All Reports
K

Kapan Finance

2025-09-02
Download PDF
Critical0
High2
Medium3
Low3
Info0

About the Protocol

DeFi routing and aggregation protocol on Starknet enabling seamless multi-lending protocol interaction.

Findings (8)

H-01HighFixed

Certain combinations of instructions can lead to token loss

Specific instruction sequences cause permanent loss of user tokens.

H-02HighFixed

Vesu Gateway uses the same default pool id for every withdrawal

All Vesu withdrawals use a hardcoded pool id ignoring the actual pool.

M-01MediumFixed

Certain instruction combos create negative balancesAfter and will revert

Instruction combinations produce negative balances causing transaction reverts.

M-02MediumFixed

Repay may fail due to insufficient tokens approval

Token approval amounts may be insufficient for repayment operations.

M-03MediumFixed

The on_flash_loan function lacks a caller verification check

Flash loan callback does not verify the caller's identity.

Ready to Secure Your Project?

Let's discuss your project and ensure your security!