Low Findings
Missing increment of i
Severity: Low
Ecosystem: Sui
Protocol: Kai Finance
Auditor: Asymptotic
Report: https://info.asymptotic.tech/kai-leverage-verification-report-6ec808dd2adc4b55a4e30f0512260a70
Report Date: Aug 2024
Description:
The update_interest function while loop is missing an increment of i . We consider this a low-priority bug as it would most likely be caught in testing.
Debug logging left in reward loop increases gas and noise
Severity: Low
Ecosystem: Sui
Protocol: Momentum
Auditor: Sherlock
Report Date: Nov 2025
Description:
The staking pool claim_reward prints multiple values like single_epoch_reward, epoch_id, pool.reward.value, and single_epoch_reward on each epoch iteration. This is a test-only convenience that should not ship in production reward paths.
Inflating reward_released Statistics
Severity: Low
Ecosystem: Sui
Protocol: Cetus DLMM
Auditor: MoveBit
Report: https://drive.google.com/drive/u/0/folders/1d9nv3nJidsbQ0vDT8D1kEuR3rJzK2ULg
Report Date: Sep 2025
Description:
There is an accounting logic error in the inner loop of reward settlement that causes the total released rewards to be repeatedly accumulated.
DoS via Unbounded Loop
Severity: Low
Ecosystem: Aptos
Protocol: Thala Swap
Auditor: OtterSec
Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772
Report Date: Jan 2025
Description:
claimable_internal has an unbounded loop that may result in excessive gas consumption and stuck funds if reward claims span many epochs, creating a denial-of-service scenario for users joining the protocol later.