Critical Findings

Faulty Constant Definition

Severity: Critical

Ecosystem: Sui

Protocol: Bluefin Spot

Auditor: OtterSec

Report: https://www.notion.so/a296e98838aa4fdb8f3b192663400772

Report Date: Nov 2024

Description:

The MAX_u64 constant is incorrectly defined as 0xFFFFFFFFFFFFFFF (15 characters) instead of 0xFFFFFFFFFFFFFFFF (16 characters). This omission causes errors in tick calculations by ignoring the most significant bit.

DefaultBidPercentage Misconfiguration

Severity: Critical

Ecosystem: Sui

Protocol: MoviePass Exchange

Auditor: Certora

Report: https://github.com/Certora/SecurityReports/blob/main/Reports/2025/03_02_2025_MoviePass_MSX-MR.pdf

Report Date: Feb 2025

Description:

The DefaultBidPercentage constant is incorrectly set to 10_000 instead of 1_000_000, causing the maximum bid rate to be misconfigured and potentially allowing unexpected bid behaviors.

Move Vulnerability Database

Critical Findings

Faulty Constant Definition

DefaultBidPercentage Misconfiguration