High Findings

Incorrect DAY_SECONDS Constant Breaks LP Token Withdrawal Security Model

Severity: High

Ecosystem: Supra

Protocol: Dexlyn Perp DEX

Auditor: Hacken

Report: https://hacken.io/audits/dexlyn/sca-dexlyn-perp-dex-jul2025/

Report Date: Sep 2025

Description:

The DAY_SECONDS constant in house_lp.move is incorrectly set to 600 seconds (10 minutes) instead of 86400 seconds (24 hours), fundamentally breaking the intended 5-day LP token withdrawal security model.

Incorrect Variable Assignment

Severity: High

Ecosystem: Sui

Protocol: SuiPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/SuiPad-Smart-Contract-Audit-Report.pdf

Report Date: Apr 2023

Description:

In is_whitelist_phase, the one_day constant is incorrectly set to 0 instead of 24*60*60*1000. This causes the calculation campaign.sale_start - one_day > clock::timestamp_ms(clock) to be incorrect, potentially allowing whitelist phase logic to fail.