https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_6.png

0rpse

Security Researcher

Contact Me

High

28

Total

Medium

18

Total

$8.48K

Total Earnings

#602 All Time

22x

Payouts

silver

2x

2nd Places

bronze

2x

3rd Places

regular

7x

Top 10

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

139.07 USDC • Sherlock • 0rpse

#10

Feb '25

Rova

Rova

1,178.25 USDC • 1 total finding • Sherlock • 0rpse

silver

medium

updateParticipation currency and requested token variable mismatch causes accounting issues

Jan '25

Liquid Ron

Liquid Ron

3,583.08 USDC • 3 total findings • Code4rena • 0rpse

silver

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

User can earn rewards by frontrunning the new rewards accumulation in Ron staking without actually delegating his tokens

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Plaza Finance

Plaza Finance

21.24 USDC • 3 total findings • Sherlock • 0rpse

#67

medium

Some tokens can not be used as token/USD pair does not exist on chainlink for them

medium

USDC blacklisting blocks bidding

medium

coupon shares are accounted for failed auctions leads to inconsistent coupon distributions

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

1.54 OP • 2 total findings • Sherlock • 0rpse

#54

high

generateOrderId generates duplicate ids leading to fund loss

high

OracleLess fillOrder reentrancy can delete victim's pending orders

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • 0rpse

#33

high

Market funds accounting error in buyVotes

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

256.21 USDC • Sherlock • 0rpse

#16

Oct '24

Orderly Solana Vault Contract

Orderly Solana Vault Contract

1,997.97 USDC • 2 total findings • Sherlock • 0rpse

bronze

high

lz_receive can be called with any user account to steal from users

high

token accounts are not verified against token_hash

predict.fun lending market

predict.fun lending market

153.17 USDC • 1 total finding • Sherlock • 0rpse

#7

medium

Borrowers might not be able to repay loan due to USDC blacklisting

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

53.81 USDC • 1 total finding • Sherlock • 0rpse

#20

medium

Claim's protocol fee can be stolen due to missing limit on referral fee and no constraint on referrer address

Aug '24

Winnables Raffles

Winnables Raffles

37.23 USDC • 3 total findings • Sherlock • 0rpse

#19

high

`cancelRaffle` function lacks validation

high

`cancelRaffle` function can be used to grief protocol

medium

Link token can be used as prize to prevent users from getting their prize

Jul '24

TraitForge

TraitForge

288.69 USDC • 3 total findings • Code4rena • 0rpse

#15

high

Number of entities in generation can surpass the 10k number

medium

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

medium

Incorrect check against golden entropy value in the first two batches

Munchables

Munchables

299.17 USDC • 4 total findings • Code4rena • 0rpse

#24

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

May '24

Munchables

Munchables

0.02 USDC • 4 total findings • Code4rena • 0rpse

#15

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Apr '24

Renzo

Renzo

13.98 USDC • 4 total findings • Code4rena • 0rpse

#45

high

Incorrect withdraw queue balance in TVL calculation

high

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

high

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

NOYA

NOYA

3.66 USDC + NOYA stars • 3 total findings • Code4rena • 0rpse

#106

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

medium

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

TITLES Publishing Protocol

TITLES Publishing Protocol

410.17 USDC • 3 total findings • Sherlock • 0rpse

#12

high

Mint referrer gets collection referrer's share

medium

Referrers can DoS minting

medium

refunding excess ETH does not work properly

Zivoe

Zivoe

1.88 USDC • 1 total finding • Sherlock • 0rpse

#56

medium

DoS adding liquidity

Mar '24

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • 0rpse

bronze

high

_cancelAllBids does not check if bid is the highest

Revert Lend

Revert Lend

17.32 USDC • 1 total finding • Code4rena • 0rpse

#67

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Feb '24

AI Arena

AI Arena

3.36 USDC • 4 total findings • Code4rena • 0rpse

#146

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

LooksRare YOLO

LooksRare YOLO

17.38 USDC • 1 total finding • Sherlock • 0rpse

#7

high

depositETHIntoMultipleRounds lets users deposit 0 ether leading to losses by participation