https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

0x11singh99

Security Researcher

Contact Me

High

11

Total

Medium

11

Total

$8.81K

Total Earnings

#617 All Time

38x

Payouts

bronze

1x

3rd Places

regular

7x

Top 10

regular

19x

Top 25

All

Code4rena

CodeHawks

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • 0x11singh99

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Dec '24

Chainlink Payment Abstraction

Chainlink Payment Abstraction

1,987.07 USDC • Code4rena • 0x11singh99

bronze

Oct '24

Dria

Dria

0.32 USDC • 1 total finding • CodeHawks • 0x11singh99

#72

high

Subtraction in `variance()` will revert due to underflow

Jul '24

Basin

Basin

135.48 USDC • 1 total finding • Code4rena • 0x11singh99

#7

high

`WellUpgradeable` can be upgraded by anyone

Mar '24

Smart Wallet

Smart Wallet

120.84 USDC • Code4rena • 0x11singh99

#11

Abracadabra Mimswap

Abracadabra Mimswap

474.94 USDC • 1 total finding • Code4rena • 0x11singh99

#12

medium

Missing Return Statement in `_getReserves` Function in `MagicLpAggregator` Contract

zkSync Era

zkSync Era

975.51 USDC • 1 total finding • Code4rena • 0x11singh99

#7

medium

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Taiko

Taiko

221.41 USDC • Code4rena • 0x11singh99

#27

Revert Lend

Revert Lend

360.22 USDC • Code4rena • 0x11singh99

#34

PoolTogether

PoolTogether

147.39 USDC • 1 total finding • Code4rena • 0x11singh99

#20

medium

`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

Feb '24

Spectra

Spectra

337.04 USDC • Code4rena • 0x11singh99

#6

Wise Lending

Wise Lending

1,018.09 USDC • 1 total finding • Code4rena • 0x11singh99

#18

medium

Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

Althea Liquid Infrastructure

Althea Liquid Infrastructure

151.16 USDC • Code4rena • 0x11singh99

#17

AI Arena

AI Arena

490.2 USDC • 2 total findings • Code4rena • 0x11singh99

#8

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Burner role can not be revoked

Jan '24

MorpheusAI

MorpheusAI

976.57 USDC • 3 total findings • CodeHawks • 0x11singh99

#7

medium

Due to no access control on `DistributionV2::_authorizeUpgrade()` anyone can change the implementation contract and can destroy the main Proxy contract.

low

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

low

8 lows for mocks

Decent

Decent

192.08 USDC • 1 total finding • Code4rena • 0x11singh99

#26

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Salty.IO

Salty.IO

218.12 USDC • 1 total finding • Code4rena • 0x11singh99

#50

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Curves

Curves

51.22 USDC • 2 total findings • Code4rena • 0x11singh99

#61

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

reNFT

reNFT

42.44 USDC • Code4rena • 0x11singh99

#47

Dec '23

Olas

Olas

74.36 USDC • Code4rena • 0x11singh99

#18

Revolution Protocol

Revolution Protocol

201.7 USDC • Code4rena • 0x11singh99

#34

Nov '23

Shell Protocol

Shell Protocol

72.79 USDC • Code4rena • 0x11singh99

#9

Oct '23

Party Protocol

Party Protocol

23.81 USDC • Code4rena • 0x11singh99

#31

Ethena Labs

Ethena Labs

10.98 USDC • Code4rena • 0x11singh99

#38

Open Dollar

Open Dollar

12.14 USDC • Code4rena • 0x11singh99

#53

Brahma

Brahma

20.87 USDC • Code4rena • 0x11singh99

#13

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

17.71 USDC • Code4rena • 0x11singh99

#58

Ondo Finance

Ondo Finance

9.75 USDC • Code4rena • 0x11singh99

#31

Aug '23

Livepeer Onchain Treasury Upgrade

Livepeer Onchain Treasury Upgrade

27 USDC • Code4rena • 0x11singh99

#18

Chainlink Staking v0.2

Chainlink Staking v0.2

79.61 USDC • Code4rena • 0x11singh99

#53

Shell Protocol

Shell Protocol

22.46 USDC • Code4rena • 0x11singh99

#18

Sparkn

Sparkn

5.30 USDC • 2 total findings • CodeHawks • 0x11singh99

#75

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Centralization Risk for trusted organizers

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

173.47 USDC • 7 total findings • CodeHawks • 0x11singh99

#24

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Stealing any loan opening for auction through others' lending pool

high

Attacker can steal a loan's collateral and break the protocol

high

A pool lender can fully drain another user's pool by abusing `buyLoan`

gas

Multiple accesses of a mapping/array should use a local variable cache.

gas

CEI pattern not followed in multiple functions in Staking.sol

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

3.35 USDC • 2 total findings • CodeHawks • 0x11singh99

#91

gas

Use assembly to check for `address(0)`

gas

Use nested `if` statements instead of logical AND (`&&`)

Axelar Network

Axelar Network

19.28 USDC • Code4rena • 0x11singh99

#25

PoolTogether

PoolTogether

59.51 USDC • 1 total finding • Code4rena • 0x11singh99

#56

medium

`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

Basin

Basin

13.96 USDC • 1 total finding • Code4rena • 0x11singh99

#27

high

`WellUpgradeable` can be upgraded by anyone

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

62.33 USDC • Code4rena • 0x11singh99

#64