High Findings
Loss of Funds Due to Invalid Gas Recipient
Severity: High
Ecosystem: Sui
Protocol: Mayan Sui
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2025
Description: The addr_dest parameter is not a real address and cannot receive funds, leading to loss of funds.
Repeated Invocation Resulting in Excessive Claims
Severity: High
Ecosystem: Sui
Protocol: Mysten Republic Security Token
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Apr 2025
Description: Users can invoke the claim function multiple times for the same entitlement, allowing them to drain more tokens than intended from the protocol.
Flawed Version Validation Check
Severity: High
Ecosystem: Sui
Protocol: Hop Aggregator
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description: The version validation check incorrectly compares config.version against itself, making the validation ineffective and potentially allowing incompatible versions to be used.
Missing Invariant Checks
Severity: High
Ecosystem: Sui
Protocol: Aftermath
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description: The protocol does not verify that new_invariant is equal to or greater than old_invariant, which could lead to protocol state inconsistencies and potential value extraction.
Minting of Suifrens with Insufficient Mixing Limit
Severity: High
Ecosystem: Sui
Protocol: MystenLabs Sui
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description: Due to a typo during mixing, the function uses the wrong mixing limit, potentially allowing users to mint Suifrens beyond the intended constraints.
Incorrect Domain Name Field Retrieval
Severity: High
Ecosystem: Sui
Protocol: MystenLabs Sui
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description: The helper function for retrieving domain_names fields returns incorrect values under two circumstances: (1) when the domain is a normal domain, it returns an empty string for default_domain_name, and (2) when the domain is a subdomain of addr.reverse, it returns the default domain name without validation.
Cooldown Bypass
Severity: High
Ecosystem: Sui
Protocol: Elixir
Auditor: Pashov
Report: https://github.com/pashov/audits/blob/master/team/pdf/Elixir-security-review_2025-08-17.pdf
Report Date: Aug 2025
Description: An incorrect timestamp comparison allows users to bypass the cooldown period. The assertion assert!(current_time >= cooldown.cooldown_end || management.cooldown_duration == 0, EInvalidCooldown) uses the wrong comparison operator, allowing actions before the cooldown has expired.
Incorrect Function Logic in sub_total_staked_unsafe
Severity: High
Ecosystem: Sui
Protocol: Volo
Auditor: MoveBit
Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf
Report Date: Sep 2023
Description: When both branch judgments in the sub_total_staked_unsafe function fall to else cases, last_total_staked is subtracted twice. This affects the value of get_ratio calculation, causing the ratio to become larger and subsequently impacting reward calculations.
Incorrect Sort Function Implementation
Severity: High
Ecosystem: Sui
Protocol: Volo
Auditor: MoveBit
Report: https://movebit.xyz/reports/Volo-Smart-Contract-Audit-Report.pdf
Report Date: Sep 2023
Description: The sorting logic of the sort_validators function is flawed, resulting in validators not being sorted according to vldr_prior size as intended.
Logic Flaw in minted_buck_amount
Severity: High
Ecosystem: Sui
Protocol: Bucket
Auditor: MoveBit
Report Date: Jun 2023
Description: There is a critical logic flaw in the calculation of minted_buck_amount that could lead to incorrect token minting amounts.
Wrong Use of new_participants_by_weight
Severity: High
Ecosystem: Sui
Protocol: Legend of Arcadia
Auditor: MoveBit
Report Date: Jun 2023
Description: The participants_by_weight vec_map incorrectly obtains keys from new_participants_by_weight instead of from participants_by_weight, leading to incorrect participant weight calculations.
Authentication Logic Error
Severity: High
Ecosystem: Sui
Protocol: Typus Finance
Auditor: MoveBit
Report Date: Apr 2023
Description: The get_auction_max_size function lacks proper verification, and the remove_authorized_user logic is backwards—it checks if the user does not exist rather than if they exist, causing authentication failures.
Validating Errors When Adding to Whitelist
Severity: High
Ecosystem: Sui
Protocol: KriyaDEX
Auditor: MoveBit
Report Date: Apr 2023
Description: The assert statement is backwards when adding addresses to the whitelist in set_whitelist_address_config(), preventing new addresses from being added to the whitelist.
Receive Return Values in Incorrect Order
Severity: High
Ecosystem: Sui
Protocol: KriyaDEX
Auditor: MoveBit
Report Date: Apr 2023
Description: In the get_reserves function, return values are received in the wrong order, causing incorrect calculation of amounts during swapping and liquidity addition operations.
Inconsistent Token Ratios
Severity: High
Ecosystem: Sui
Protocol: MovEX
Auditor: MoveBit
Report Date: Apr 2023
Description: When adding liquidity, the number of liquidity tokens should be calculated based on the ratio of added tokens to the pool. Currently, excess money is sent to the pool instead of being returned to the user.
LSP Value Should Be Greater Than 0
Severity: High
Ecosystem: Sui
Protocol: MovEX
Auditor: MoveBit
Report Date: Apr 2023
Description: When adding liquidity, the number of liquidity tokens returned should be greater than 0, otherwise users cannot retrieve their tokens. A validation check needs to be added.
No Limit to Swap
Severity: High
Ecosystem: Sui
Protocol: MovEX
Auditor: MoveBit
Report Date: Apr 2023
Description: Due to blockchain delays, the price when a swap is submitted may differ from what the user receives. A minimum min_out parameter should be implemented with a condition that the output must be greater than or equal to min_out.
Incorrect Protocol Fee Handling
Severity: High
Ecosystem: Sui
Protocol: MovEX
Auditor: MoveBit
Report Date: Apr 2023
Description: If protocol fees are not withdrawn, they will be incorrectly withdrawn by users who add liquidity, leading to unfair fee distribution.
Random Design Flaws
Severity: High
Ecosystem: Sui
Protocol: Cetus Concentrated Liquidity Protocol
Auditor: MoveBit
Report Date: Mar 2023
Description: In random.move, when the seed parameter of functions seed and seed_rand is 0, all random numbers generated will be 0. This is used in skip_list, and if misused with a 0 seed, it will lead to an endless loop in the skip_list implementation.
Data Integrity and System Reliability Issue (Missing Data Check)
Severity: High
Ecosystem: Sui
Protocol: Studio Mirai
Auditor: MoveJay
Report: https://github.com/Jayfromthe13th/Studio-Miria-audit
Report Date: Feb 2025
Description: The protocol lacks validation to ensure that object IDs match during critical operations, potentially leading to data integrity issues and system reliability problems.
User can bypass MAX_EXPIRATION when extend expiration
Severity: High
Ecosystem: Initia
Protocol: Initia Move
Auditor: Code4Arena Contest Security Researchers
Report: https://code4rena.com/reports/2025-01-initia-move
Report Date: Apr 2025
Description:
In the extend_expiration function, the validation for the duration is incorrect, allowing the user to bypass MAX_EXPIRATION.
Extending a domain’s expiration even after the grace period impacts domain buyers
Severity: High
Ecosystem: Initia
Protocol: Initia Move
Auditor: Code4Arena Contest Security Researchers
Report: https://code4rena.com/reports/2025-01-initia-move
Report Date: Apr 2025
Description:
The name_service.move module allows users to register domain names. If anyone wants to register an already purchased domain, they can only do so once the expiration_date + grace_period for that domain has passed. The name_service.move module allows anyone to call extend_expiration for any domain, which is a feature (according to sponsors).
The main issue is that the extend_expiration() function allows users to extend the expiration of a domain even after the grace period has ended, which is unintended behavior.
As a result, users, multi-sig owners of the actual domain name, or attackers can frontrun and attempt to call extend_expiration() after the grace period has ended, even if other users are trying to buy the same domain name using register_domain().
This breaks a key invariant of the protocol, leading to genuine users being negatively impacted and experiencing a poor user experience.
Incorrect Slippage Check
Severity: High
Ecosystem: Aptos
Protocol: Hyperion Smart Contracts
Auditor: ExVul
Report Date: Apr 2025
Description:
Slippage protection logic has a backwards condition.
Liquidation logic allows the liquidator to liquidate more than it should
Severity: High
Ecosystem: Aptos
Protocol: AAVE v3.1-3.3
Auditor: Spearbit
Report Date: June 2025
Description:
The Move codebase has incorrectly implemented a feature and will recalculate the debt when the userReserveDebtInBaseCurrency is lower than the totalDefaultLiquidatableDebtInBaseCurrency.
actual_collateral_to_liquidate is burned instead of actual_debt_to_liquidate
Severity: High
Ecosystem: Aptos
Protocol: AAVE v3.1-3.3
Auditor: Certora
Report Date: Apr 2025
Description:
The liquidation_call() function contains an issue in the burn_debt_tokens() function call. It incorrectly passes actual_collateral_to_liquidate as the debt amount to burn, instead of actual_debt_to_liquidate.
This mismatch would lead to incorrect debt burning during liquidations, causing debt tokens to be either overly or insufficiently burned or a denial of service on the liquidation . The amount of debt being burned should correspond to the actual debt being liquidated, not the collateral amount.
Public access to register_collateral can lock out CoinTypes from APD
Severity: High
Ecosystem: Aptos
Protocol: Thala Labs Aptos Dollar
Auditor: Zellic
Report Date: Oct 2022
Description:
Is public function, needs to be public(friend).
Incorrect implementation of reverse iterator
Severity: High
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: Zellic
Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf
Report Date: Oct 2022
Description:
The wrong node is checked.
Duplicate call in coin register
Severity: High
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: Zellic
Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf
Report Date: Oct 2022
Description:
The register_staking_account calls coin::register twice.
Order checker functions use full order size rather than remaining order size
Severity: High
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: Zellic
Report: https://github.com/Zellic/publications/blob/master/Laminar%20-%20Zellic%20Audit%20Report.pdf
Report Date: Oct 2022
Description:
In book::can_bid_be_matched and book::can_ask_be_matched instead of adding remaining size of orders, it adds up full sizes of these orders. Change let bid_size = (order::get_size(bid) as u128); to let bid_size = (order::get_remaining_size(bid) as u128);
Incorrect Assertion in deposit_manager
Severity: High
Ecosystem: Aptos
Protocol: Echelon
Auditor: Zellic
Report Date: Jan 2025
Description:
There is an assertion that always fails. While the msg length is always greater than 65 bytes, taking the module of the length by 32 will always result in a value less than 32, making it impossible to equal 65.
There is No Slippage Protection During The Distribution of DEX Fees
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
During this exchange process, there is an absence of slippage protection.
Initializing fee_to As ZERO_ACCOUNT May Result In Transferring Fees to The Zero Address
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
In the init_module function, initializing fee_to as ZERO_ACCOUNT means that if the set_fee_to function is called to set a new address for fee reception, swap fees will be transferred to the zero address.
Token Extraction Mismatch in Fee Distribution Logic
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
The function swap_v2.distribute_dex_fees() is used to ensure proper distribution of DEX fees, regardless of the input token. In the case where type_info::type_of
refund_entry Function Can Be Called Multiple Times
Severity: High
Ecosystem: Aptos
Protocol: MoveGPT
Auditor: MoveBit
Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf
Report Date: Apr 2024
Description:
The refund_entry function did not update the user's status after the user was refunded resulting in the user being able to call refund_entry multiple times and reduce the value of total_bought at will. Also the withdraw_round function operator can be called multiple times.
Function Does't Return
Severity: High
Ecosystem: Aptos
Protocol: vibrantX
Auditor: MoveBit
Report: https://movebit.xyz/reports/vibrantX-Final-Audit-Report.pdf
Report Date: Jan 2024
Description:
When the token is not sorted before, the function will be recalled, and the execution of the previous function is not terminated, which will cause the code to be executed twice.
Config update error
Severity: High
Ecosystem: Aptos
Protocol: PatronusFi
Auditor: MoveBit
Report Date: Mar 2023
Description:
The update function should judge the new_cfg, if new_cfg exceeds limitations of assert, it would be set for the first time, and could not be set later.
Logical Error
Severity: High
Severity: High
Ecosystem: Aptos
Protocol: PatronusFi
Auditor: MoveBit
Report Date: Mar 2023
Description:
In vault.move, when borrow_cap.temporary is true, vault.paused will be verified as true then set to false, in the next if statement, vault.paused will already be paused and the contract will always panic.
Freeze Bridge with Invalid Sender
Severity: High
Ecosystem: Aptos
Protocol: LayerZero
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Sep 2022
Description:
Only the bridge UA is intended to send messages to the bridge contract. However, this behavior is not enforced at the relayer level. any UA can send messages to any other endpoint.
Amend Order Missing Refund
Severity: High
Ecosystem: Aptos
Protocol: Laminar Markets
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2022
Description:
In the book::amend_bid_order function, when a user tries to decrease the size of an order having the same price, the size of the order gets reduced silently without a refund. Users should be refunded when the size is reduced.
Deducting Vault Interest When Repaying Debt
Severity: High
Ecosystem: Aptos
Protocol: Thala Labs
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2023
Description:
In the protocol module, repay_internal is used to repay amounts borrowed from the vault. However, when repaying the borrowed amount, the interest should also be cleared in addition to the debt.Although the protocol uses fees::absorb_fee to calculate and absorb the repaid interest amount, this amount is not subtracted from the vault.interest. Consequently, a user is unable to clear the interest in their vault, even though it is absorbed from the repayment amount.
Improper Accumulator Updates In V2 Mode
Severity: High
Ecosystem: Aptos
Protocol: Thala
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description:
The stake and unstake functions update the stake amount of the user. These functions also calculate the amount of rewards accrued until that time and store it, and then update the accumulator on the user pool. In the recent changes introducing v2 mode for farming, when v2 mode is enabled, the thl rewards for a user are not accrued in stake and unstake; this results in improper rewards for users.
Deducting Vault Interest When Repaying Debt
Severity: High
Ecosystem: Aptos
Protocol: Thala
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description:
In the protocol module, repay_internalis used to repay amounts borrowedfrom the vault. In addition to the debt, clearing the interest should be done when repaying the borrowed amount. Although the protocol uses fees::absorb_fee to calculate and absorb the repaid interest amount, the protocol does not subtract this amount from vault.interest. Consequently, a user is unable to clear the interest in their vault, even though the protocol absorbs it from the repayment amount.
Removal Of Active Bin
Severity: High
Ecosystem: Aptos
Protocol: Pontem clmm
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Aug 2023
Description:
The vulnerability arises when a liquidity provider becomes the sole provider for a particular price range, i.e., the active bin. This situation may temporarily disrupt the swapping logic of the CLMM. In pool, swap_inner handles the swapping of assets between users, and when it attempts to access the data associated with the active bin utilizing its ID, it assumes that active_bin_id exists in the pool.bins table. However, if a liquidity provider is the only one providing liquidity for this particular active bin, it is possible that they decide to remove their liquidity from that bin. When a liquidity provider removes their liquidity from a bin, it triggers the burn logic, which removes the liquidity providers. This results in the bin being entirely removed from the pool.bins table, effectively erasing the active bin.
Bin Price Manipulation
Severity: High
Ecosystem: Aptos
Protocol: Pontem clmm
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Aug 2023
Description:
In this CLMM, there are multiple bins, each having its price range where users may add liquidity. This vulnerability allows a malicious user to manipulate the price of shares in a specific bin within the CLMM. This manipulation may be exploited to artificially inflate the price of shares in that bin to extremely high values, creating unfavorable conditions for other participants and potentially blocking or monopolizing that bin. The user may profit by burning the last share in the manipulated bin.
ThalaSwapV2
Severity: High
Ecosystem: Aptos
Protocol: ThalaSwapV2
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Aug 2024
Description:
The vulnerability concerns the lack of slippage checks within the entry functions in pool. Slippage parameters protect the protocol from accepting values that are drastically different from the current market conditions due to market volatility or large trades in the pool. This can result in inaccurate transactions within the pool, potentially affecting users unfairly.
Flaw in Full Transfer Checks
Severity: High
Ecosystem: Aptos
Protocol: Aptos Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
In compliance_service::pre_deposit_check_regulated , the get_force_full_transfer condition checks if full transfers are enforced when the transfer originates from the US. If this condition is true, the function immediately aborts the transfer with the error code EONLY_FULL_TRANSFER. If get_force_full_transfer is enabled and the transfer originates from the US, any transfer to the platform wallet is rejected, regardless of whether the transfer satisfies the required full transfer conditions. As a result, valid transactions may be blocked.
Incorrect Reward Initialization
Severity: High
Ecosystem: Aptos
Protocol: Aptos Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
The issue in the lending core farming module occurs when a user is accruing a specific reward for the first time. When a user first starts accruing a reward, their last_acc_rewards_per_share is set to pool_acc_reward_per_share . This is problematic, as users who had staked before the reward was introduced will not receive any rewards for the period between their staking and their first accrue_user_pool_reward call.
Missing Solvency Check
Severity: High
Ecosystem: Aptos
Protocol: Echleon
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Apr 2025
Description:
isolated_lending::withdraw_internal lacks a check for bad debt, allowing users to withdraw supplied assets even if their position is underwater. This creates a vulnerability where users may extract value even though they are insolvent. If the borrowed value exceeds collateral, supply shares should not be withdrawable, as they may be needed to cover the shortfall.
kAPT Double Minting
Severity: High
Ecosystem: Aptos
Protocol: Kofi Finance Contacts
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2025
Description:
rewards_manager::update_rewards calculation does not account for minting fees. When stake is added to a delegation pool, an add_stake fee is deducted if the validator being delegated to is producing rewards for that epoch. This fee is temporarily subtracted from the delegator’s active stake and is refunded in the next epoch. The protocol tracks this fee separately and allows the admin to collect it asynchronously. Despite this, the staked APTs are still marked as rewards by the update_rewards function, causing it to mint kAPT on their behalf. Later, when the admin collects these fees, kAPT is re-minted for the same amount, resulting in double-minting and an immediate depegging of kAPT .
Absence of Verification for Reward Start Timestamp
Severity: High
Ecosystem: Sui
Protocol: Cetus DLMM
Auditor: OtterSec
Report: https://drive.google.com/drive/u/0/folders/1d9nv3nJidsbQ0vDT8D1kEuR3rJzK2ULg
Report Date: Nov 2025
Description:
In Cetus DLMM, rewards are expected to start on or after the REWARD_PERIOD_START_AT timestamp, which anchors all reward periods. Currently, pool::add_reward does not enforce this, allowing a reward to be scheduled with a start time before this timestamp. When such a reward exists, reward_settle, which is called on every pool operation, will encounter invalid time intervals, breaking settlement calculations as reward_settle logic expects rewards to start on or after REWARD_PERIOD_START_AT. This results in a denial-of-service affecting multiple operations.