0x23r0

Security Researcher

Contact Me

High

Total

Medium

Total

$5.63K

Total Earnings

#717 All Time

11x

Payouts

4x

Top 10

8x

Top 25

11x

Top 50

All

Sherlock

Code4rena

CodeHawks

Apr '25

Burve

54.68 USDC • 2 total findings • Sherlock • 0x23r0

#27

high

Fee Bypass in `ValueFacet.removeValueSingle`

high

Incorrect Netting in `E4626::commit`

Mar '25

Forte: Float128 Solidity Library

49.2 USDC • 2 total findings • Code4rena • 0x23r0

#23

high

Sqrt function silently reverts the entire control flow when a packed float of 0 value is passed

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

PinLink: RWA-Tokenized DePIN Marketplace

253.26 USDC • Sherlock • 0x23r0

Crestal Network

2.37 USDC • 1 total finding • Sherlock • 0x23r0

#11

medium

Lack of State Validation in `submitProofOfDeployment` Allows Invalid Proof Submission and Workflow Bypass

Symmio, Staking and Vesting

1,156.91 USDC • 1 total finding • Sherlock • 0x23r0

medium

In the `configureRewardToken` function when a token is unwhitelisted, the rewardState is not reset

Feb '25

Usual Labs

3,122.93 USDC • Sherlock • 0x23r0

Jan '25

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • 0x23r0

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

0.89 USDC • 1 total finding • Code4rena • 0x23r0

#17

medium

Ineffective proposal threshold validation allows setting arbitrary high values

Part 2

113.90 usdc • 2 total findings • CodeHawks • 0x23r0

#42

high

Underflow when updating credit delegation will result protocol DoS

low

ZlpVault Does Not Fully Implement ERC-4626

Plaza Finance

794.40 USDC • 9 total findings • Sherlock • 0x23r0

#16

high

Malicious User Can Inflate Rewards, Depleting the Pool for Honest Users.

high

`Pool::transferReserveToAuction` Will Always Revert Due to Incorrect Period

high

Market Rate Calculation Error in LEVERAGE Token Redemption

high

Incorrect Calculation of Token Creation and Redemption Rates Due to BondOracleAdapter

medium

Malicious User Can Grief an Auction by Manipulating Pool Reserves

medium

Unable to Remove Bid Due to USDC Blacklist

medium

The `PreDeposit._deposit()` Logic Will Lock User `BPT` Token Funds in the BalancerRouter

medium

Inaccurate Share Calculations Due to Inclusion of Failed Auctions

medium

Incorrect Precision Adjustment in Token Rate Calculations

Dec '24

Autonomint Colored Dollar V1

80.97 OP • 9 total findings • Sherlock • 0x23r0

#27

high

Incorrect Ether Recipient in Liquidation

high

Updating the `downsideProtected` in the CDS Contract Lacks Access Control

high

Complete loss of USDT funds from the Treasury contract

high

Borrower-Set Strike Price Mechanism Can Lead to Collateral Losses for Users Under Volatile Market Conditions

medium

Loss of User Funds Due to Incorrect LZ Fee Handling in Borrowing and CDS Contracts

medium

The `liquidationType1` function in the borrowLiquidation contract reverts unexpectedly when calculating the yields

medium

`liquidationType2` Requires Admin to Fund Liquidations

medium

Inability to Withdraw ETH/tokens in BorrowLiquidation Contract if `closeThePositionInSynthetix` is Called

medium

Logical Vulnerability in deposit and withdraw Functions of Treasury contract that Allowing Manipulation of `noOfBorrowers` State