Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/21735bea-894f-4dc1-aa64-e6b4abb1a08d.png

0x23r0

Security Researcher

Contact Me

High

42

Total

Medium

46

Total

$7.50K

Total Earnings

#678 All Time

14x

Payouts

regular

5x

Top 10

regular

10x

Top 25

regular

13x

Top 50

All

Sherlock

Code4rena

CodeHawks

Jul '25

DeBank

DeBank

591.56 USDC • Sherlock • 0x23r0

#4

May '25

LEND

LEND

14.84 USDC • 3 total findings • Sherlock • 0x23r0

#77

high

Attacker will drain LEND tokens from CoreRouter

high

Free, Zero-Cost Cross-Chain Liquidation

medium

Collateral Check Bypass via USD vs Token Units Mismatch

Apr '25

Burve

Burve

54.68 USDC • 2 total findings • Sherlock • 0x23r0

#27

high

Fee Bypass in `ValueFacet.removeValueSingle`

high

Incorrect Netting in `E4626::commit`

Mar '25

Forte: Float128 Solidity Library

Forte: Float128 Solidity Library

49.2 USDC • 2 total findings • Code4rena • 0x23r0

#23

high

Sqrt function silently reverts the entire control flow when a packed float of 0 value is passed

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

253.26 USDC • Sherlock • 0x23r0

#5

Crestal Network

Crestal Network

2.37 USDC • 1 total finding • Sherlock • 0x23r0

#11

medium

Lack of State Validation in `submitProofOfDeployment` Allows Invalid Proof Submission and Workflow Bypass

Symmio, Staking and Vesting

Symmio, Staking and Vesting

1,156.91 USDC • 1 total finding • Sherlock • 0x23r0

#4

medium

In the `configureRewardToken` function when a token is unwhitelisted, the rewardState is not reset

Feb '25

Usual Labs

Usual Labs

3,122.93 USDC • Sherlock • 0x23r0

#8

Core Contracts

Core Contracts

1,265.09 usdc • 69 total findings • CodeHawks • 0x23r0

#11

high

Wrong amount is minted to user when they deposit into the lending pool

high

Delegation Boost Not Usable by Delegatees

high

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

high

Reward manipulation vulnerability in StabilityPool

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

high

Treasury Balance Tracking Bypass in FeeCollector

high

Attackers can double voting power and veToken amount by locking and increasing

high

Gauge Voting Misallocation Vulnerability

high

The total voting power of all veRAAC tokens is wrongly assigned

high

Interest Accrual Failure Due to Incorrect Scaling in RToken Implementation

high

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

high

Ineffective Time-Weighted Average Implementation in Fee Distribution

high

Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses

high

Voting Power Snapshot Missing

high

Stability pool does not consider RToken balance increase when DEToken is withdrawn

high

Users can lose additional collateral by depositing NFTs after grace period expiration

medium

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

medium

veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

`veRAACToken::_updateBoostState` function sets individual user voting power instead of system-wide totals

medium

User may not be able to increase the amount of locked RAAC tokens

medium

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

medium

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

medium

Emergency Withdrawal Remains Active After Cancellation

medium

Incorrect Period Transition Logic in Reward Distribution

medium

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

medium

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

medium

Incorrect reward calculations in tick function

medium

Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.

medium

RAACToken burns less tokens than expected when feeCollector is unset

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

medium

balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be

medium

Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In

medium

The earned yield from the Curve vault can never be utilized when withdrawing or borrowing

medium

Emergency Withdrawals in `FeeCollector` will break Fee Distribution Logic

medium

Inconsistent Fee Collector Address Validation in RAACMinter: Denial of Service for Disabling Fee Collection

medium

When the prime rate is updated by the oracle, the values of the sub-rates are not ajdusted accordingly, which can cause loss of assets for borrowers

medium

Unnecessary Vault Withdrawals Due to Unchecked User Withdrawal Amounts

low

Canceled vote still get voted on and accumulate voting power in Goverance.sol

low

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

low

Unauthorized Vote Casting Vulnerability

low

Impossible to rescue funds from `RToken` contract

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

low

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

Missing Check for Gauge Activation Status in vote :: GaugeController.sol

low

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

low

Lack of incentives for users to call LendingPool::initiateLiquidation allows extensive delay between when health factor dropped below threshold and when grace period starts

low

Auction Price Calculation Fails to Reach Reserve Price Due to Integer Division Truncation

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • 0x23r0

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

0.89 USDC • 1 total finding • Code4rena • 0x23r0

#17

medium

Ineffective proposal threshold validation allows setting arbitrary high values

Part 2

Part 2

113.90 usdc • 2 total findings • CodeHawks • 0x23r0

#42

high

Underflow when updating credit delegation will result protocol DoS

low

ZlpVault Does Not Fully Implement ERC-4626

Plaza Finance

Plaza Finance

794.40 USDC • 9 total findings • Sherlock • 0x23r0

#16

high

Malicious User Can Inflate Rewards, Depleting the Pool for Honest Users.

high

`Pool::transferReserveToAuction` Will Always Revert Due to Incorrect Period

high

Market Rate Calculation Error in LEVERAGE Token Redemption

high

Incorrect Calculation of Token Creation and Redemption Rates Due to BondOracleAdapter

medium

Malicious User Can Grief an Auction by Manipulating Pool Reserves

medium

Unable to Remove Bid Due to USDC Blacklist

medium

The `PreDeposit._deposit()` Logic Will Lock User `BPT` Token Funds in the BalancerRouter

medium

Inaccurate Share Calculations Due to Inclusion of Failed Auctions

medium

Incorrect Precision Adjustment in Token Rate Calculations

Dec '24

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

80.97 OP • 9 total findings • Sherlock • 0x23r0

#27

high

Incorrect Ether Recipient in Liquidation

high

Updating the `downsideProtected` in the CDS Contract Lacks Access Control

high

Complete loss of USDT funds from the Treasury contract

high

Borrower-Set Strike Price Mechanism Can Lead to Collateral Losses for Users Under Volatile Market Conditions

medium

Loss of User Funds Due to Incorrect LZ Fee Handling in Borrowing and CDS Contracts

medium

The `liquidationType1` function in the borrowLiquidation contract reverts unexpectedly when calculating the yields

medium

`liquidationType2` Requires Admin to Fund Liquidations

medium

Inability to Withdraw ETH/tokens in BorrowLiquidation Contract if `closeThePositionInSynthetix` is Called

medium

Logical Vulnerability in deposit and withdraw Functions of Treasury contract that Allowing Manipulation of `noOfBorrowers` State