Connect

Seamless Leverage Tokens

Seamless Leverage TokensSeamless Leverage Tokens

Details

Scope

My Submission

Reward Amounts

Critical

  • $100,000 maximum payout

  • Payout shall not exceed 10% of funds at risk at time of submission

Severity Criteria

Critical Definition

  • Definite and significant loss of funds without limitations of external conditions
  • Definite and significant freezing of funds for >1 year without limitations of external conditions

General Notes

  • Sherlock’s Criteria for Issue Validity guide (used in Sherlock audit contests) can be a helpful resource for more context on out-of-scope issues, etc. but nothing in the guide should overrule the definitions above

  • A coded Proof of Concept (POC) with instructions to run the POC is required

  • If the protocol team has the ability to take measures (upgrade the contract, pause the contract, etc.) against an exploit, the potential damage is limited to a 1-hour exploit period before it is assumed that the protocol team takes measures to prevent further damage

Platform Rules

Please review the Sherlock Bug Bounty Platform Rules before submitting any vulnerability.

Previous Audits

Additional Context

Permissionless Creation

Leverage Tokens within the Seamless Protocol are designed to be fully permissionless. This means:

  • Anyone can create a new Leverage Token: There are no restrictions or allowlists for token creation. Users, developers, or even external parties can deploy new Leverage Tokens at any time.

  • Potential for Malicious Tokens: Because creation is open, it is possible for malicious actors to deploy Leverage Tokens with configurations or parameters intended to deceive users or exploit vulnerabilities. Participants should exercise caution and verify the legitimacy and configuration of any Leverage Token before interacting with it.

Inherited Risks from Underlying Platforms

Leverage Tokens are built to interact with various DeFi protocols through adapters. As a result:

  • Exposure to Adapter Risks: Each Leverage Token inherits the technical and economic risks of any underlying lending or DeFi platform it integrates with via adapters. If an adapter connects to a platform with vulnerabilities, those risks are passed through to the Leverage Token and its users.

  • No Isolation from Platform Failures: Issues such as smart contract bugs, oracle failures, insolvency, or governance attacks on underlying platforms can directly impact the safety and value of the Leverage Token.

  • Dynamic Risk Profile: The risk profile of each Leverage Token may change over time as underlying protocols are upgraded, attacked, or experience market volatility.

Chains in scope

  • Base

Protocol Resources

Max Rewards

100,000 USDC

Status

Live since

Last updated

LIVE

Jul 29, 2025, 2:36 PM

Jul 29, 2025, 2:36 PM

Report a bug