Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_5.png

0Kage

Security Researcher

Contact Me

High

1

Solo

20

Total

Medium

14

Total

$16.05K

Total Earnings

#439 All Time

14x

Payouts

gold

1x

1st Places

regular

2x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

Aug '23

Dopex

Dopex

719.15 USDC • 5 total findings • Code4rena • 0Kage

#28

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

medium

reLP() mintokenAAmount the calculations are wrong.

medium

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

medium

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Apr '23

Rubicon v2

Rubicon v2

1.1 USDC • 2 total findings • Code4rena • 0Kage

#118

high

Reward accounting is incorrect in BathBuddy contract

high

DOS of market operations with malicious offers

Mar '23

Asymmetry contest

Asymmetry contest

369.2 USDC • 3 total findings • Code4rena • 0Kage

#19

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

high

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

medium

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors

Y2K

Y2K

235.29 USDC • 2 total findings • Sherlock • 0Kage

#45

high

Updating rollover details in `enlistInRollover` for one user overrides existing rollover details of another user

medium

Potential DDOS attack while processing deposit requests with epochId =0

Feb '23

Surge

Surge

3.65 USDC • 1 total finding • Sherlock • 0Kage

#22

high

First depositor into a new pool can manipulate the pool share price

Carapace

Carapace

7,027.90 USDC • 7 total findings • Sherlock • 0Kage

gold

high

Malicious user can cause a DOS attack on critical pool functions such as `accruePremiumAndExpireProtections` and `lockCapital`

high

Existing buyer who has been regularly renewing protection will be denied renewal even when she is well within the renewal grace period

high

User can bypass the `ProtectionPurchaseLimitTimestamp` restriction that disallows protection purchase on a specific lending pool after specific time elapses

high

Protection sellers can front-run accrued premium updates and make instant arbitrage profits

high

Protection seller can bypass the withdrawal cycle restriction by placing withdrawal requests in advance

high

Malicious protection buyer can manipulate pool leverage ratio to block genuine protection buyers

medium

Protection buyers can front-run lending pool state updates to buy protection on pools that have just transitioned from `Active` to `LateWithinGracePeriod` state

Blueberry

Blueberry

103.09 USDC • 1 total finding • Sherlock • 0Kage

#30

high

Interest component of underlying amount is not withdrawable using the `withdrawLend` function. Such amount is permanently locked in the BlueBerryBank contract

Jan '23

Popcorn contest

Popcorn contest

745.02 USDC • 2 total findings • Code4rena • 0Kage

#31

high

Staking rewards can be drained

high

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of `supplierDelta`

Timeswap contest

Timeswap contest

4,626 USDC • 1 total finding • Code4rena • 0Kage

#4

medium

`Mint` function does not update `LiquidityPosition` state of caller before minting LP tokens. This

Astaria contest

Astaria contest

333.34 USDC • 2 total findings • Code4rena • 0Kage

#35

medium

ERC4626RouterBase.withdraw can only be called once

medium

For a public vault, minimum deposit requirement that is enforced by `ERC4626Cloned.deposit` function can be bypassed by `ERC4626Cloned.mint` function or vice versa when share price does not equal one

UXD Protocol

UXD Protocol

583.86 USDC • 1 total finding • Sherlock • 0Kage

#13

high

Significant divergence in unrealizedPnL calculation of Perp protocol vs Depository can lead to undercollateralization

Dec '22

GoGoPool contest

GoGoPool contest

123.59 USDC • 4 total findings • Code4rena • 0Kage

#55

high

Hijacking of node operators minipool causes loss of staked funds

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

medium

NodeOp funds may be trapped by a invalid state transition

Tigris Trade contest

Tigris Trade contest

939.6 USDC • 2 total findings • Code4rena • 0Kage

#19

high

Not enough margin pulled or burned from user when adding to a position

medium

`_handleOpenFees` returns an incorrect value for `_feePaid`. This directly impacts margin calculations

prePO contest

prePO contest

238.9 USDC • 1 total finding • Code4rena • 0Kage

#24

high

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit