I'm gonna present you with 3 findings from this contest that are simple to grasp, yet only a few have discovered them. I'll try to analyze and reason on what empowered those auditors to find them. In total there were 28 H/M valid findings, most of which were heavily duplicated.…

First let me give you some context on the protocol, so that you can easily follow my chain of thought 🗒️ Note Even though the protocol is a bit complicated, fear NOT! There won't be anything complex in my analysis. Quite the contrary - I'll extract the alpha and place it on your…

Finding #1 Title Inability to withdraw funds for certain users due to protocol being paused 🐛The bug 1. Holders of CREDIT can call stake() to start earning yield on it 2. Holders call unstake() to get their CREDIT + yield. However unstake() internally calls mint() to add the…

Finding #2 Title Users can deflate other markets Guild holders rewards by staking less priced token 🐛The bug 1. Lenders deposit assets and receive CREDIT tokens 2. They `stake()` them in a particular market and earn fees from the borrowers of that market - each…

# Last one, I promise Title Inability to offboard lendingTerm twice in a 7-day period 🐛The bug 1. DAO token holders can vote to onboard() a new LendingTerm (market) that will be made available to borrowers 2. In case the LendingTerm becomes risky, the DAO can vote to…

Let's recap the valuable insights: 🧠For a finding to be considered unique and valuable it does not always have to be complex 🧠The fact that some bug is simple to understand, should not mean it is simple to be found 🧠 When you audit big codebases, you should not lose sight of…

@xb0g0 @CreditGuild You don't even know how pumped I get every time I read your tweets. They're like a book you just can't put down.

@Slavcheww @CreditGuild I'm honoured🙏 What's even better - you're one of the main characters in it🚀

@xb0g0 @CreditGuild You post really high quality content sir! Keep up the good work!

@yotov721 @CreditGuild Thanks! Appreciate the feedback🙏

@xb0g0 @CreditGuild This is well written bro 👍

@2025Proj @CreditGuild Thanks man💪

@xb0g0 @CreditGuild Great tips man. Thanks. I am currently auditing a protocol and the current state only has one asset but it plans to release more assets in the future. I'll be looking at possible futures states now.

@NonseOdion @CreditGuild Awesome!