MIMIR - DeFi Security Audit Database

MIMIR

DeFi Security Audit Database // Independent Research

Vulnerabilities

Protocols Audited

HIGH Severity

$5M+

Potential Bounties

Vulnerability Database

ID	Protocol	Vulnerability Class	Severity	Platform	Status
MIMIR-001	Aave V4	Oracle Staleness - Missing timestamp validation	MEDIUM	Sherlock	Submitted
MIMIR-002	Aave V4	Stale Config Blocks Emergency Liquidations	HIGH	Sherlock	Ready
MIMIR-003	Aave V4	Deficit Reporting - Collateral Seizure Logic	MEDIUM	Sherlock	Ready
MIMIR-004	Aave V4	Dust Threshold DoS Vector	MEDIUM	Sherlock	Ready
MIMIR-005	Aave V4	1e18 Scaling Error in eliminateDeficit	HIGH	Sherlock	Ready
MIMIR-006	Aave V4	Interest Accrual Race Condition	MEDIUM	Sherlock	Ready
MIMIR-007	SparkLend	Oracle Staleness - latestAnswer() deprecated API	HIGH	Immunefi	Ready
MIMIR-008	Radiant	Oracle Staleness - Aave V3 Fork Inheritance	HIGH	Immunefi	Ready
MIMIR-009	Moonwell	Incomplete Oracle Validation (L2 Sequencer)	MEDIUM	Immunefi	Ready
MIMIR-010	Avail	Fee Bypass in Token Transfers	MEDIUM	Immunefi	Ready
MIMIR-011	Avail	Fee-on-Transfer Token Incompatibility	MEDIUM	Immunefi	Ready
MIMIR-012	Avail	EOA Message Lock Griefing	LOW	Immunefi	Ready
MIMIR-013	ZKsync	BLOBHASH Opcode Implementation	MEDIUM	Immunefi	Ready
MIMIR-014	Panoptic	Transfer Allows Collateral Escape	HIGH	Code4rena	Ready
MIMIR-015	Panoptic	Off-by-One in Duplicate Token Validation	HIGH	Code4rena	Ready
MIMIR-016	Panoptic	Incorrect Tuple Destructuring in TWAP	HIGH	Code4rena	Ready
MIMIR-017	Panoptic	Insolvency Branch Stale Index	MEDIUM	Code4rena	Ready
MIMIR-018	Panoptic	OraclePack State Discard	MEDIUM	Code4rena	Ready
MIMIR-019	Panoptic	Addition-Based Packing Overflow	LOW	Code4rena	Ready

> Research Methodology

Manual code review of production smart contracts
Focus on oracle integrations and price feed validation
Systematic analysis of Aave-derived lending protocols
L2 sequencer uptime and staleness threshold validation
Chainlink latestRoundData() best practices verification
Cross-protocol vulnerability pattern identification

> Systematic Finding: Chainlink Oracle Staleness in DeFi

A widespread vulnerability class identified across multiple Aave-derived lending protocols. These protocols use Chainlink price feeds without proper staleness validation.

Protocol	latestRoundData	updatedAt	answeredInRound	Max Staleness	L2 Sequencer
Aave V4	Yes	No	No	No	No
SparkLend	latestAnswer	No	No	No	No
Radiant	latestAnswer	No	No	No	No
Moonwell	Yes	Yes	No	No	No

> Research Case Studies

Chainlink Oracle Staleness: A Systematic DeFi Vulnerability - Deep dive into oracle staleness across major lending protocols
Aave V4: Why Bad Debt Can Never Be Repaid - Critical 1e18 scaling error in eliminateDeficit
Interactive Oracle Security Checklist - Audit checklist for Chainlink integrations
Oracle Safety Scanner - Free tool to scan Solidity code for oracle vulnerabilities

Need a Security Audit?

We specialize in Chainlink oracle integrations, lending protocols, and DeFi security.

Request an Audit

Real-Time Token Security

Get instant alerts for safe Solana token launches. Automated GoPlus security scanning. Free Telegram channel.

Join HERMOD Alerts

Configure Your Trading Weapon

Input your budget and risk tolerance. Get optimized bot settings. One-click launch to Trojan or BonkBot.

Launch TYR Configurator

Copy Profitable Traders

Analyze any Solana wallet's P&L, win rate, and best trades. Find profitable traders and copy their moves.

Analyze Wallets

Check Influencer Integrity

Did they dump? Check any crypto influencer's track record. Get integrity scores and avoid pump-and-dump schemes.

Investigate Influencers

The Hunters Hall

Browse the leaderboard of top Solana traders. See ROI, win rates, and copy their trades with one click.

View Top Traders