue arises because the router_v2 contract does not invoke the set_dex_liquidity_fee() method, preventing the protocol from updating the liquidity fee. The function ser_dex_treasury_fee() set_individual_token_team_fee() and set_individual_token_liquidity_fee() also face a similar issue.

Single-step Ownership Transfer Can be Dangerous

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

Single-step ownership transfer means that if a wrong address was passed when transferring ownership or admin rights it can mean that role is lost forever. If the admin permissions are given to the wrong address within this function, it will cause irreparable damage to the contract.

Set Functions Lack of Access Control

Severity: High

Ecosystem: Aptos

Protocol: Superposition

Auditor: MoveBit

Report: https://movebit.xyz/reports/Superposition-Final-Audit-Report.pdf

Report Date: Mar 2024

Description:

The set_tenant_pause and set_tenant_liquidation_fee_address functions have no access controls, allowing anyone to set arbitrary numbers, take the profits of interest rates, etc.

Anyone can reset initial price of pool

Severity: High

Severity: Medium

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

It's advisable for this function to also use a friend function to control its invocation.

Initialize Function Lacks Privilege Control

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

The initialize function can be called by any user and passed any parameter.

Bad validation condition for function caller

Severity: Medium

Ecosystem: Aptos

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description:

controller::add_reserve currently asserts the caller must be the @aries address, preventing calls from other addresses set in controller::init. Replace with assert_is_admin(signer::address_of(account)) for proper admin verification.

Function visibility issue

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

emit_event_swap in aggregator module, is public and anyone can call it.

Deploy contract without multi-sig

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

Doesn't use a multi-sig contract for deployment.

Deploy contract without multi-sig

Severity: Medium

Ecosystem: Aptos

Protocol: Cetus Concentrated Liquidity Protocol

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Cetus-Concentrated-Liquidity-Protocol-Aptos-Audit-Report.pdf

Report Date: Jan 2023

Description:

Doesn't use a multi-sig contract for deployment.

Lack of AC in Metadata Setters

Severity: Medium

Ecosystem: Sui

Protocol: Recrd

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2024

Description:

This allows anyone to invoke these setter functions to modify the metadata fields, resulting in unauthorized changes.

Business Logic - Overview

Errors in core logic or assumptions that let users exploit intended protocol behavior.

Business Logic	Findings
Critical	17
High	50
Medium	70
Total	137

Critical Findings

Missing Activation Epoch Check in Join

Severity: Critical

Ecosystem: Sui

Protocol: Walrus

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2025

Description: StakedWal in the withdrawal state only checks the withdraw_epoch, while the activation epoch check is missing. This oversight causes reward calculation issues and potential exploitation of the reward distribution mechanism.

Severity: Critical

Ecosystem: Aptos

Protocol: Thala

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

Logic Flaw in Time Check

Severity: Critical

Ecosystem: Aptos

Protocol: Aptos Labs Securitize

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

is_block_flowback_end_time_ok is checking the condition incorrectly. If block_flowback_end_time is zero, the first condition ( block_flowback_end_time != 0 ) evaluates to false, and the function will never abort, as the second condition ( timestamp < block_flowback_end_time ) will also evaluate to false because timestamp::now_seconds will always be greater than or equal to zero.

Incorrect Issuance Value Recording

Severity: Critical

Ecosystem: Aptos

Protocol: Aptos Labs Securitize

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

compliance_service::create_issuance_information explicitly sets value to zero rather than utilizing the _value parameter, which implies that all recorded issuances will have a value of zero instead of the actual issuance amount. Because every issuance is recorded with a value of zero, the issuance information stored in issuances_values will not accurately represent the actual amounts.

Incorrect Lock Removal Logic

Severity: Critical

Ecosystem: Aptos

Protocol: Aptos Labs Securitize

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

remove_lock_record_for_investor in lock_manager is intended to swap the lock record at lock_index with the last lock in the investor’s lock list, then reduce the count of locks by one. However, the implementation incorrectly overwrites the lock at lock_index with itself, which implies that the last lock is removed instead of the one at lock_index .

Bypassing Funds Repayment via Double Upscaling

Severity: Critical

Ecosystem: Aptos

Severity: High

Ecosystem: Initia

Protocol: Initia Move

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-01-initia-move

Report Date: Apr 2025

Description:

In the extend_expiration function, the validation for the duration is incorrect, allowing the user to bypass MAX_EXPIRATION.

Extending a domain’s expiration even after the grace period impacts domain buyers

Severity: High

Ecosystem: Initia

Protocol: Initia Move

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-01-initia-move

Report Date: Apr 2025

Description:

The name_service.move module allows users to register domain names. If anyone wants to register an already purchased domain, they can only do so once the expiration_date + grace_period for that domain has passed. The name_service.move module allows anyone to call extend_expiration for any domain, which is a feature (according to sponsors).

The main issue is that the extend_expiration() function allows users to extend the expiration of a domain even after the grace period has ended, which is unintended behavior.

As a result, users, multi-sig owners of the actual domain name, or attackers can frontrun and attempt to call extend_expiration() after the grace period has ended, even if other users are trying to buy the same domain name using register_domain().

This breaks a key invariant of the protocol, leading to genuine users being negatively impacted and experiencing a poor user experience.

Incorrect Slippage Check

Severity: High

Ecosystem: Aptos

Protocol: Hyperion Smart Contracts

Auditor: ExVul

Report: https://github.com/ExVul-Sec/AuditReport/blob/main/Smartcontract/Hyperion%20Smart%20Contrat%20Audit%20Report-Exvul.pdf

Report Date: Apr 2025

Description:

Slippage protection logic has a backwards condition.

Liquidation logic allows the liquidator to liquidate more than it should

Severity: High

Ecosystem: Aptos

Protocol: AAVE v3.1-3.3

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Core%20V3.1-V3.3%20Report.pdf

Report Date: June 2025

Description:

The Move codebase has incorrectly implemented a feature and will recalculate the debt when the userReserveDebtInBaseCurrency is lower than the totalDefaultLiquidatableDebtInBaseCurrency.

actual_collateral_to_liquidate is burned instead of actual_debt_to_liquidate

Severity: High

Ecosystem: Aptos

Protocol: AAVE v3.1-3.3

Auditor: Certora

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Certora%20Aave%20Aptos%20Core%20V3.1-V3.3%20Report.pdf

Report Date: Apr 2025

Description:

The liquidation_call() function contains an issue in the burn_debt_tokens() function call. It incorrectly passes actual_collateral_to_liquidate as the debt amount to burn, instead of actual_debt_to_liquidate.

This mismatch would lead to incorrect debt burning during liquidations, causing debt tokens to be either overly or insufficiently burned or a denial of service on the liquidation . The amount of debt being burned should correspond to the actual debt being liquidated, not the collateral amount.

Public access to register_collateral can lock out CoinTypes from APD

Severity: High

Ecosystem: Aptos

Protocol: Thala Labs Aptos Dollar

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Thala%20Labs%20Move%20Dollar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

Is public function, needs to be public(friend).

Incorrect implementation of reverse iterator

Severity: High

Ecosystem: Aptos

Protocol: Laminar Markets

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

The wrong node is checked.

Duplicate call in coin register

Severity: High

Ecosystem: Aptos

Protocol: Laminar Markets

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

The register_staking_account calls coin::register twice.

Order checker functions use full order size rather than remaining order size

Severity: High

Ecosystem: Aptos

Protocol: Laminar Markets

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

In book::can_bid_be_matched and book::can_ask_be_matched instead of adding remaining size of orders, it adds up full sizes of these orders. Change let bid_size = (order::get_size(bid) as u128); to let bid_size = (order::get_remaining_size(bid) as u128);

Incorrect Assertion in deposit_manager

Severity: High

Ecosystem: Aptos

Protocol: Echelon

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Echelon%20-%20Zellic%20Audit%20Report%20(January).pdf

Report Date: Jan 2025

Description:

There is an assertion that always fails. While the msg length is always greater than 65 bytes, taking the module of the length by 32 will always result in a value less than 32, making it impossible to equal 65.

There is No Slippage Protection During The Distribution of DEX Fees

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

During this exchange process, there is an absence of slippage protection.

Initializing fee_to As ZERO_ACCOUNT May Result In Transferring Fees to The Zero Address

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

In the init_module function, initializing fee_to as ZERO_ACCOUNT means that if the set_fee_to function is called to set a new address for fee reception, swap fees will be transferred to the zero address.

Token Extraction Mismatch in Fee Distribution Logic

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

The function swap_v2.distribute_dex_fees() is used to ensure proper distribution of DEX fees, regardless of the input token. In the case where type_info::type_of() != type_info::type_of(), the line coin_x_out = coin::extract(&mut metadata.balance_x, amount_in) extracts the token amount from metadata.balance_x using the user-input amount_in. However, it seems that the intended behavior might be to use amount_to_liquidity + amount_to_treasury instead of amount_in.

refund_entry Function Can Be Called Multiple Times

Severity: High

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

The refund_entry function did not update the user's status after the user was refunded resulting in the user being able to call refund_entry multiple times and reduce the value of total_bought at will. Also the withdraw_round function operator can be called multiple times.

Function Does't Return

Severity: High

Ecosystem: Aptos

Protocol: vibrantX

Auditor: MoveBit

Report: https://movebit.xyz/reports/vibrantX-Final-Audit-Report.pdf

Report Date: Jan 2024

Description:

When the token is not sorted before, the function will be recalled, and the execution of the previous function is not terminated, which will cause the code to be executed twice.

Config update error

Severity: High

Ecosystem: Aptos

Protocol: PatronusFi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/PatronusFi-Contract-Audit-Report.pdf

Report Date: Mar 2023

Description:

The update function should judge the new_cfg, if new_cfg exceeds limitations of assert, it would be set for the first time, and could not be set later.

Logical Error

Severity: High

Ecosystem: Aptos

Protocol: PatronusFi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/PatronusFi-Contract-Audit-Report.pdf

Report Date: Mar 2023

Description:

In vault.move, when borrow_cap.temporary is true, vault.paused will be verified as true then set to false, in the next if statement, vault.paused will already be paused and the contract will always panic.

Freeze Bridge with Invalid Sender

Severity: High

Ecosystem: Aptos

Protocol: LayerZero

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Sep 2022

Description:

Only the bridge UA is intended to send messages to the bridge contract. However, this behavior is not enforced at the relayer level. any UA can send messages to any other endpoint.

Amend Order Missing Refund

Severity: High

Ecosystem: Aptos

Protocol: Laminar Markets

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2022

Description:

In the book::amend_bid_order function, when a user tries to decrease the size of an order having the same price, the size of the order gets reduced silently without a refund. Users should be refunded when the size is reduced.

Deducting Vault Interest When Repaying Debt

Severity: High

Ecosystem: Aptos

Protocol: Thala Labs

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2023

Description:

In the protocol module, repay_internal is used to repay amounts borrowed from the vault. However, when repaying the borrowed amount, the interest should also be cleared in addition to the debt.Although the protocol uses fees::absorb_fee to calculate and absorb the repaid interest amount, this amount is not subtracted from the vault.interest. Consequently, a user is unable to clear the interest in their vault, even though it is absorbed from the repayment amount.

Improper Accumulator Updates In V2 Mode

Severity: High

Ecosystem: Aptos

Protocol: Thala

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

The stake and unstake functions update the stake amount of the user. These functions also calculate the amount of rewards accrued until that time and store it, and then update the accumulator on the user pool. In the recent changes introducing v2 mode for farming, when v2 mode is enabled, the thl rewards for a user are not accrued in stake and unstake; this results in improper rewards for users.

Deducting Vault Interest When Repaying Debt

Severity: High

Ecosystem: Aptos

Protocol: Thala

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

In the protocol module, repay_internalis used to repay amounts borrowedfrom the vault. In addition to the debt, clearing the interest should be done when repaying the borrowed amount. Although the protocol uses fees::absorb_fee to calculate and absorb the repaid interest amount, the protocol does not subtract this amount from vault.interest. Consequently, a user is unable to clear the interest in their vault, even though the protocol absorbs it from the repayment amount.

Removal Of Active Bin

Severity: High

Ecosystem: Aptos

Protocol: Pontem clmm

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2023

Description:

The vulnerability arises when a liquidity provider becomes the sole provider for a particular price range, i.e., the active bin. This situation may temporarily disrupt the swapping logic of the CLMM. In pool, swap_inner handles the swapping of assets between users, and when it attempts to access the data associated with the active bin utilizing its ID, it assumes that active_bin_id exists in the pool.bins table. However, if a liquidity provider is the only one providing liquidity for this particular active bin, it is possible that they decide to remove their liquidity from that bin. When a liquidity provider removes their liquidity from a bin, it triggers the burn logic, which removes the liquidity providers. This results in the bin being entirely removed from the pool.bins table, effectively erasing the active bin.

Bin Price Manipulation

Severity: High

Ecosystem: Aptos

Protocol: Pontem clmm

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2023

Description:

In this CLMM, there are multiple bins, each having its price range where users may add liquidity. This vulnerability allows a malicious user to manipulate the price of shares in a specific bin within the CLMM. This manipulation may be exploited to artificially inflate the price of shares in that bin to extremely high values, creating unfavorable conditions for other participants and potentially blocking or monopolizing that bin. The user may profit by burning the last share in the manipulated bin.

ThalaSwapV2

Severity: High

Ecosystem: Aptos

Protocol: ThalaSwapV2

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2024

Description:

The vulnerability concerns the lack of slippage checks within the entry functions in pool. Slippage parameters protect the protocol from accepting values that are drastically different from the current market conditions due to market volatility or large trades in the pool. This can result in inaccurate transactions within the pool, potentially affecting users unfairly.

Flaw in Full Transfer Checks

Severity: High

Ecosystem: Aptos

Protocol: Aptos Securitize

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

In compliance_service::pre_deposit_check_regulated , the get_force_full_transfer condition checks if full transfers are enforced when the transfer originates from the US. If this condition is true, the function immediately aborts the transfer with the error code EONLY_FULL_TRANSFER. If get_force_full_transfer is enabled and the transfer originates from the US, any transfer to the platform wallet is rejected, regardless of whether the transfer satisfies the required full transfer conditions. As a result, valid transactions may be blocked.

Incorrect Reward Initialization

Severity: High

Ecosystem: Aptos

Protocol: Aptos Securitize

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

The issue in the lending core farming module occurs when a user is accruing a specific reward for the first time. When a user first starts accruing a reward, their last_acc_rewards_per_share is set to pool_acc_reward_per_share . This is problematic, as users who had staked before the reward was introduced will not receive any rewards for the period between their staking and their first accrue_user_pool_reward call.

Missing Solvency Check

Severity: High

Ecosystem: Aptos

Protocol: Echleon

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2025

Description:

isolated_lending::withdraw_internal lacks a check for bad debt, allowing users to withdraw supplied assets even if their position is underwater. This creates a vulnerability where users may extract value even though they are insolvent. If the borrowed value exceeds collateral, supply shares should not be withdrawable, as they may be needed to cover the shortfall.

kAPT Double Minting

Severity: High

Ecosystem: Aptos

Protocol: Kofi Finance Contacts

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2025

Description:

rewards_manager::update_rewards calculation does not account for minting fees. When stake is added to a delegation pool, an add_stake fee is deducted if the validator being delegated to is producing rewards for that epoch. This fee is temporarily subtracted from the delegator’s active stake and is refunded in the next epoch. The protocol tracks this fee separately and allows the admin to collect it asynchronously. Despite this, the staked APTs are still marked as rewards by the update_rewards function, causing it to mint kAPT on their behalf. Later, when the admin collects these fees, kAPT is re-minted for the same amount, resulting in double-minting and an immediate depegging of kAPT .

Absence of Verification for Reward Start Timestamp

Severity: High

Severity: Medium

Ecosystem: Sui

Protocol: Sui AMM Swap

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Sui-AMM-swap-Contracts-Audit-Report.pdf

Report Date: Nov 2022

Description:

In the function add_liquidity(), if it is the first injection of liquidity, the number of lp tokens obtained will be subtracted from the minimum liquidity value (MINIMAL_LIQUIDITY). The function of MINIMAL_LIQUIDITY is to limit the lower limit of lp supply, thereby reducing the unit price of lp token and increasing the attack cost of lp price manipulation.

This value is directly subtracted in the code, so the value of lp_supply does not increase, and this part should be mint and stored in an address instead of being directly subtracted.

Missing Key Validation in ReserveConfig

Severity: Medium

Ecosystem: Sui

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description:

No check if liquidation_threshold > loan_to_value. If threshold is lower, asset can be liquidated immediately when borrowing amount is close to borrowing capacity, resulting in loss to user.

Unreasonable Repayment of Logic for Flash Loans

Severity: Medium

Ecosystem: Sui

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description:

In the end_flash_loan() function within controller.move, when repayment is made for a flash loan, if the amount in coin_src exceeds the outstanding payment amount of the flash loan, the excess amount is used to repay other debts or make deposits. This is not a reasonable logic for flash loans.

Missing Reward Collection Check in burn_position Leads to Permanent Reward Loss

Severity: Medium

Ecosystem: Sui

Protocol: Magma DEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

The almm_pair::burn_position function allows users to completely destroy their liquidity positions without ensuring that accumulated rewards from the RewarderGlobalVault have been collected first. This function is designed to withdraw all liquidity from all bins in a position and destroy the position object, but it lacks a critical validation step to check if the position has unclaimed rewards from the rewarder system.

factory::revoke_protocol_fee_cap function is implemented incorrectly

Severity: Medium

Ecosystem: Sui

Protocol: Magma DEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

When revoking protocol_fee_cap, instead of removing the cap from allowed_protocol_fee_cap vector, we remove the cap from the allowed_admin, which will result in preventing of removing protocol_fee_cap as the Id is not added into allowed_admin.

Last Holder Can’t Exit, Zero‑Supply Unstake Reverts

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

When a user burns the entire remaining supply of a Cabal LST ( sxINIT or Cabal LPT) via initiate_unstake, the follow‑up processing step always aborts with a divide‑by‑zero and the user can never exit.

get_cost_amount allows unlimited free domain registrations

Severity: Medium

Ecosystem: Initia

Protocol: Initia Move

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-01-initia-move

Report Date: Apr 2025

Description:

The get_cost_amount function unintentionally sets the price for domain names of length greater than or equal to 7 to zero. FREE_LENGTH is defined as 7. When the length of the domain name is greater than or equal to 7, the else branch is executed, setting the price_per_year to 0. While this behavior may be intentional to make longer domain names free, it opens the system to abuse.

The proposal expiration logic is incorrect

Severity: Medium

Ecosystem: Initia

Protocol: Initia Move

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-01-initia-move

Report Date: Apr 2025

Description:

The is_proposal_expired function uses incorrect comparison logic that causes proposals to be marked as expired when they should still be active, and vice versa. This is as a result of the reversed comparison operator in the expiration check. The impact of this bug is high because valid proposals are incorrectly marked as expired which prevents legitimate voting. Also the voting period enforcement is effectively reversed. This effectively creates a DoS because any multisig wallet created would be unable to execute proposals.

Missing Token Order and Identity Validation in LP Token

Severity: Medium

Ecosystem: Aptos

Protocol: Hyperion Smart Contracts

Auditor: ExVul

Report: https://github.com/ExVul-Sec/AuditReport/blob/main/Smartcontract/Hyperion%20Smart%20Contrat%20Audit%20Report-Exvul.pdf

Report Date: Apr 2025

Description:

Two validation issues exist in the lp.move contract's LP token creation functions:

Token Pair Order Issue in get_pool_seeds Function

The get_pool_seeds function generates seeds directly from token_a and token_b without sorting. This can create different LP tokens for the same pair in different orders, potentially splitting liquidity pools.

Lack of Token Identity Check in LP Creation

The create_share_token function doesn't verify if token_a and token_b are the same, allowing creation of invalid single-token LP tokens.

Missing Tick Range Validation in Vault Creation

Severity: Medium

Ecosystem: Aptos

Protocol: Hyperion Smart Contracts

Auditor: ExVul

Report: https://github.com/ExVul-Sec/AuditReport/blob/main/Smartcontract/Hyperion%20Smart%20Contrat%20Audit%20Report-Exvul.pdf

Report Date: Apr 2025

Description:

The create_vault function allows users to specify tick_lower and tick_upper without any validation. This leads to two critical problems:

Invalid Tick Order:

There is no check ensuring that tick_lower < tick_upper. This violates the core design of Uniswap V3-style tick ranges, potentially resulting in vaults that cannot function properly due to misconfigured tick boundaries.

Lack of Tick Bound Checks:

Neither tick_lower nor tick_upper are validated against the protocol's global minimum/maximum tick bounds. This may allow the creation of positions outside the valid price range supported by the underlying pool, which could cause failures in liquidity provisioning or swaps.

set_next_variable_borrow_index() used instead of set_next_scaled_variable_debt()

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.1-3.3 Core

Auditor: Certora

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Certora%20Aave%20Aptos%20Core%20V3.1-V3.3%20Report.pdf

Report Date: Apr 2025

Description:

In the function liquidation_logic::burn_debt_tokens() a call to set_next_variable_borrow_index() has been wrongly introduced in the place of set_next_scaled_variable_debt(). This approach fails to update the relevant variable next_scaled_variable_debt and falsely updates next_variable_borrow_index, leading to the total_variable_debt and consequently, the current_liquidity_rate and current_variable_borrow_rate being updated to much lower values than they should.

Health factor check is too low

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.0.2

Auditor: Certora

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Certora%20Aave%20Aptos%20Core%20V3.0.2%20Report.pdf

Report Date: Apr 2025

Description:

validate_liquidation_call first checks if health_factor is less than 0.95e18, then again if health_factor is less than 1e18. The second check is redundant.

Retroactive windfall for first time users

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE V3

Auditor: Cantina Contest SRs

Report: https://cantina.xyz/code/ad445d42-9d39-4bcf-becb-0c6c8689b767/findings/192

Report Date: Jun 2025

Description:

In update_user_data, the code does:

if (!simple_map::contains_key(&reward_data.users_data, &user)) { simple_map::add(&mut reward_data.users_data, user, UserData { index: 0, accrued: 0 });}let (rewards_accrued, _) = calculate_rewards( user_balance, new_asset_index, (user_data.index as u256), asset_unit);

Because UserData.index is always initialized to 0, the very first call computes

rewards_accrued = user_balance * (new_asset_index – 0) / asset_unit

granting the newcomer the full cumulative rewards per token ever emitted. In Aave’s Solidity _updateUserAssetInternal, a fresh user’s stored index is immediately set to newAssetIndex and rewards are only calculated if their prior stake is nonzero, so first‐time participants never receive back-pay .

First-time users instantly drain the entire historical reward pool, diluting legitimate stakers and depleting treasury funds.

Partially filled APD redemptions always charge the full redemption fees

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs Aptos Dollar

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Thala%20Labs%20Move%20Dollar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

Because the variable redemption_fee_coin is not adjusted to account for partial redemptions, users who call vault::redeem_collateral are always charged full redemption fee.

Unable to unregister collateral CoinTypes

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs Aptos Dollar

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Thala%20Labs%20Move%20Dollar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Oct 2022

Description:

Collateral CoinTypes cannot be unregistered, and there’s no disincentive for borrowing against assets outside Thala’s risk framework. A freezing mechanism was added but requires further review.

Potentially incorrect implementation of multiple queue operations

Severity: Medium

Ecosystem: Aptos

Protocol: Laminar Markets

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2022

Description:

Coding mistakes in flow:queue. In the case index_to_remove is neither there is an assert, assert should also be there if index_to_remove is tail. queue::remove cannot handle length of 1 and in queue::in_next there is an assertion followed by an if and a second assert that will never fail.

Update the Reserves within the swap() Function

Severity: Medium

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

In the swap_exact_x_to_y_direct() function, the protocol swaps token X to token Y and subsequently calls update_reserves() to update the constant product. However, a best practice, as exemplified in the PancakeSwap code, is to call the update() function within the swap() function to handle the updates. This ensures that the reserves are consistently and efficiently updated during the swapping process.

Some View Function Logic Errors

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

The view function to get information about private_round is still retrieved from the ido_round field.

claim Function Can Be Called Multiple Times

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

Claim related functions can be called multiple times by the user.

Logic Error in Claim Function

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

The assertion function current_time > vesting_config.start causes the claim function to never reach the if branch of the vesting_config.start > current_time condition.

Insufficient Validation for amounts_out

Severity: Medium

Ecosystem: Aptos

Protocol: Cellena

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cellana-Smart-Contract-Final-Audit-Report.pdf

Report Date: Feb 2024

Description:

In the swap_route_entry function, the assertion at L130 only validates the last value in the amounts_out array, which is insufficient to verify that all values in the array are correct.

Incorrect Condition Statement

Severity: Medium

Ecosystem: Aptos

Protocol: Cellena

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cellana-Smart-Contract-Final-Audit-Report.pdf

Report Date: Feb 2024

Description:

In the optimal_liquidity_amounts function, the conditional statement if (amount_2 <= amount_2_desired) is always true. According to the context logic, the parameter amount_2 should be changed to amount_2_optimal.

Logic Design of The swap_route_entry Function

Severity: Medium

Ecosystem: Aptos

Protocol: Cellena

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cellana-Smart-Contract-Final-Audit-Report.pdf

Report Date: Feb 2024

Description:

The swap_route_entry function first swaps the first token from the from_token array with the first token from the to_token array. Then, it swaps the resulting token with the second token from the to_token array, and so on. Finally, it transfers the token from the last swap to the recipient. The correct design should be to swap each token in the from_token array with the corresponding token in the to_token array.

Limit Orders Cannot Be Executed

Severity: Medium

Ecosystem: Aptos

Protocol: Merkle Trade Smart Contract

Auditor: MoveBit

Report: https://movebit.xyz/reports/Merkle-Trade-Smart-Contract-Audit-Report.pdf

Report Date: July 2023

Description:

The function execute_order() is used to execute an order. Inside the function, it checks if more than 30 seconds have passed since the order was created. If the condition is met, it cancels the order by calling cancel_order_internal(). However, if the order is a limit order, it means that the order has a specific price set by the trader at which they are willing to buy or sell the asset, if this timeout has elapsed, the order is considered expired.

view_broker Should Not Return False Bool Directly

Severity: Medium

Ecosystem: Aptos

Protocol: Superposition

Auditor: MoveBit

Report: https://movebit.xyz/reports/Superposition-Final-Audit-Report.pdf

Report Date: Mar 2024

Description:

In broker.move, the view_broker is a function that reads the current state of the broker. However, instead of reading the bool values from the broker, several values directly return false. This will send wrong values for not only this view function but also other functions that call it, for example: borrow_with_ticket, lend_with_ticket, etc.

Fixed Slippage

Severity: Medium

Ecosystem: Aptos

Protocol: vibrantX

Auditor: MoveBit

Report: https://movebit.xyz/reports/vibrantX-Final-Audit-Report.pdf

Report Date: Jan 2024

Description:

Slippage protects users from losing tokens in some paris, but the fixed slippage settings can also lead to failed trades with high price volatility.

Wrong condition in assert

Severity: Medium

Ecosystem: Aptos

Protocol: Mokshya/Wapal Aptos NFT Mint

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mokshya-Wapal-Aptos-NFT-Mint-Smart-Contract-Audit.pdf

Report Date: Mar 2023

Description:

In the update_candy function, the royalty_points_denominator judges the wrong condition here, which will never be able to update candy_data.royal_points_denominator.

Unverified public_sale_mint_time must be greater than presale_mint_time

Severity: Medium

Ecosystem: Aptos

Protocol: Mokshya/Wapal Aptos NFT Mint

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mokshya-Wapal-Aptos-NFT-Mint-Smart-Contract-Audit.pdf

Report Date: Mar 2023

Description:

In candymachine::mint_from_merkle, public_sale_mint_time must be greater than presale_mint_time, but it is not verified when creating or modifying CandyMachine.

Business logic structure is too complex

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

batch_swap_five has 27 type parameters and 15 function parameters. Incovenient for code maintenance, user command line execution, and function call, gas consumption will also be higher.

Code readability needs to be improved in the get_intermediate_out_from_dex functions

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

Dex swap logic of six different branches can be split into six functions to improve readbility.

Common code should be encapsulated as a function to be called

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

batch_swap_three and batch_swap_five have roughly the same code except for the number of type parameters.

Excessive reliance on external dex contract calls and no way to control or suspend external dex

Severity: Medium

Ecosystem: Aptos

Protocol: Transit Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Transit-Finance-Audit-Report.pdf

Report Date: Nov 2022

Description:

No security measures in external contract calls to get_intermediate_out_from_dex exist.

Wrong event type emitted

Severity: Medium

Ecosystem: Aptos

Protocol: Cetus Concentrated Liquidity Protocol

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Cetus-Concentrated-Liquidity-Protocol-Aptos-Audit-Report.pdf

Report Date: Jan 2023

Description:

In create_pool, it emits CreatePoolEvent.coin_type_b with CoinTypeA.

The pool Coin Order Handle

Severity: Medium

Ecosystem: Aptos

Protocol: Cetus Concentrated Liquidity Protocol

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Cetus-Concentrated-Liquidity-Protocol-Aptos-Audit-Report.pdf

Report Date: Jan 2023

Description:

In create_pool, you can create a pool with CoinA, CoinB and CoinB, CoinA. This will cause confusion. Force user to create pool with coins in order, by adding an assert.

Liquidate Minimum Debt Vaults

Severity: Medium

Ecosystem: OL Network

Protocol: StakeSphere

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/StakeSphere-stealth-/blob/Wallet/Audit.md

Report Date: Apr 2024

Description:

StakeSphere enforces a minimum debt threshold when repaying vaults. That being said, liquidate_repay also enforces that the collateral ratio of the vault isn’t repaid fully. This means that vaults that are close to the minimum debt threshold cannot be liquidated.

No Check for Account Registration

Severity: Medium

Ecosystem: Binance Smart Chain

Protocol: AquaSwap

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/AuquaSwap-Audit-/blob/Wallet/Audit%20report.md

Report Date: 2024

Description:

The execute_limit_order function fails to verify if the recipient account is registered to receive the quote coin, potentially blocking order execution.

Calculation Errors - Overview

Arithmetic mistakes like rounding, overflow, or precision loss impacting balances or rewards.

Calculation Errors	Findings
Critical	10
High	25
Medium	52
Total	87

Critical Findings

Severity: Critical

Ecosystem: Sui

Protocol: Bluefin Spot

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Nov 2024

Description: The bluefin_vault contract is vulnerable to rounding manipulation attacks due to improper handling of token-to-share conversion rates, allowing exploitation of precision errors in share valuation. Additionally, inconsistent conditions in the shares calculation logic may cause deposits to yield zero shares when vault balances are mismatched, leading to potential fund loss.

Interest Rate Calculation Error

Severity: Critical

Ecosystem: Sui

Protocol: Navi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Navi-Smart-Contract-Audit-Report.pdf

Report Date: Jul 2023

Description: The SECOND_PER_YEAR constant is sometimes incorrectly calculated with milliseconds, resulting in a value 1000 times larger than intended, causing significant interest rate miscalculations.

Numerical Precision Error

Severity: Critical

Ecosystem: Sui

Protocol: Navi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Navi-Smart-Contract-Audit-Report.pdf

Report Date: July 2023

Description: In the repay function, the excess amount after repayment is returned through pool::withdraw, but excess_amount is not converted to decimal precision, causing incorrect amounts to be returned to users.

Flawed Validations Lead To Inaccuracies

Severity: Critical

Ecosystem: Sui

Protocol: Navi

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: June 2023

Description: In validator.move, validation functions for lending operations use scaled balances (supply and borrow) in conjunction with unscaled amounts, leading to calculation inconsistencies and inaccuracies across multiple functions.

Improper Conversion

Severity: Critical

Ecosystem: Sui

Protocol: Bucket

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: June 2023

Description: When repay_amount is greater than or equal to Bottle debt, the returned collateral is calculated as 1.1 times the debt amount. However, the debt amount is not adjusted based on the collateral token's decimals during conversion, resulting in improper collateral values (return_sui_amount).

Calculation Formula Error when Adding Liquidity

Severity: Critical

Ecosystem: Sui

Protocol: KriyaDEX

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/KriyaDEX-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: In the get_amount_for_add_liquidity function, the formula for obtaining the other token quantity through one token quantity is incorrect, directly affecting the liquidity addition functionality for users.

Incorrect Formula

Severity: Critical

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: The amount_to_refund calculation should also be divided by DecimalPrecision after being multiplied by it, preventing precision loss in refund amounts.

remove_liquidity does not call update_rewarder

Severity: Critical

Ecosystem: Aptos

Protocol: Cetus Concentrated Liquidity Protocol

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Cetus-Concentrated-Liquidity-Protocol-Aptos-Audit-Report.pdf

Report Date: Jan 2023

Description:

remove_liquidity does not call update_rewarder which will cause reward cumulative error.

Broken Stable Curve Math

Severity: Critical

Ecosystem: Aptos

Protocol: Pontem (Liquidswap)

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Sep 2025

Description:

The liquidity_pool::compute_and_verify_lp_value function, checks if the lp value is the same before and after a swap. When dealing with a stable curve, the lp value before the swap, is calculated incorrectly.

Overflow In Calculating Delta B

Severity: Critical

Ecosystem: Sui

Protocol: Cetus

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Jan 2023

Description:

The function get_delta_b is used to calculate the amount_b for specified liquidity. However, its implementation relies on the assumption that themultiplication ofliquidityandsqrt_price_diff returns the value < 2**128 which does not require to be true.

High Findings

Risk of Arithmetic Overflow

Severity: High

Ecosystem: Sui

Protocol: Aftermath Orderbook

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2024

Description: In ticks_per_lot_to_quote_per_base, a multiplication operation between ticks_per_lot and tick_size can overflow if the result exceeds the maximum representable value of a u64, resulting in an integer overflow vulnerability.

Fund Loss Due to Unchecked Conversion

Severity: High

Ecosystem: Sui

Protocol: Aftermath

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Jan 2025

Description: An incorrect calculation turns negative values into positive values, causing unexpected profit and fund loss. The conversion is not properly validated, leading to unintended financial outcomes.

Incorrect Price Calculation

Severity: High

Ecosystem: Sui

Protocol: Aftermath

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2023

Description: In math.move, the functions calc_oracle_price and calc_spot_price are intended to calculate the price of BASE coin in terms of QUOTE coin. However, calc_spot_price_fixed incorrectly computes the price of out-coin in terms of in-coin, inverting the intended calculation.

Inconsistent Assert Statement

Severity: High

Ecosystem: Sui

Protocol: Bluefin

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2024

Description: The request_profit_withdraw_from_vault function fails to account for vault.pending_profit_amount in its withdrawal validation, allowing the holding account to inflate pending profits and bypass balance checks. As a result, withdrawals can exceed the actual available profit, leading to potential fund misallocation or loss.

Round Up Shares

Severity: High

Ecosystem: Sui

Protocol: Volo

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2023

Description: By staking the minimum number of Sui repeatedly, due to rounding errors, users can receive more Cert tokens when unstaking than intended, effectively exploiting the protocol.

Precision Loss Results in Rewards being Left in the Contract and Unable to be Withdrawn

Severity: High

Ecosystem: Sui

Protocol: Cetus Farming

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf

Report Date: Jan 2024

Description: The accumulate_pool_reward() function experiences two instances of precision loss: once when calculating rewards for each pool based on proportion, and again when calculating acc_per_share using pool_acc_reward/total_pool_share. This results in residual rewards that cannot be withdrawn after all users claim their rewards.

pending_reward Is Not Compatible

Severity: High

Ecosystem: Sui

Protocol: Cetus Farming

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf

Report Date: Jan 2024

Description: In both add_liquidity_fix_coin and remove_liquidity functions, without the addition of pos_info.reward, the pending_reward calculation would be incorrect, causing major problems in reward distribution.

Erroneous Calculation Leads To Unfair Liquidation

Severity: High

Ecosystem: Sui

Protocol: Navi

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Jun 2023

Description: In logic.move, the calculate_max_liquidation function has calculation inaccuracies when retrieving max_liquidable_collateral and max_liquidable_debt. These calculation errors create exploitable opportunities for attackers to profit from improper liquidation scenarios.

Accuracy Loss

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: In the claim_rewards function, amount_to_claim is incorrectly calculated, potentially resulting in 0 or unclaimable funds. The calculation should multiply before dividing to reduce accuracy loss.

Incorrect Calculation in amount_to_claim in claim function

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: A calculation error in the condition for amount_to_claim in the claim function causes incorrect reward amounts to be claimed.

Overflow Risk in i64::sub

Severity: High

Ecosystem: Sui

Protocol: Typus Finance

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Typus-Finance-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: The i64::sub operation has an overflow risk, potentially causing unexpected behavior or contract failure.

Improper Reward Calculations in reward_distributor.move

Severity: High

Ecosystem: Unknown

Protocol: Project Zenith

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/Project-Z-Security-Audit-Report/blob/Wallet/audit.md

Report Date: Mar 2024

Description: The accumulated_gain function inaccurately calculates token earnings, neglecting contributions to subsequent scales, leading to incorrect reward distributions.

Severity: High

Ecosystem: Aptos

Protocol: PancakeSwap

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/PancakeSwap%20Aptos%20-%20Zellic%20Audit%20Report.pdf

Report Date: Nov 2022

Description:

The precision_factor used to avoid division precision errors is not large enough to mitigate truncation to zero errors.

Potential overflow in the add_reward function

Severity: High

Ecosystem: Aptos

Protocol: PancakeSwap

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/PancakeSwap%20Aptos%20-%20Zellic%20Audit%20Report.pdf

Report Date: Nov 2022

Description:

In the add_rewards function there is an assert that may cause an overflow by multiplying two u64 values.

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

Wwhen users unstake, the protocol also updates the magnified dividends per share. The calculation involves adding ((amount as u128) * pool_info.precision_factor / (pool_info.staked_tokens as u128)) to the original per share x or per share y values.

This is incorrect, as it causes the pool_info.magnified_dividends_per_share_x or pool_info.magnified_dividends_per_share_y values to increase without actual rewards being distributed to the rewards pool.

When Calculating Fees for Token Info Y Only, There is An Incorrect Passing of rewards_coins

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

rewards_coins is extracted from metadata.balance_y, but when calling the update_pool() function, it passes these rewards coins to reward_x,causing confusion in calculation logic.

Unstrict Swap Invariant

Severity: High

Ecosystem: Aptos

Protocol: Pontem (Liquidswap)

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Sep 2022

Description:

When dealing with an uncorrelated curve, the program introduced an error by reporting an incorrect swap if the lp_value after the swap is strictly smaller than the lp_value before the swap. The swap should be valid only when the value after is greater than the value before. Otherwise, swapping would be able to exploit potential rounding errors, depending on the precision of the relevant curves.

Improper Calculation in Liquidation

Severity: High

Ecosystem: Aptos

Protocol: Aries Markets

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Nov 2022

Description:

In the else case of the liquidation function, the settle_share_amount should be calculated from the repay_amount using the get_share_amount_from_borrow_amount function. Instead, the repay amount is directly returned as the settle share amount.

Improper Reward Calculations

Severity: High

Ecosystem: Aptos

Protocol: Thala Labs

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2023

Description:

In the protocol module, accumulated_gain calculates the earnings of a token based solely on the scale of the snapshot. However, it is possible for a user’s amount to have participated in the distribution of the next scale as well. As a result, the failure to account for this may lead to incorrect calculations of token earnings.

Improper Reward Calculations

Severity: High

Ecosystem: Aptos

Protocol: Thala

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

In the protocol module, accumulated_gain calculates the earnings of a token solely based on the scale of the snapshot. However, a user’s amount may have participated in the distribution of the subsequent scale as well. As a result, the failure to account for this may lead to incorrect calculations of token earnings.

Utilization Of Unsuitable Rounding Direction

Severity: High

Ecosystem: Aptos

Protocol: Meso Lending

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: July 2024

Description:

When calculate_shares performs a floor rounding (rounding down) in share calculations in borrow_internal and withdraw , the user may end up with fewer debt shares than they are entitled to, resulting in them owing more assets than the value represented by their shares. As a result, users will effectively earn funds for free because they are receiving fewer debt shares for their borrowings. The pool’s total debt increases without the user receiving proportional debt shares.

Abort Due to Underflow in Difference Calculation

Severity: High

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Deepbook V3

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2025

Description:

When the user chooses to pay the fee in DEEP, deep_quantity is calculated from fee_quantity. However, if deep_quantity turns out to be 0, the fee may be incorrectly calculated in base or quote instead, resulting in the fee being paid in a way that does not match the user’s intention.

Severity: Medium

Ecosystem: Sui

Protocol: BlueFin

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2024

Description:

In withdraw_from_vault, when a user withdraws funds, the share count vault.total_shares is appropriately reduced. However, a critical vulnerability arises as no corresponding adjustment occurs to vault_total_balance. Although vault_total_balance is calculated based on the current vault balance, it fails to account for the reduced shares resulting from the withdrawal. Consequently, the share price may experience temporary inflation, given that vault_total_balance remains unchanged despite the reduction in total shares.

Price Manipulation

Severity: Medium

Ecosystem: Sui

Protocol: Aftermath Orderbook

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2024

Description:

Currently, during the calculation of premium_twap and spread_twap, lip_max_book_index_spread confines the book_price within a range of plus five to negative five percent of the index_price. Nevertheless, it remains possible to influence the time-weighted average price by manipulating the mark_price within the same percentage range of the index_price.

Incorrectly Calculated Reward Period

Severity: Medium

Ecosystem: Sui

Protocol: Turbos

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2024

Description:

total_elapsed_time skipped if emission = 0.

Missing Tick Step Validation

Severity: Medium

Ecosystem: Sui

Protocol: Turbos

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2024

Description:

Overflow and abort since base_tick_step and limit_tick_step are user inputted.

Volume Overflow Risk

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Deepbook

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2024

Description:

Self-trading and flash loans can cause overflow.

Improper Order Quantity Calculation

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Deepbook

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2024

Description:

get_quantity_out and get_level2_range_and_ticks do not account for the remaining quantity of orders.

BigVector Size Overflow

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Deepbook

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2024

Description:

This is especially relevant due to the Sui Move runtime’s limitation on maximum object size, which is 256000 bytes. If the leaf objects in the BigVector exceed this limit, the Move runtime will throw an error, preventing the order book from functioning correctly.

Prevention of Pool Closure Due to Rounding

Severity: Medium

Ecosystem: Sui

Protocol: Hop Aggregator

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2024

Description:

max_amount_in and amount_out round down. Pool could remain in OPEN state, even though empty.

Withdrawals from staking pools may result in rounding errors, which results in lost rewards

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Labs Sui

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

Rounding down issue, if user attempts to withdraw small number of tokens, could round down to nothing.

Precision Loss In Redistribution

Severity: Medium

Ecosystem: Sui

Protocol: Bucket

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: June 2023

Description:

Since the accumulators are not factored by some value, directly dividing the collateral and debt amounts with total stake leads to less precise rounded-down values, which the accumulators add and lead to imprecise accumulation.

Improper Tank Value Update

Severity: Medium

Ecosystem: Sui

Protocol: Bucket

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: June 2023

Description:

start_s and start_g incorrectly updated.

Overflow In Calculation Of Delta A

Severity: Medium

Ecosystem: Aptos

Protocol: Cetus

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Jan 2023

Description:

The numberator value is not validated before running u256::shlw on it. As a result, the non-zero bytes might be removed, which leads to an incorrect calculation of the value.

Precision Loss Issue In Weighted Math

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2023

Description:

In the math module, the calculation of the amount taken in during a swap is based on the amount given out, the balances in the pool, and the weights of the assets. calc_in_given_out_internal is responsible for this calculation, which involves using log_exp_math::pow to perform the required exponentiation. log_exp_math::pow used by calc_in_given_out_internal is vulnerable to precision errors, which may return incorrect values. For instance, the function may incorrectly calculate 1.0000000002 ** 1 = 1.0. This precision issue can be exploited in calc_in_given_out_internal, leading to a return value of zero despite a non-zero amount_out value.

Improper Price Deviation Calculation Formula

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2023

Description:

get_price_diff_ is responsible for computing price deviation. However, to calculate the percentage of price deviation, the formula should be (diff(new_price, old_price) / old_price) * 100. The current implementation uses new_price as the denominator if new_price > old_price. Use b (old_price) as the denominator in both cases.

Including Interest In Vault CR Calculation

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2023

Description:

redeem_collateral and liquidate calculate the collateral ratio (CR) for a vault, however CR is calculated without considering the vault.interest, leading to the use of an incorrect CR value in other calculations.

Incorrect Withdraw Fee Calculation On Update

Severity: Medium

Ecosystem: Aptos

Protocol: Steamflow

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Mar 2023

Description:

In protocol::update, the change in the amount_per_period triggers an additional fee calculation using withdrawal_fees based on contract.start. However, using the start time for fee calculation results in the fee being recalculated for the period.

Improper Fee Amount Calculation With Zero Fees

Severity: Medium

Ecosystem: Aptos

Protocol: Steamflow

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Mar 2023

Description:

protocol::fee_amount is used to calculate the fee for a given amount using the input parameter fees as basis points (bps). However, the case of fees == 0 incorrectly returns the total amount as the fee. Instead, the function should check for fees == 10000 to return the total amount as the fee correctly.

Precision Loss Issue In Weighted Math

Severity: Medium

Ecosystem: Aptos

Protocol: Thala

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

log_exp_math::pow used by calc_in_given_out_internal is vulnerable to precision errors, which may return incorrect values.

Severity: Medium

Ecosystem: Aptos

Protocol: Propbase

Auditor: Hacken

Report: https://hacken.io/audits/propbase/sca-propbase-staking-feb2024/

Report Date: Feb 2024

Description:

The Propbase protocol uses $PROPS token for staking operations. The protocol distributes staking rewards as $PROPS to stakeholders. In addition, admin of the protocol sets a penalty_rate during the pool creation. The penalty rate amount can be set between 1 and 50. The purpose of this variable is to penalize early withdrawals.

The penalty calculation can be seen at below:

let penalty = amount / 100 * stake_pool_config.penalty_rate;

Currently, there is no lower bound for withdraw amount in the code. Therefore, it is possible to chunk the total withdraw amount by 99 in order to bypass this penalty according to the formula above.

let penalty = 99 / 100 * stake_pool_config.penalty_rate (0-50);
penalty = 0;

As a result, it is possible to bypass the early withdrawal penalty due to this precision loss.

Incorrect Fee Calculation in Quoter Function Leads to Underestimated Input Amounts

Severity: Medium

Ecosystem: Sui

Protocol: Magma DEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

The almm_pair::get_swap_in function serves as a quoter function that calculates the required input amount for a given output amount in the ALMM protocol. This function is critical for frontend applications to provide accurate swap quotes and enable proper slippage calculations. The function iterates through bins to calculate the total input amount needed for a desired output. For each bin, it calculates amount_in_without_fee based on the bin's price and then adds the fee amount. However, the function incorrectly uses fee::get_fee_amount_from instead of fee::get_fee_amount for fee calculations.

Unstaking from LP pools will cause underflow and lock user funds

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

If the last pool is empty or with insufficient funds an underflow will occur.

The liquidator will incur a loss when performing liquidationCall

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE V3

Auditor: Cantina Contest SRs

Report: https://cantina.xyz/code/ad445d42-9d39-4bcf-becb-0c6c8689b767/findings/192

Report Date: Jun 2025

Description:

ccording to the Aave documentation, the liquidation_bonus must be above 100%.

However, the current calculations result in values below 100% :

(5 * math_utils::get_percentage_factor()) / 100*// (5 * 10000) / 100 = 500* (85 * math_utils::get_percentage_factor()) / 1000*// (85 * 10000) / 1000 = 850*

These values are far below the expected minimum of 10000 (which represents 100%). To be valid, the value must be greater than 10000.

Incorrect Calculation of share_proportion

Severity: Medium

Ecosystem: Aptos

Protocol: Echelon

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Echelon%20-%20Zellic%20Audit%20Report%20(January).pdf

Report Date: Jan 2025

Description:

asset_amounts * BPS_BASE / deposit_amounts will not properly calculate the percentage of the deposit. Currently, the number of users is divided by the total number of tokens, so the exact ratio is not calculated.

The operator can Evade The Fees When Loaning Assets

Severity: Medium

Ecosystem: Aptos

Protocol: Amnis

Auditor: MoveBit

Report: https://movebit.xyz/reports/Amnis-Final-Audit-Report.pdf

Report Date: Mar 2024

Description:

The function pegging.loan_apt() allows the operator to withdraw funds from the protocol, but a certain fee is required when returning the funds. The fee calculation is as follows: math64::mul_div(amount, pegging().loan_fee, BPS_MAX) According to the protocol configuration, we found that loan_fee is 10, and BPS_MAX is 10000. When amount * 10 < 10000 , users will not have to pay any fees. Therefore, the operator can repeatedly borrow 999 to avoid the fees. It is recommended to set a minimum loan amount or to check if the fee is 0, in which case borrowing assets should not be allowed.

Rounding Errors Handling Is Not Best Practice

Severity: Medium

Ecosystem: Aptos

Protocol: Superposition

Auditor: MoveBit

Report: https://movebit.xyz/reports/Superposition-Final-Audit-Report.pdf

Report Date: Mar 2024

Description:

In both borrow and repay functions, a rounding handling increases amount by one. However, this brutal force method is not a good practice since it may add one extra layer to the rounding (if it is already rounded up).

Single points of control (e.g., owner-only functions) that undermine decentralization or enable abuse.

Centralization Risk	Findings
High	8
Medium	8
Total	16

High Findings

BKT Token Centralization Risk

Severity: High

Ecosystem: Sui

Protocol: Bucket

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Bucket-Protocol-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description:

The allocate_bkt function has too much authority and can be locked up by anyone, in any amount, and at any time, which creates a risk of centralization.

Recommendation:

Manage BktAdminCap with multi-signature account to mitigate the risk.

Centralization Risk (Aftermath Finance)

Severity: High

Ecosystem: Sui

Protocol: Aftermath Finance LSD

Auditor: MoveBit

Report: https://movebit.xyz/reports/Aftermath-Finance-Liquid-Staking-Derivative-Audit-Report.pdf

Report Date: Nov 2023

Description:

The admin account holds multiple powerful permissions. If compromised, an attacker could manipulate the protocol or its assets. See the full report for a detailed list of admin capabilities.

Centralization Risk (KunaLabs)

Severity: High

Ecosystem: Sui

Protocol: KunaLabs Yield Optimizer

Auditor: MoveBit

Report: https://movebit.xyz/reports/Yield-Optimizer-Final-Audit-Report.pdf

Report Date: Nov 2023

Description:

Severity: High

Ecosystem: Sui

Protocol: Volo

Auditor: MoveBit

Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf

Report Date: Sep 2023

Description:

There are some risks of centralization in the contract, the admin can set the total_rewards of the NativePool, which will result in a change in the rate calculation of the contract.

Centralization Risk

Severity: High

Inconsistencies between contract versions or mirrored implementations causing unexpected outcomes.

Cross-Implementation	Findings
Medium	2
Total	2

Medium Findings

collector and AToken treasury incompatibilities

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE Periphery

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Core%20V3.1-V3.3%20Report.pdf

Report Date: Jun 2025

Description:

A few different design issues in the collector.move module compared to the Solidity contracts.

GHO is misconfigured in Aptos Deployment

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE Core

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Periphery%20V3.0.2%20Report.pdf

Report Date: Jun 2025

Description:

Solidity vs Move design issues in interest rate strategy.

Constant Definition - Overview

Hardcoded constants or misconfigured parameters leading to misbehavior or rigid protocol design.

Constant Definition	Findings
Critical	2
High	1
Medium	4
Total	7

Critical Findings

Faulty Constant Definition

Severity: Critical

Ecosystem: Sui

Protocol: Bluefin Spot

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Nov 2024

Description:

The MAX_u64 constant is incorrectly defined as 0xFFFFFFFFFFFFFFF (15 characters) instead of 0xFFFFFFFFFFFFFFFF (16 characters). This omission causes errors in tick calculations by ignoring the most significant bit.

DefaultBidPercentage Misconfiguration

Severity: Critical

Ecosystem: Sui

Protocol: MoviePass Exchange

Auditor: Certora

Report: https://github.com/Certora/SecurityReports/blob/main/Reports/2025/03_02_2025_MoviePass_MSX-MR.pdf

Report Date: Feb 2025

Description:

The DefaultBidPercentage constant is incorrectly set to 10_000 instead of 1_000_000, causing the maximum bid rate to be misconfigured and potentially allowing unexpected bid behaviors.

High Findings

Incorrect Variable Assignment

Severity: High

Desynchronized or outdated state across contracts or storage variables breaking protocol invariants.

Data Inconsistency	Findings
Critical	2
High	9
Medium	6
Total	17

Critical Findings

Token Identifier Collision

Severity: Critical

Ecosystem: OL Network

Protocol: StakeSphere

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/StakeSphere-stealth-/blob/Wallet/Audit.md

Report Date: Apr 2024

Description:

The get_pool_address function generates a unique address for a liquidity pool linked to trading pairs of fungible assets. This function creates and returns an address that uniquely identifies the liquidity pool for the specified pair of tokens. Users have the liberty to construct an Object using any symbol of their choice, which offers a great deal of flexibility. This flexibility, however, can lead to the creation of Object instances that closely resemble other existing instances. This situation might lead to a seed collision, which could subsequently cause a collision in the generation of the pool address.

Improper Implementation Of Positions

Severity: Critical

Severity: High

Ecosystem: Sui

Protocol: Volo

Auditor: MoveBit

Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf

Report Date: Oct 2023

Description:

In the remove_stakes function, when the condition of L184 is not satisfied, the logic of L188-L191 will be executed. The value of requested_amount should be changed to requested_amount - principal_value. If the value of requested_amount is not updated, the actual amount withdrawn will be greater than requested_amount.

Severity: High

Ecosystem: Sui

Protocol: Random-Vault

Auditor: MoveBit

Report: https://movebit.xyz/reports/Random-Vault-Final-Audit-Report.pdf

Report Date: Feb 2024

Description:

When a user deposits multiple times, the contract updates round.total_share but fails to update the individual user’s share, leading to incorrect share accounting and potential loss of rewards.

token.start_p is not updated

Severity: High

Ecosystem: Sui

Protocol: Bucket

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Bucket-Protocol-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description: After invoking claim_collateral, the start_p value remains unchanged. This can cause subsequent logic errors and inconsistencies in state-dependent calculations.

ReserveData not Updated

Severity: High

Ecosystem: Sui

Protocol: Navi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Navi-Smart-Contract-Audit-Report.pdf

Report Date: July 2023

Description: In the execute_withdraw function, small remaining amounts after withdrawal are sent to the treasury, but the user’s asset data and reserve balance in ReserveData are not updated. This leads to calculation errors and data desynchronization across the protocol.

Position Rewarder Checkpoint is not updated when changing liquidity

Severity: High

Ecosystem: Sui

Protocol: Magma DEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

When adjusting liquidity (inc/dec), only the global fee growth is checkpointed. However, reward growth from the reward manager is initialized only once at position creation via position_info_load_rewarder_growth_from_bin and never updated afterward, causing incomplete reward accounting.

LP unstaking only burns the shares but leaves the underlying tokens in the system, which distorts the shares-to-tokens ratio and leads to incorrect amounts being calculated during staking and unstaking

Severity: High

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

When a user unstakes LP tokens, the corresponding shares (Cabal tokens) are burned. However, the actual undelegation from the validator will occur only after a delay of up to 3 days. During this period, the shares are already burned, but the underlying tokens are still included in shares-to-token conversions.

Medium Findings

Attacker Can Desynchronize Supply Snapshot During Same-Block Unstake, Reducing Everyone’s Rewards

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

An attacker holding Cabal LSTs (like sxINIT) can monitor the mempool for the manager’s voting_reward::snapshot() transaction. By submitting his own cabal::initiate_unstake transaction to execute in the same block (H) as the manager’s snapshot, the attacker can use two flaws: cabal_token::burn (called by their unstake) doesn’t update the supply snapshot for block H, leaving the recorded supply artificially high (pre-burn). cabal_token::check_snapshot skips recording the attacker’s own balance for block H. Later reward calculations use the stale high supply but retrieve the attacker’s now lower (post-burn) balance via fallback logic. This desynchronization causes the total calculated reward shares to be less than 100%, reducing the rewards paid out to all users for that cycle.

LP Redelegation Uses Inaccurate Internal Tracker Amount, Leading to Potential Failures or Orphaned Funds

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

The redelegate_lp function, called during validator changes for LP pools, uses the internal pool.amount tracker to specify the amount for MsgBeginRedelegate. This tracker can diverge from the actual staked amount due to unreflected rewards or slashing, potentially causing redelegation failures or leaving funds staked with the old validator.

Desynchronization of Cabal’s internal accounting with actual staked INIT amounts leads to over-minting of sxINIT tokens

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

The Cabal Protocol’s implementation of compound_xinit_pool_rewards fails to synchronize the protocol’s internal accounting (m_store.staked_amounts) with the actual amount of INIT tokens staked in the underlying Initia staking system. This creates a vulnerability where external events like slashing penalties or validator-initiated actions that reduce the staked amount are not reflected in Cabal’s internal state.

Loss of funds due to address mappings are not cleaned up after domain expiry

Severity: Medium

Ecosystem: Initia

Protocol: Initia Move

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-01-initia-move

Report Date: Apr 2025

Description:

The register_domain function doesn’t properly clean up old mappings (name_to_addr and addr_to_name) when a new user registers an expired domain. While it removes the old name_to_token mapping, it leaves the previous user’s address mappings.

Update magnified_dividends_per_share Values When staked_tokens Reaches Zero

Severity: Medium

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

When pool_info.staked_tokens reaches zero,the protocol fails to update pool_info.magnified_dividends_per_share_x and pool_info.magnified_dividends_per_share_y . This inconsistency results in a mismatch between the current state of pool_info and its initialized state.

Incorrect metadata used for deposit_stkapt function

Severity: Medium

Ecosystem: Aptos

Protocol: KoFi Finance

Auditor: MoveJay

Report: https://github.com/KofiFinance/audits/blob/main/Kofi%20Finance%20-%20Zenith%20Audit%20Report.pdf

Report Date: Mar 2025

Description:

In the deposit_stkapt function, the code incorrectly uses kAPT_coin::metadata() instead of stkAPT_coin::metadata() when creating/accessing the fungible store for stkAPT tokens. This mismatch between token type and metadata will cause deposits to fail. The function is supposed to deposit stkAPT tokens but is using kAPT metadata to identify the store.

Denial of Service (DoS) - Overview

Logic that can halt execution, lock funds, or make functions unusable.

DoS	Findings
Critical	1
High	2
Medium	24
Total	27

Critical Findings

burn_from_bins_internal is subjected to DoS as we reset global liquidity when one bins liquidity goes to zero

Severity: Critical

Severity: Medium

Ecosystem: Aptos

Protocol: Echelon

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2025

Description:

The vulnerability relates to the creation of a primary fungible asset store in new_reward_fa in the lending core (shown below) and isolated core farming modules. new_reward_fa tries to create a primary store for the asset at the package address utilizing create_primary_store , which does not check if a store already exists at the address before creating a new one.

Thus, primary_fungible_store::create_primary_store aborts if a primary store already exists at the address. As anyone may create a primary store at any address since it is permissionless, it enables an attacker to create a primary store for an asset at the package address. This action will block any subsequent attempts to add that address as a farming reward in both lending_core and isolated_lending farms.

Risk of Self-Dos

Severity: Medium

Ecosystem: Sui

Protocol: Volo

Auditor: MoveBit

Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf

Report Date: Sep 2023

Description:

In line 199 of the remove_stakes function, it is necessary to deal with the situation that staked_sui_mut_ref - requested_amount is less than 1 Sui , otherwise it will cause self-dos.

Option params in CLI

Severity: Medium

Ecosystem: Sui

Protocol: Legend of Arcadia

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Legend-of-Arcadia-Smart-Contract-Audit-Report.pdf

Report Date: Jun 2023

Description:

burn_request and update_metadata_request have Option type parameters. If these parameters cannot be passed in CLI, users cannot call functions, causing DOS on these functions.

DoS on Failed Transfer Operations on the Same Object

Severity: Medium

Ecosystem: Sui

Protocol: MSafe Maven

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Maven-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description:

Multiple transfer requests cause DoS as first transfer succeeds, other requests fail when execute_object_operation is called.

DoS from Privileged User where Permission has Single Signer Settings

Severity: Medium

Ecosystem: Sui

Protocol: MSafe Maven

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Maven-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description:

If proposer and approver are in same roles, the role only has one signer with the authority to vote on the propsal. This will cause execution queue to be blocked resulting in a DoS.

claim Function May Cause DOS Problems

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

In the claim function, when lock_amount is equal to round_config.balances, it will extract all the coins in round_config.balances , but by calculating the lock_amount may be less than round_config.balances, then the function will always fail when reaching the else branch to extract the lock_amount from balances.

Reentrancy Check in lock_staking::reentry_check Causes Concurrent INIT Deposit Failures (DOS)

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

The liquid staking protocol’s deposit_init_for_xinit function, which allows users to deposit INIT tokens to receive xINIT, is vulnerable to transaction failures when multiple users deposit concurrently in the same block. The function withdraws INIT tokens and delegates them to a validator via pool_router::add_stake, which triggers lock_staking::delegate. This, in turn, invokes reentry_check to prevent multiple delegations in the same block.

If a second user attempts to deposit in the same block as another, their transaction fails with error code 196618 (EREENTER), as reentry_check detects that the StakingAccount was already modified in the current block. This vulnerability disrupts users’ ability to participate in the protocol, particularly during periods of high transaction activity.

Severity: Medium

Ecosystem: Initia

Protocol: Cabal Liquid Staking

Auditor: Code4Arena Contest Security Researchers

Report: https://code4rena.com/reports/2025-04-cabal-liquid-staking-token

Report Date: May 2025

Description:

Users can stake both INIT and LP tokens into different validator pools by calling functions like deposit_init_for_xinit or stake_asset. To exit, users initiate an unstake via initiate_unstake, which starts an unbonding period. After this delay, they can claim their tokens through claim_unbonded_assets.

Behind the scenes, these staked assets are delegated to validators, and slashing may occur—meaning a portion of the delegated tokens could be penalized (burned). To stay accurate, the protocol uses pool_router::get_real_total_stakes to track the current delegated amount. However, the current unstaking flow doesn’t properly account for slashing events that may occur during the unbonding period.

DoS due Unbounded Rewards Map

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.1-3.3 Core

Auditor: OtterSec

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Ottersec%20Aave%20Aptos%20V3.1-V3.3%20Report.pdf

Report Date: Aug 2025

Description:

The rewards_controller logic utilizes a SimpleMap to store users_data for each reward distribution. SimpleMap is implemented as a vector of key-value pairs, which implies that every insertion or lookup requires linear-time scanning of the vector. As this structure grows, its performance degrades, and operations that iterate over it may run out of gas. Specifically, in this case, every user is expected to maintain an entry in the map. As a result, the map is expected to grow indefinitely.

Since this is permissionless, a malicious actor may create many such entries by interacting with the pool repeatedly. Consequently, if the vector grows excessively, handle_action may start failing due to out-of-gas issues, as gas utilization for common operations such as mint, burn, supply, or liquidate may exceed the transaction limit, resulting in a denial-of-service scenario.

Front Running - Overview

Attackers exploit transaction ordering or mempool visibility to gain unfair advantage.

Front-running	Findings
High	3
Medium	2
Total	5

address and seed are trivial. Attacker can front-run book::create_orderbook by creating account at right address, causing a revert.

Medium Findings

Duplicate-order DoS via front-running deterministic order_id

Severity: Medium

Ecosystem: Sui

Protocol: Garden Move

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Garden%20Move%20Deploy%20-%20Zellic%20Audit%20Report.pdf

Report Date: May 2025

Description:

order_id is publicly visible — initiate_on_behalf lets anyone set order_id without verifying initiator ownership, allowing attackers to replay the transaction (e.g., with amount = 1) to trigger a DuplicateOrder error for the legitimate request.

Front-Running Pair/Market Creation

Severity: Medium

Ecosystem: Aptos

Protocol: Echelon

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2025

Description:

create_pair_with_jump_model in isolated_lending is responsible for creating a new lending pair with a jump interest rate model. However, it is vulnerable to front-running. An attacker may observe a pending pair creation and preemptively register their Aptos account to the to-be-created pair’s address before the pair is fully initialized. Similarly, in lending_core , create_market_with_jump_model_v2 , the market creation may be front-run with a call to register the Aptos account at the address of the market that it is going to be created, resulting in a denial-of-service scenario.

Inefficient or unbounded gas use that increases costs or causes function failure.

Gas-related Issues	Findings
Medium	11
Total	11

When confirming a Momentum Safe registration, the address is removed from the pending vector of the owner’s OwnerMomentumSafes using a linear search. As anyone can register Momentum Safes for the owner, this causes the pending vector to grow. Note that an attacker can register a Momentum Safe in O(1) time, but all future operations will cost O(n) for the victim. This asymptotic difference makes it a viable gas-griefing attack vector.

Inflation Attacks - Overview

Manipulating token supply or pricing mechanisms to artificially inflate token value or circulation, leading to economic imbalance or devaluation.

Inflation Attacks	Findings
Medium	1
Total	1

Medium Findings

Inflation Attack on Zero Total Stake

Severity: Medium

Ecosystem: Aptos

Protocol: Thala LSD

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2025

Description:

staking::stake_thAPT_v2 is susceptible to an inflation attack, which may allow the first depositor to exploit subsequent depositors by manipulating the exchange rate. This can be achieved by making an initial deposit, which would depeg the 1:1 initial ratio between the sthAPT_supply and the thAPT_staking amount due to the staking fee. After this point, the attacker can continue making progressively larger deposits into the pool, resulting in zero minted sthAPT, further inflating the price.

Input Validation - Overview

Missing or weak checks on user input leading to invalid or malicious state changes.

Input Validation	Findings
Critical	14
High	23
Medium	22
Total	59

Description:

In the functions market::place_market_order and market::place_limit_order(), when placing an order, there is no type verification against the original market types. Usually, the market should only allow orders of the same type, but this check was not enforced while placing an order. This would allow attackers to use incorrect coin types against the market, transferring coins of an incorrect type.

High Findings

Lack of Minimum Liquidity Constraint

Severity: High

Ecosystem: Sui

Protocol: Solend Steam

Auditor: OtterSec

Report: https://www.notion.so/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2025

Description: Insufficient minimum liquidity may expose the protocol to inflation attacks, enabling malicious actors to manipulate the value of bToken. If bToken value exceeds a 1:1 ratio, burning bToken and increasing the underlying token amount can trigger zero mint on user deposits, causing losses.

Severity: High

Ecosystem: Sui

Protocol: Mysten Walrus

Auditor: OtterSec

Report: https://www.notion.so/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Feb 2025

Description: The staking_inner::request_withdraw_stake function does not explicitly prevent withdrawal requests with a share_amount of zero. This oversight allows malicious users to manipulate the staking pool's share-to-asset ratio by withdrawing a small principal or leaving it, potentially causing denial of service.

Unfair Rewards via Incorrect Supply Pool Instance

Severity: High

Ecosystem: Sui

Protocol: Kuna Labs

Auditor: OtterSec

Report: https://www.notion.so/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: June 2025

Description: If a user borrows from SupplyPool<X, SX0> to create a position, a malicious liquidator can exploit this by passing a different SupplyPool instance than the one used when the position was created, enabling extraction of extra rewards.

Trade Proof Bypass

Severity: High

Ecosystem: Sui

Protocol: Mysten Deepbook

Auditor: OtterSec

Report: https://www.notion.so/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Aug 2024

Description: If balances_in and balances_out are equal, the trade proof can be bypassed, allowing invalid trades to be executed without proper validation.

Bypass of the id_leak_verifier stage of suiverifier may occur

Severity: High

Ecosystem: Sui

Protocol: MystenLabs Sui

Auditor: OtterSec

Report: https://www.notion.so/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description: Capabilities can be added during upgrades, potentially bypassing the id_leak_verifier stage of suiverifier, allowing unauthorized modifications to the protocol.

Pending Order Fee Tokens not Tied to Valid Tokens

Severity: High

Ecosystem: Sui

Protocol: ABEx Labs

Auditor: MoveBit

Report: https://movebit.xyz/reports/Abex-Smart-Contract-Audit-Report.pdf

Report Date: Aug 2023

Description: The fee token can be a fake coin minted by the attacker. When a pending order executor comes to execute the pending order, they receive the fake fee instead of the real token, causing losses to the executor.

May Be Wrong Parameters In flash function

Severity: High

Ecosystem: Sui

Protocol: FlowX Finance

Auditor: MoveBit

Report: https://movebit.xyz/reports/FlowX-Final-Audit-Report.pdf

Report Date: May 2024

Description: Multiple issues exist in the flash function: (1) if borrowed money exceeds existing pool funds, it automatically borrows the available amount instead of the requested amount; (2) the handling fee is calculated from user input rather than actual borrowed amount; (3) the FlashReceipt uses input parameters rather than actual output values, potentially causing repayment to fail with large losses.

Lack of Validation for the Generic Parameter CoinType

Severity: High

Ecosystem: Sui

Protocol: Navi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Navi-Smart-Contract-Audit-Report.pdf

Report Date: Jul 2023

Description: All functions in lending.move lack CoinType validation. Incorrect CoinType parameters cause incorrect asset calculations in Storage, potentially preventing the entire contract from functioning properly.

Lack of Validation for Campaign and Whitelist ID in invest function

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: The invest function lacks checks for campaign or whitelist ID, allowing users from one whitelist to participate in another campaign, bypassing access controls.

Lack of Validation for Funding Status in fund function

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: The fund function lacks a "fund already full" check, allowing multiple funding transactions. However, upon distribution, only a fixed amount can be distributed.

Lack of Parameter Check

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description: In the withdraw function, penalty calculation may exceed lock.amount, preventing users from withdrawing their stake coins.

Lack of Market Version Check

Severity: High

Ecosystem: Sui

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description: The set_reserveconfig_obj function doesn't check for market version, which may result in incorrect market information being set or used.

Missing Market Checks

Severity: High

Ecosystem: Sui

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description: The liquidate function may cause the market to not match the current profile due to missing validation checks.

PackMessage is not bound to token type

Severity: High

Ecosystem: Sui

Protocol: MiniMiners

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mini-Miners-Contract-Audit.pdf

Report Date: Apr 2023

Description: PackMessage only checks the number and not the token type, allowing users to exchange different coin types provided that the game ID has corresponding coin types available, enabling token swaps without proper validation.

Severity: High

Ecosystem: Aptos

Protocol: Baptswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf

Report Date: Dec 2023

Description:

Unexpected Coin Value (Property 2 Not Hold)

Severity: High

Ecosystem: Aptos

Protocol: Liquidswap

Auditor: MoveBit

Report: https://movebit.xyz/reports/Pontem-Liquidity-Swap-Formal-Verification-Audit-Report.pdf

Report Date: Apr 2024

Description:

The property 2 requires: The coin_x and coin_y of a pool should both be zero (at its initial state) or both be nonzero. The coin_x and coin_y after any operation should not be zero for a non-empty pool. swap_inner, mint, burn, flashloan, pay_flashloan function have violated this property.

Severity: Medium

Ecosystem: Aptos

Protocol: MSafe

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2022

Description:

The TransactionPayload struct contains the payload and its type. Aptos supports payloads of type: • WriteSet • Scripts • ModuleBundle • EntryFunction

The payload in theTransactionPayloadstruct can be any transaction type, not justEntryFunction. This assumption should be validated. For example, many internal functions such as register payload validation assume the layout of the TransactionPayload is a EntryFunction.

Missing Chain ID Validation

Severity: Medium

Ecosystem: Aptos

Protocol: MSafe

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2022

Description:

Transactions can be replayed from one chain to another if this field isn’t properly validated. In the context of a multisig, the transaction can be added but will fail at execution. Nonetheless, this represents a potential UX risk and is worth remediating. Validate chain_id in the validate_txn_payload function.

Lack Of Check For Forbidden IDs

Severity: Medium

Ecosystem: Sui

Protocol: Maven

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2023

Description:

Update admin policy could be set to forbidden ID, ensure check beforehand.

Users may set a TTL value that does not follow the maximum TTL limit

Severity: Medium

Ecosystem: Sui

Protocol: Mysten Labs Sui

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: May 2023

Description:

Users may assign invalid TTL values to their domain names, enforce limit.

Looping Issues - Overview

Unbounded loops or iteration over dynamic arrays leading to high gas costs or DoS.

Looping Issues	Findings
Critical	1
High	2
Medium	3
Total	6

Critical Findings

Unbounded Execution - DOS

Severity: Critical

Presence Of Infinite Loop

Severity: Medium

Ecosystem: Sui

Protocol: Drife Technologies

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Dec 2023

Description:

If ride is less than three stops, continues to next iteration, but it does not increase causing infinite loop.

Multiple indexes can map to the same reserve

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE

Auditor: Certora

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Certora%20Aave%20Aptos%20Core%20V3.0.2%20Report.pdf

Report Date: Apr 2025

Description:

The function init_reserve() does not break when finding a valid index to use.

When adding a new reserve, the function first looks for an unused index in the current range (and increases the range of indexes if none were found). If an unused index was found, we map this index to the new reserve. However, we do not break from the loop, but continue looking for more unused indexes. If we find multiple such indexes, we will have multiple indexes mapping to the same reserve. (For multiple indices to be unused within the current range, drop_reserve() will have to be called twice between uses of init_reserve().)

This will then lead to counting the reserve multiple times when calling calculate_user_account_data(), which can lead to counting the same coin as collateral twice and taking debt against it, resulting in a loan worth more than its collateral.

For this to work, drop_reserve() will have to be called twice between uses of init_reserve().

Inefficient Assignment Within Loop in the process_cluster Function

Severity: Medium

Ecosystem: Aptos

Protocol: Supra

Auditor: MoveBit

Report: https://movebit.xyz/reports/Supra-Smart-Contract-Audit-Report.pdf

Report Date: Sep 2023

Description:

It was identified that the assignment operation located at line 316 within the process_cluster function is unnecessarily repeated in every iteration of the loop. This will result in less efficient execution and increased gas consumption. It is recommended to move this assignment code to a position immediately before the loop, ensuring that the assignment is performed only once.

Missing Functions - Overview

Essential management or recovery functions omitted, leaving the system unmaintainable or funds stuck.

Missing Functions	Findings
Critical	1
High	3
Medium	13
Total	17

Critical Findings

Locked Fees in Vault Due to Lack of Withdraw Function

Severity: Critical

Severity: Medium

Ecosystem: Initia

Protocol: Echelon Market

Auditor: Quantstamp

Report: https://certificate.quantstamp.com/full/echelon-market/9ee15c30-6a0f-4a70-b5ce-63b8a887bd4e/index.html

Report Date: Mar 2025

Description:

The following functions used to accrue interest before changing protocol parameters. This ensure that up to the point of the changes all interest would be accumulated as per the previous configuration.

set_interest_fee_bps().
set_pair_jump_interest_rate_model().

Removing the accrual functions would lead to distorted interests as pending interest accrual would assume the new values, which could lead to sudden unexpectedly high or low interest changes.

Missing Pause Control Functions in ALMM Pair Module Leads to Non-Functional Emergency Controls

Severity: Medium

Ecosystem: Sui

Protocol: MagmaDEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

The magma_almm::almm_pair module has a broken pause mechanism. The AlmmPair struct includes a pause field that's initialized to false during pair creation, and critical functions like collect_fees, stake_in_magma_distribution, and collect_reward, etc. check this state with assert!(!self.pause, ErrPaused). However, there are no functions to actually pause or unpause the pair.

Missing update_position_fees in burn function

Severity: Medium

Ecosystem: Sui

Protocol: MagmaDEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

When changing the position liquidity either by adding/removing tokens, we always call update_position_fees. this is to make sure the . Position took the fees it deserves for that period. before changing his tokens. The function update_position_fees is called for all functions that changes the liquidity of position, this includes burn_position, raise_position_by_amounts_internal, shrink_position. But for burn, which is used to make a partial burning of the position, this function is missing.

Tokens cannot be withdrawn from admin_controlled_ecosystem_reserve.move

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.0.2 Periphery

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Periphery%20V3.0.2%20Report.pdf

Report Date: June 2025

Description:

Fungible_assets is never written, so the function transfer_out() does nothing.

Incentives cannot be configured

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.0.2 Periphery

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Periphery%20V3.0.2%20Report.pdf

Report Date: June 2025

Description:

rewards_controller.move does not contain functions to create RewardsConfigInput, therefore emissions_manager::configure_assets() can’t be executed.

pausable and current_pause_start Parameters cannot be Modified

Severity: Medium

Ecosystem: Aptos

Protocol: StreamFlow

Auditor: MoveBit

Report: https://movebit.xyz/reports/StreamFlow2-Final-Audit-Report.pdf

Report Date: Mar 2024

Description:

In the create function we can initialize the pausable and current_pause_start parameters, but there is no specific implementation of the pause method in the contract.

Missing Version Check - Overview

Lack of validation for contract or dependency versions causing incompatibility or security regressions.

Missing Version Check	Findings
High	2
Total	2

High Findings

Initialize Missing Version Checks

Severity: High

Ecosystem: Sui

Protocol: FlowX Finance

Auditor: MoveBit

Report: https://movebit.xyz/reports/FlowX-Final-Audit-Report.pdf

Report Date: May 2024

Description:

The old initialize function remains callable, allowing users to reinitialize the pool and potentially cause inconsistent or unintended system states.

Security Vulnerability in add_operator Function of config.move due to Missing Contract Version Check

Severity: High

Ecosystem: Sui

Protocol: Cetus Farming Smart Contracts

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf

Report Date: Jan 2024

Description:

The add_operator function lacks a version check, allowing older contract versions to be called. This can reintroduce vulnerabilities or inconsistent logic from outdated deployments.

Oracle Issues - Overview

Manipulation or inaccuracy of external data sources impacting on-chain decisions.

Oracle Issues	Findings
Real World Exploit	1
Critical	3
High	4
Medium	11
Total	19

Real World Exploit

Price manipulation

Severity: Real World Exploit

Oracle Lacks Update Cycle Verification

Severity: High

Ecosystem: Sui

Protocol: Navi

Auditor: MoveBit

Report: Navi Smart Contract Audit Report (MoveBit)

Report Date: July 2023

Description:

The oracle mechanism lacks verification of the update cycle. Specifically, there is no maximum interval period enforced when obtaining prices, allowing outdated price data to persist in the system. This can result in stale price feeds and inaccurate valuations.

Recommendation:

Implement a maximum time interval check for oracle updates and require regular price refreshes to ensure price data remains current.

Oracle Confidence Checks

Severity: High

Ecosystem: OL Network

Protocol: StakeSphere

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/StakeSphere-stealth-/blob/Wallet/Audit.md

Report Date: Feb 2025

Description:

High oracle confidence values suggest that there is disagreement among providers about the actual price. For instance, Pyth measures confidence as the difference between the 25th and 75th quartiles and the median price.

Recommendation:

Check the confidence of oracles.

Potential risk of manipulation of hyperion llp positions

Severity: High

Ecosystem: Aptos

Protocol: Yeap Finance

Auditor: SlowMist

Report: https://github.com/slowmist/Knowledge-Base/blob/master/open-report-V2/smart-contract/aptos-smart-contract/yeap-finance%20-%20SlowMist%20Audit%20Report.pdf

Report Date: July 2025

Description:

In the health_check module, get_amount_by_liquidity must use the pool’s real-time price; otherwise, attackers can manipulate token amounts by performing large swaps within the same transaction.

Domain pricing relies on pool price, which can be manipulated

Severity: High

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE V3

Auditor: Cantina Contest SRs

Report: https://cantina.xyz/code/ad445d42-9d39-4bcf-becb-0c6c8689b767/findings/237

Report Date: June 2025

Description:

In AAVE's oracle module, we will try to fetch underlying asset's price from Oracle feed if there is not one custom price.

We will fetch the price via the interface chainlink::get_benchmark_value(benchmark) from the benchmark. According to Chainlink Aptos Doc, when we fetch the price from benchmark, we can fetch the price and the related timestamp from the benchmark.

The problem here is that we miss fetching the timestamp from the benchmark, and we don't check whether the price from Chainlink is staleness or not. If there is something wrong in Chainlink, the price don't update for a while, we may fetch stale price, this will cause we borrow/liquidate with one incorrect underlying price.

Missing oracle stale price check

Severity: Medium

Ecosystem: Aptos

Protocol: Thala Labs Aptos Dollar

Auditor: Zellic

Report: https://github.com/Zellic/publications/blob/master/Thala%20Labs%20Move%20Dollar%20-%20Zellic%20Audit%20Report.pdf

Report Date: Feb 2023

Description:

The oracle lacks timestamps and stale-price checks. The project has switched to a tiered oracle framework, which requires a separate review.

Missing Check for Negative in get_switchboard_price() Function

Severity: Medium

Ecosystem: Aptos

Protocol: Merkle Trade Smart Contract

Auditor: MoveBit

Report: https://movebit.xyz/reports/Merkle-Trade-Smart-Contract-Audit-Report.pdf

Report Date: July 2023

Description:

The function get_switchboard_price() is used to retrieve the price and round confirmed timestamp from Switchboard. it is advised to include a check to ensure the negative is not true. If the negative value is true, it implies that there might be some problem with the price received from Oracle, potentially because the price is expired or has some error leading to potential issues.

Oracle max_deviation cannot be updated

Severity: Medium

Ecosystem: Aptos

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Market-Contracts-Audit-Report.pdf

Report Date: Feb 2023

Description:

Oracle max_deviation cannot be updated in set_pyth_oracle and set_switchboard_oracle, the only way to change it is to unset the oracle and set it again.

Oracle Confidence Checks

Severity: Medium

Ecosystem: Aptos

Protocol: Argo

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Oct 2022

Description:

High oracle confidence values indicate that providers disagree on the actual price. Pyth, for example, represents confidence as the difference between the 25/75th quartile and the median price. In this case, it’s safer to ignore the value than to use a potentially inaccurate value.

Risk of Borrowing Undervalued Collateral

Severity: Medium

Ecosystem: Aptos

Protocol: Echelon Staked LPT

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Apr 2025

Description:

In the current implementation, the staked LPT oracle may undervalue liquidity provider tokens. While this does not impact their utilization as collateral—effectively acting as a reduced collateral factor—it is critical to prevent borrowing of these undervalued assets. An undervalued oracle price only limits borrowing power, which is acceptable as long as borrowing is not permitted against such assets.

Runtime/Development Issues - Overview

Debug-only, test, or misconfigured deployment code reaching production.

Runtime/Development Issues	Findings
Medium	10
Total	10

State Management - Overview

Improper updates, resets, or dependency on stale state causing protocol corruption or loss of sync.

State Management	Findings
Critical	7
High	13
Medium	17
Total	37

Report Date: Feb 2025

Description:

When a user unlocks their veTHL via vetoken::unlock , the system resets the unlockable_epoch to zero. Additionally, if a user registers an account without locking veTHL , unlockable_epoch is also set to zero.

Appendix: Move Protocols & Audit Reports

OtterSec Reports

Cetus DLMM - Nov 2025
Kuna Labs – Jun 2025
Aptos ULN 301 – May 2025
Kofi Finance Contacts – May 2025
Thala Chainlink Oracle – May 2025
Mysten Republic Security Token – Apr 2025
Mysten Deepbook V3 – Apr 2025
Echleon – Apr 2025
Echleon Staked LPT – Apr 2025
Mayan Sui – Feb 2025
Solend Steam – Feb 2025
Lombard Sui – Feb 2025
Walrus Contracts – Feb 2025
Thala LSD – Feb 2025
Thala Deps – Feb 2025
Emojicoin – Feb 2025
Thala Swap + Math V2 – Jan 2025
Aftermath Market Making – Jan 2025
TruFin – May 2024
Amnis Finance – May 2024
Aries Markets – May 2024
Sui Axelar Gateway V2 – May 2024
Cetus – May 2024
Turbos – May 2024
First Digital – Jun 2024
Mysten Deepbook – Aug 2024
Fungible StakedSui – Aug 2024
ThalaSwapV2 – Aug 2024
Merkle Token – Jul 2024
Merso Lending – Jul 2024
Hop Aggregator – Oct 2024
Solend Liquid Staking – Oct 2024
Aptos Securitize – Oct 2024
BlueFin Spot – Nov 2024
Lombard Finance – Dec 2024
Wormhole Sui Integration – Dec 2024
Drife Technologies – Dec 2023
Haedel LSD – Nov 2023
Volo – Oct 2023
Aftermath LSD – Oct 2023
Tsunami GMX – Sep 2023
Pontem clmm – Aug 2023
Scallop – Jul 2023
Navi – Jun 2023
Bucket – Jun 2023
Tortugal – Jun 2023
Aries Market (Sui) – Jun 2023
Thala – May 2023
Aftermath – May 2023
Wormhole Sui – May 2023
Mysten Labs Sui (Rust and Move) – May 2023
BlueJay – May 2023
Ghost Ivy – May 2023
Lucky Kat – May 2023
Suia – May 2023
Steamflow – Mar 2023
Typus Finance – Apr 2023
MovEX – Apr 2023
KriyaDEX – Apr 2023
MSafe Maven – Apr 2023
SuiPad – Apr 2023
Mini Miners – Apr 2023
Mokshya/Wapal Aptos NFT Mint Smart – Mar 2023
PatronusFi – Mar 2023
Aries Market (Aptos) – Feb 2023
Mole – Feb 2023
AptoPad – Feb 2023
Thala Labs – Feb 2023
Wormhole NFT Aptos – Feb 2023
Eternal Finance – Jan 2023
Cetus – Jan 2023
Pontem Harvest – Jan 2023
PancakeSwap OFT – Dec 2022
PancakeSwap IFO – Dec 2022
Econia – Dec 2022
Meeiro – Dec 2022
Aries Markets – Nov 2022
Swithboard Aptos – Nov 2022
Pancake Swap – Nov 2022
Laminar Markets – Oct 2022
Argo – Oct 2022
Tortuga – Oct 2022
Ditto – Oct 2022
Pyth – Oct 2022
Wormhole Aptos – Oct 2022
MSafe – Oct 2022
LayerZero Aptos – Sep 2022
Pontem (Liquidswap) – Sep 2022

MoveBit Reports

FlowX Finance – May 08, 2024
Liquidswap – Apr 20, 2024
Pontem – Apr 20, 2024
MoveGPT – Apr 11, 2024
StreamFlow – Mar 26, 2024
Superposition – Mar 26, 2024
Amnis – Mar 14, 2024
Cellana Smart Contract – Feb 20, 2024
Dola Protocol – Feb 07, 2024
Random-Vault – Feb 02, 2024
Cetus Farming Smart Contracts – Jan 19, 2024
vibrantX – Jan 08, 2024
Baptswap – Dec 18, 2023
Haedel – Dec 04, 2023
Kuna Labs Yield Optimizer Smart Contract – Nov 15, 2023
Aftermath Finance Liquid Staking Derivative – Nov 21, 2023
Supra – Sep 10, 2023
Volo – Sep 07, 2023
Kanalabs aggregator Smart Contract – Sep 07, 2023
Scallop – Jun 2023
Bucket Protocol – Jun 2023
Legend of Arcadia – Jun 2023
Aries Market (Sui) – Jun 2023
Navi – Jul 2023
Talofa Corporation – May 2023
Turbos Finance-TurboStar – May 2023
Lucky Kat – May 2023
Suia – May 2023
Typus Finance – Apr 2023
MovEX – Apr 2023
KriyaDEX – Apr 2023
MSafe Maven – Apr 2023
SuiPad – Apr 2023
Mini Miners – Apr 2023
Merkle Trade Smart Contract – Jul 21, 2023
Mokshya/Wapal Aptos NFT Mint Smart – Mar 2023
PatronusFi – Mar 2023
Cetus Concentrated Liquidity Protocol (Sui) – Mar 2023
Aries Market (Aptos) – Feb 2023
Mole – Feb 2023
AptoPad – Feb 2023
Cetus Concentrated Liquidity Protocol (Aptos) – Jan 2023
Transit Finance – Nov 2022
Sui AMM swap – Nov 2022
MoveDID – Nov 2022

Zellic Reports

Matrixdock – Jul 28, 2025
Garden Move Deploy – Jun 4, 2025
Cetus – Apr 11, 2025
Magma Finance – Jan 31, 2025
Echelon – Jan 16, 2025
Econia – Jan 5, 2023
Wormhole Aptos – Nov 29, 2022
PancakeSwap Aptos – Nov 17, 2022
LiquidSwap – Nov 3, 2022
OFT – Nov 1, 2022
Laminar Markets – Oct 26, 2022
Tortuga Liquid Staking – Oct 21, 2022
Aptos Dollar – Oct 7, 2022
Momentum Safe – Sep 23, 2022

MoveJay Audit Reports

Aave Core
Aave Core v2
Aave Periphery
Navi
Kofi Finance
Poel
Studio Mirai
OL Network
Dexlyn Bridge
Project Z
StakeSphere
AquaSwap
Thala

Hacken / HackenProof

Hacken S3Money – Jan 2025
Hacken Volo – Sep 2023
Hacken Zesh AI – Dec 2024
HackenProof DexLyn Smart Contract Audit Contest – Sep 2025

Pashov

Elixir – Aug 2025

ExVul

Hyperion – Apr 2025
TokinmonsterAI – May 2025
Mango – Jul 2025

Protocol-specific Reports

AAVE v3.0.2 Core Certora – Apr 2025
AAVE v3.1-3.3 Core Certora – Apr 2025
AAVE v3.1-3.3 Core OtterSec – Aug 2025
AAVE v3.0.2 Core Spearbit – Jun 2025
AAVE v3.1-3.3 Core Spearbit – Jun 2025
AAVE v3.0.2 Periphery Spearbit – Jun 2025

Contests

AAVE v3 Cantina Contest – May–Jun 2025
Initia Cabal Liquid Staking Code4Arena Contest – May 2025
Initia Move Code4Arena Contest – Apr 2025

Zenith

KoFi Finance - Mar 2025

Quantstamp

Echelon Market – Mar 2025
BucketV2 – Aug 2025

SlowMist

Yeap Finance – Jul 2025

Three Sigma

Magma DEX – Jul 2025

Access the reports using the links below:

Audit Firm/Auditor	Report Links
OtterSec	Sampled Public Audit Reports (OtterSec Notion)
MoveBit	MoveBit — Sampled Audit Reports
MoveJay	MoveJay (Jayfromthe13th)
Zellic	Zellic Reports
Spearbit	Spearbit Reports
Cantina	Cantina Reports
Code4Arena	Code4Arena Reports
Certora	Certora Security Reports
Hacken	Hacken Audits
Pashov Audit Group	Pashov Audit Group — Audits
ExVul Security	ExVul Audits
Quantstamp	Quantstamp Reports
SlowMist	SlowMist Reports
Three Sigma	Three Sigma Reports