Medium Findings

Fixed GUSD Pricing May Lead to Protocol Asset Loss

Severity: Medium

Ecosystem: Sui

Protocol: Creek Finance

Auditor: MoveBit

Report: https://movebit.xyz/reports/Creek-Audit-Report-2025-12-30.pdf

Report Date: Dec 2025

Description:

Pegging GUSD to a fixed price of $1 in the protocol could result in price misalignment.

Recommendation:

It is recommended to use the stablecoin’s actual market price for internal calculations to ensure that debt valuation aligns with real time market conditions.

nonce is Always 0

Severity: Medium

Ecosystem: Aptos

Protocol: MoveGPT

Auditor: MoveBit

Report: https://movebit.xyz/reports/MoveGPT-Final-Audit-Report.pdf

Report Date: Apr 2024

Description:

The nonce string value added to the signature in the buy function is always 0 and there is no place to change it. It is recommended not to use hard-coded.

Wrong value hardcoded in TOTAL_SUPPLY leads to too few minted tokens

Severity: Medium

Ecosystem: Sui

Protocol: Zesh AI

Auditor: Hacken

Report: https://hacken.io/audits/zesh-ai-layer/sca-zesh-ai-layer-zesh-coin-dec2024/

Report Date: Dec 2024

Description:

Harded coded token supply set to 1000 instead of 1 billion, as token uses 6 decimals. const TOTAL_SUPPLY: u64 = 1_000_000_000

Unused Constant

Severity: Medium

Ecosystem: Sui

Protocol: Scallop

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Scallop-Smart-Contract-Audit-Report.pdf

Report Date: June 2023

Description:

Certain variables not referenced or used in any of the contract.

MIN_BASE_MAX_CLOSE_FACTOR_THRESHOLD has outdated value

Severity: Medium

Ecosystem: Aptos

Protocol: AAVE v3.0.2 Core

Auditor: Spearbit

Report: https://github.com/aave/aptos-aave-v3/blob/main/audits/Spearbit%20Aave%20Aptos%20Core%20V3.0.2%20Report.pdf

Report Date: June 2025

Description:

Incorrect constant.