A logic bug in TypedMemView's isValid() function where the `not` instruction (bitwise NOT) was incorrectly used instead of `iszero`, causing the function to always return true regardless of memory bounds validation. This broke memory safety guarantees in the library used by Nomad and other projects.
A critical smart contract vulnerability in Notional V2 allowed double-counting of free collateral in bitmap portfolio processing, enabling attackers to drain protocol liquidity by borrowing against overstated collateral. The bug was triggered via sequential calls to enableBitmapForAccount() and depositUnderlyingToken() that caused free collateral calculations to run twice on the same asset.
Iron Bank's seizeInternal() function fails to credit liquidators with the full seized collateral amount due to improper delta accounting, potentially resulting in under-counted collateral that could trigger unexpected liquidations. The vulnerability exists because the collateral buffer is not properly added to the liquidator's accountCollateralTokens.