https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0c91f535-71d7-4191-ae5f-8225dd0d52d8.jpg

056Security

Security Researcher

92764f3670

Contact Me

High

49

Total

Medium

44

Total

$6.03K

Total Earnings

#730 All Time

35x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

12x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Jul '25

DeBank

DeBank

111.15 USDC • Sherlock • 0xb0k0

#26

Jun '25

Superfluid Locker System

Superfluid Locker System

323.57 USDC • 1 total finding • Sherlock • 0xb0k0

#8

high

The one percent `SUP` buy when providing liquidity in `FluidLocker.sol` can be bypassed

Apr '25

Kinetiq

Kinetiq

9.35 USDC • 1 total finding • Code4rena • 056Security

#33

medium

Inconsistent State Restoration in `cancelWithdrawal` Function

Mar '25

Nudge.xyz

Nudge.xyz

610.41 USDC • 1 total finding • Code4rena • 056Security

#6

medium

Anyone can DOS handleReallocation over and over

colorpool-chromia

colorpool-chromia

665.12 USDC • 4 total findings • Cantina • 0xb0k0

#7

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • 056Security

bronze

medium

Invalid token amount calculations leads to DoS in `Launch::updateParticipation(...)`

Core Contracts

Core Contracts

1,201.18 usdc • 32 total findings • CodeHawks • 056Security

#13

high

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

high

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Gauge period cannot be updated

high

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

high

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

high

Gauge rewards are not transferred to gauge when distributeRewards() is called

high

Ineffective Time-Weighted Average Implementation in Fee Distribution

high

Future Stakers Gains More Rewards from Already Accumulated `rewardPerTokenStored` Causing Unfair Reward Distribution

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

LendingPool::getNormalizedIncome() returns stale liquidity index

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

medium

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

medium

Incorrect Period Transition Logic in Reward Distribution

medium

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

medium

FeeCollector stakeholders may receive less fee distribution due to unnecessarily precision loss

medium

Usage rate is increased even when no debt is present in `LendingPool`

medium

Emission rate manipulation via temporary utilization spike in RAACMinter.sol

medium

Delegated Boost Persists Even If veRAAC Is Withdrawn/Reduced

low

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

low

Missing Controller Functions in GaugeController

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

Overwriting Previous Allocations in allocateFunds May Lead to Loss of Cumulative Allocation Data

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • 056Security

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

551.36 USDC • 1 total finding • Code4rena • 056Security

#10

medium

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Plaza Finance

Plaza Finance

357.43 USDC • 7 total findings • Sherlock • 056Security

#23

high

Invalid `period` used in `Pool::transferReserveToAuction(...)` function leads to DoS of the `Auction` contract

high

Plaza token creation can be gamed when collateral level is <= 1.2

medium

Base mainnet ChainLink oracle is incompatible with `wstETH` causing issues for fetching the reserve token price

medium

Blacklisted `USDC` user could DoS the `Auction` contract

medium

Stuck funds in `BalancerRouter` when user exceeds `PreDeposit` deposit cap

medium

`BondEth` holders could end up claiming other users' `couponTokens`

medium

Precission loss in the Pool contract

Dec '24

Tally ARB Staker

Tally ARB Staker

89.06 USDC • Sherlock • 056Security

#24

SecondSwap

SecondSwap

2.81 USDC • 2 total findings • Code4rena • 056Security

#60

high

Users can claim more that their actual allotment

medium

Rounding error in stepDuration calculations.

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.27 OP • 2 total findings • Sherlock • 056Security

#62

high

Weak randonmness in `AutomationMaster::generateOrderId(...)` could lead to `orderId` clashes

medium

Missing maximum limit for the `pendingOrderIds` array in the `OracleLess` contract could lead to DoS

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • 056Security

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

56.06 USDC • Sherlock • 056Security

#39

Superfluid Locker System

Superfluid Locker System

121.22 USDC • 1 total finding • Sherlock • 056Security

#4

high

Invalid vest unlock flow rate calculations in `FluidLocker::_vestUnlock(...)` leads to recepients paying much higher tax rates than intended

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • 056Security

gold

high

Malicious actor can front-run any `VVVVCTokenDistributor::claim(...)` transaction and get all of the user funds

Telcoin Update #2

Telcoin Update #2

20.03 USDC • Sherlock • 056Security

#35

Oct '24

Ethos Network Social Contracts

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • 056Security

#6

medium

Archived/Deleted author could archive his/her review

Gamma Brevis Rewarder

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • 056Security

bronze

high

Funds can be locked indefinitely in the GammaRewarder contract

stakeup-bloomv2

stakeup-bloomv2

78.2 USDC • 2 total findings • Cantina • 056Security

#60

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

47.38 USDC • 2 total findings • Cantina • 0xb0k0

#51

high

Finding not yet public.

medium

Finding not yet public.

Aug '24

Chakra

Chakra

131.81 USDT • 3 total findings • Code4rena • 0xb0k0

#24

high

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

medium

A cross-chain message can be initiated with invalid parameters

medium

Wrong usage of transaction originator address instead of caller address

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

27.38 USDC • Sherlock • 0xb0k0

#21

Fjord Token Staking

Fjord Token Staking

158.61 USDC • 1 total finding • CodeHawks • 0xb0k0

#11

medium

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

Tadle

Tadle

81.45 USDC • 7 total findings • CodeHawks • 0xb0k0

#52

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Tadle

Tadle

508.04 USDC • 6 total findings • CodeHawks • stanchev

#10

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Missing abort status check allows bid taker to steal users funds

low

`listOffer` Unsafely References Fungible Identifiers

Jul '24

TraitForge

TraitForge

209.12 USDC • 6 total findings • Code4rena • 0xb0k0

#23

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

The maximum number of generations is infinite

medium

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

medium

Forger Entities can forge more times than intended

medium

Duplicate NFT generation via repeated forging with the same parent

medium

`Golden God` Tokens can be minted twice per generation

TraitForge

TraitForge

67.17 USDC • 5 total findings • Code4rena • stanchev

#51

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

Duplicate NFT generation via repeated forging with the same parent

medium

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

Munchables

Munchables

14.59 USDC • 1 total finding • Code4rena • 0xb0k0

#46

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Munchables

Munchables

126.54 USDC • 3 total findings • Code4rena • stanchev

#27

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

TempleGold

TempleGold

109.97 USDC • 1 total finding • CodeHawks • stanchev

#24

medium

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

Jun '24

Vultisig

Vultisig

13.54 USDC • 1 total finding • Code4rena • 0xb0k0

#28

medium

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

May '24

Midas

Midas

69.66 USDC • 1 total finding • Sherlock • 0xb0k0

#5

medium

Corruptible Upgradability Pattern

Predy

Predy

0.22 USDC • 1 total finding • Code4rena • 0xb0k0

#41

medium

Chainlink's `latestRoundData` might return stale or incorrect results