https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0c91f535-71d7-4191-ae5f-8225dd0d52d8.jpg

056Security

Security Researcher

92764f3670

Contact Me

High

33

Total

Medium

31

Total

$4.39K

Total Earnings

#784 All Time

31x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

11x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

Nudge.xyz

Nudge.xyz

610.41 USDC • 1 total finding • Code4rena • 056Security

#6

medium

Anyone can DOS handleReallocation over and over

colorpool-chromia

colorpool-chromia

665.12 USDC • 4 total findings • Cantina • 0xb0k0

#7

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • 056Security

bronze

medium

Invalid token amount calculations leads to DoS in `Launch::updateParticipation(...)`

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • 056Security

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

551.36 USDC • 1 total finding • Code4rena • 056Security

#10

medium

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Plaza Finance

Plaza Finance

357.43 USDC • 7 total findings • Sherlock • 056Security

#23

high

Invalid `period` used in `Pool::transferReserveToAuction(...)` function leads to DoS of the `Auction` contract

high

Plaza token creation can be gamed when collateral level is <= 1.2

medium

Base mainnet ChainLink oracle is incompatible with `wstETH` causing issues for fetching the reserve token price

medium

Blacklisted `USDC` user could DoS the `Auction` contract

medium

Stuck funds in `BalancerRouter` when user exceeds `PreDeposit` deposit cap

medium

`BondEth` holders could end up claiming other users' `couponTokens`

medium

Precission loss in the Pool contract

Dec '24

Tally ARB Staker

Tally ARB Staker

89.06 USDC • Sherlock • 056Security

#24

SecondSwap

SecondSwap

2.81 USDC • 2 total findings • Code4rena • 056Security

#60

high

Users can claim more that their actual allotment

medium

Rounding error in stepDuration calculations.

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.27 OP • 2 total findings • Sherlock • 056Security

#62

high

Weak randonmness in `AutomationMaster::generateOrderId(...)` could lead to `orderId` clashes

medium

Missing maximum limit for the `pendingOrderIds` array in the `OracleLess` contract could lead to DoS

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • 056Security

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

56.06 USDC • Sherlock • 056Security

#39

Superfluid Locker System

Superfluid Locker System

121.22 USDC • 1 total finding • Sherlock • 056Security

#4

high

Invalid vest unlock flow rate calculations in `FluidLocker::_vestUnlock(...)` leads to recepients paying much higher tax rates than intended

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • 056Security

gold

high

Malicious actor can front-run any `VVVVCTokenDistributor::claim(...)` transaction and get all of the user funds

Telcoin Update #2

Telcoin Update #2

20.03 USDC • Sherlock • 056Security

#35

Oct '24

Ethos Network Social Contracts

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • 056Security

#6

medium

Archived/Deleted author could archive his/her review

Gamma Brevis Rewarder

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • 056Security

bronze

high

Funds can be locked indefinitely in the GammaRewarder contract

stakeup-bloomv2

stakeup-bloomv2

78.2 USDC • 2 total findings • Cantina • 056Security

#60

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

47.38 USDC • 2 total findings • Cantina • 0xb0k0

#51

high

Finding not yet public.

medium

Finding not yet public.

Aug '24

Chakra

Chakra

131.81 USDT • 3 total findings • Code4rena • 0xb0k0

#24

high

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

medium

A cross-chain message can be initiated with invalid parameters

medium

Wrong usage of transaction originator address instead of caller address

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

27.38 USDC • Sherlock • 0xb0k0

#21

Fjord Token Staking

Fjord Token Staking

158.61 USDC • 1 total finding • CodeHawks • 0xb0k0

#11

medium

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

Tadle

Tadle

81.45 USDC • 7 total findings • CodeHawks • 0xb0k0

#52

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Tadle

Tadle

508.04 USDC • 6 total findings • CodeHawks • stanchev

#10

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Missing abort status check allows bid taker to steal users funds

low

`listOffer` Unsafely References Fungible Identifiers

Jul '24

TraitForge

TraitForge

209.12 USDC • 6 total findings • Code4rena • 0xb0k0

#23

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

The maximum number of generations is infinite

medium

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

medium

Forger Entities can forge more times than intended

medium

Duplicate NFT generation via repeated forging with the same parent

medium

`Golden God` Tokens can be minted twice per generation

TraitForge

TraitForge

67.17 USDC • 5 total findings • Code4rena • stanchev

#51

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

Duplicate NFT generation via repeated forging with the same parent

medium

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

Munchables

Munchables

14.59 USDC • 1 total finding • Code4rena • 0xb0k0

#46

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Munchables

Munchables

126.54 USDC • 3 total findings • Code4rena • stanchev

#27

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

TempleGold

TempleGold

109.97 USDC • 1 total finding • CodeHawks • stanchev

#24

medium

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

Jun '24

Vultisig

Vultisig

13.54 USDC • 1 total finding • Code4rena • 0xb0k0

#28

medium

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

May '24

Midas

Midas

69.66 USDC • 1 total finding • Sherlock • 0xb0k0

#5

medium

Corruptible Upgradability Pattern

Predy

Predy

0.22 USDC • 1 total finding • Code4rena • 0xb0k0

#41

medium

Chainlink's `latestRoundData` might return stale or incorrect results