High Findings
Risk of Arithmetic Overflow
Severity: High
Ecosystem: Sui
Protocol: Aftermath Orderbook
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2024
Description: In ticks_per_lot_to_quote_per_base, a multiplication operation between ticks_per_lot and tick_size can overflow if the result exceeds the maximum representable value of a u64, resulting in an integer overflow vulnerability.
Fund Loss Due to Unchecked Conversion
Severity: High
Ecosystem: Sui
Protocol: Aftermath
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Jan 2025
Description: An incorrect calculation turns negative values into positive values, causing unexpected profit and fund loss. The conversion is not properly validated, leading to unintended financial outcomes.
Incorrect Price Calculation
Severity: High
Ecosystem: Sui
Protocol: Aftermath
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Apr 2023
Description: In math.move, the functions calc_oracle_price and calc_spot_price are intended to calculate the price of BASE coin in terms of QUOTE coin. However, calc_spot_price_fixed incorrectly computes the price of out-coin in terms of in-coin, inverting the intended calculation.
Inconsistent Assert Statement
Severity: High
Ecosystem: Sui
Protocol: Bluefin
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2024
Description: The request_profit_withdraw_from_vault function fails to account for vault.pending_profit_amount in its withdrawal validation, allowing the holding account to inflate pending profits and bypass balance checks. As a result, withdrawals can exceed the actual available profit, leading to potential fund misallocation or loss.
Round Up Shares
Severity: High
Ecosystem: Sui
Protocol: Volo
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2023
Description: By staking the minimum number of Sui repeatedly, due to rounding errors, users can receive more Cert tokens when unstaking than intended, effectively exploiting the protocol.
Precision Loss Results in Rewards being Left in the Contract and Unable to be Withdrawn
Severity: High
Ecosystem: Sui
Protocol: Cetus Farming
Auditor: MoveBit
Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf
Report Date: Jan 2024
Description: The accumulate_pool_reward() function experiences two instances of precision loss: once when calculating rewards for each pool based on proportion, and again when calculating acc_per_share using pool_acc_reward/total_pool_share. This results in residual rewards that cannot be withdrawn after all users claim their rewards.
pending_reward Is Not Compatible
Severity: High
Ecosystem: Sui
Protocol: Cetus Farming
Auditor: MoveBit
Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf
Report Date: Jan 2024
Description: In both add_liquidity_fix_coin and remove_liquidity functions, without the addition of pos_info.reward, the pending_reward calculation would be incorrect, causing major problems in reward distribution.
Erroneous Calculation Leads To Unfair Liquidation
Severity: High
Ecosystem: Sui
Protocol: Navi
Auditor: OtterSec
Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772
Report Date: Jun 2023
Description: In logic.move, the calculate_max_liquidation function has calculation inaccuracies when retrieving max_liquidable_collateral and max_liquidable_debt. These calculation errors create exploitable opportunities for attackers to profit from improper liquidation scenarios.
Accuracy Loss
Severity: High
Ecosystem: Sui
Protocol: SuiPad
Auditor: MoveBit
Report Date: Apr 2023
Description: In the claim_rewards function, amount_to_claim is incorrectly calculated, potentially resulting in 0 or unclaimable funds. The calculation should multiply before dividing to reduce accuracy loss.
Incorrect Calculation in amount_to_claim in claim function
Severity: High
Ecosystem: Sui
Protocol: SuiPad
Auditor: MoveBit
Report Date: Apr 2023
Description: A calculation error in the condition for amount_to_claim in the claim function causes incorrect reward amounts to be claimed.
Overflow Risk in i64::sub
Severity: High
Ecosystem: Sui
Protocol: Typus Finance
Auditor: MoveBit
Report Date: Apr 2023
Description: The i64::sub operation has an overflow risk, potentially causing unexpected behavior or contract failure.
Improper Reward Calculations in reward_distributor.move
Severity: High
Ecosystem: Unknown
Protocol: Project Zenith
Auditor: MoveJay
Report: https://github.com/Jayfromthe13th/Project-Z-Security-Audit-Report/blob/Wallet/audit.md
Report Date: Mar 2024
Description: The accumulated_gain function inaccurately calculates token earnings, neglecting contributions to subsequent scales, leading to incorrect reward distributions.
Incorrect next scaled variable debt update in liquidations leads to wrong interest rates
Severity: High
Ecosystem: Aptos
Protocol: AAVE v3.1-3.3 Core
Auditor: Spearbit
Report Date: June 2025
Description:
When liquidating and liquidation_logic::burn_debt_tokens is called, the debt_reserve_cache's scaled_variable_debt (debt token total supply) needs to be updated after the burn by setting it to the next_scaled_variable_debt variable.
However, the code currently sets the next borrow index (not scaled total supply) to the next_scaled_variable_debt value, which are different units, borrow index is in RAY (1e27), while next_scaled_variable_debt is in token units (usually 6-8 token decimals).
Dust amounts of high-value tokens can be stolen for profit due to rounding
Severity: High
Ecosystem: Aptos
Protocol: AAVE v3.0.2 Core
Auditor: Spearbit
Report Date: June 2025
Description:
The mint and burn actions for the aToken and vToken use the same rounding direction to convert between (rebased) amounts and the scaled amounts, rounding "half-up":
let amount_scaled = wad_ray_math::ray_div(amount, index);
This can be abused to extract tokens from the protocol.
Users may lose all rewards because of the precision loss
Severity: High
Ecosystem: Aptos
Protocol: AAVE V3
Auditor: Cantina Contest SRs
Report: https://cantina.xyz/code/ad445d42-9d39-4bcf-becb-0c6c8689b767/findings/19
Report Date: May 2025
Description:
In function calculate_asset_index_internal, we will calculate the reward rate per scale amount for the latest time slot.
The formula we use is emission_per_second * time_delta * asset_unit / total_supply. Here the asset unit depends on the underlying asset's decimal. For example, if the underlying asset is USDC, then the asset_unit is 1e6. Here the asset_unit is used as the precision decimal.
The problem here is that the precision decimal is not enough, and the formula's result may be round down to 0. If the reward rate per scale amount is 0, then all users will lose their rewards.
Precision factor is not precise enough
Severity: High
Ecosystem: Aptos
Protocol: PancakeSwap
Auditor: Zellic
Report Date: Nov 2022
Description:
The precision_factor used to avoid division precision errors is not large enough to mitigate truncation to zero errors.
Potential overflow in the add_reward function
Severity: High
Ecosystem: Aptos
Protocol: PancakeSwap
Auditor: Zellic
Report Date: Nov 2022
Description:
In the add_rewards function there is an assert that may cause an overflow by multiplying two u64 values.
Updating Magnified Dividends Per Share during Unstaking is Incorrect
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
Wwhen users unstake, the protocol also updates the magnified dividends per share. The calculation involves adding ((amount as u128) * pool_info.precision_factor / (pool_info.staked_tokens as u128)) to the original per share x or per share y values.
This is incorrect, as it causes the pool_info.magnified_dividends_per_share_x or pool_info.magnified_dividends_per_share_y values to increase without actual rewards being distributed to the rewards pool.
When Calculating Fees for Token Info Y Only, There is An Incorrect Passing of rewards_coins
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
rewards_coins is extracted from metadata.balance_y, but when calling the update_pool() function, it passes these rewards coins to reward_x,causing confusion in calculation logic.
Unstrict Swap Invariant
Severity: High
Ecosystem: Aptos
Protocol: Pontem (Liquidswap)
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Sep 2022
Description:
When dealing with an uncorrelated curve, the program introduced an error by reporting an incorrect swap if the lp_value after the swap is strictly smaller than the lp_value before the swap. The swap should be valid only when the value after is greater than the value before. Otherwise, swapping would be able to exploit potential rounding errors, depending on the precision of the relevant curves.
Improper Calculation in Liquidation
Severity: High
Ecosystem: Aptos
Protocol: Aries Markets
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Nov 2022
Description:
In the else case of the liquidation function, the settle_share_amount should be calculated from the repay_amount using the get_share_amount_from_borrow_amount function. Instead, the repay amount is directly returned as the settle share amount.
Improper Reward Calculations
Severity: High
Ecosystem: Aptos
Protocol: Thala Labs
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Feb 2023
Description:
In the protocol module, accumulated_gain calculates the earnings of a token based solely on the scale of the snapshot. However, it is possible for a user’s amount to have participated in the distribution of the next scale as well. As a result, the failure to account for this may lead to incorrect calculations of token earnings.
Improper Reward Calculations
Severity: High
Ecosystem: Aptos
Protocol: Thala
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: May 2023
Description:
In the protocol module, accumulated_gain calculates the earnings of a token solely based on the scale of the snapshot. However, a user’s amount may have participated in the distribution of the subsequent scale as well. As a result, the failure to account for this may lead to incorrect calculations of token earnings.
Utilization Of Unsuitable Rounding Direction
Severity: High
Ecosystem: Aptos
Protocol: Meso Lending
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: July 2024
Description:
When calculate_shares performs a floor rounding (rounding down) in share calculations in borrow_internal and withdraw , the user may end up with fewer debt shares than they are entitled to, resulting in them owing more assets than the value represented by their shares. As a result, users will effectively earn funds for free because they are receiving fewer debt shares for their borrowings. The pool’s total debt increases without the user receiving proportional debt shares.
Abort Due to Underflow in Difference Calculation
Severity: High
Ecosystem: Aptos
Protocol: Aptos Securitize
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Oct 2024
Description:
In get_compliance_transferable_tokens_deposit and get_compliance_transferable_tokens within compliance_service , difference is calculated as time - lock_time without first checking if time is greater than or equal to lock_time . If lock_time exceeds time , the subtraction operation ( time - lock_time ) will result in an underflow, causing the program to abort.