Cantina public competition · May 2026
Hybrid optimistic/pessimistic governance system built on OpenZeppelin Governor.
2,742 lines of Solidity reviewed across 9 core contracts.
HIGH1
MEDIUM1
LOW7
INFO3
TOTAL FINDINGS12
LINES REVIEWED2,742
H-01 · Optimistic Proposer Aborts Confirmation Vote — Persistent Governance DoSM-01 · additionalGuardians Bypass Guardian Restrictions — Unrestricted Proposal CancellationL-01 · Proposer Cancels Succeeded Optimistic Proposal — proposalId Permanently LockedL-02 · Veto Threshold Uses Floor Instead of Ceil — 1 Token Easier Than DocumentedL-03 · Fee-on-Transfer Underlying Bricks Native Reward Accounting via UnderflowL-04 · Missing _decimalsOffset() Override — ERC4626 First-Depositor Inflation AttackL-05 · No Upper Bound on vetoPeriod — Misconfiguration Freezes Governance for 136 YearsL-06 · Deflationary Reward Token Causes Permanent Vault DoS via _accrueRewards UnderflowL-07 · Registry Deregistration Silently Discards Pending User RewardsI-01 · Governance Cannot Cancel Proposals via governor.cancel() from Within a ProposalI-02 · Zero-Supply Path Returns Canceled Without Setting proposalCore.canceled FlagI-03 · unregisterSelectors Race Window — In-Flight Optimistic Proposals Survive Selector Removal