https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

0x37

Security Researcher

Contact Me

High

41

Total

Medium

2

Solo

34

Total

$23.14K

Total Earnings

#326 All Time

10x

Payouts

gold

1x

1st Places

silver

2x

2nd Places

regular

8x

Top 10

All

Sherlock

Blackthorn

May '25

Index.Fun Beta Smart Contract Security Audit – Q2 2025

Index.Fun Beta Smart Contract Security Audit – Q2 2025

Collaborative Audit • Sherlock • 0x37

Apr '25

Axion Update

Axion Update

Collaborative Audit • Sherlock • 0x37

Mar '25

WrappedM token V2

WrappedM token V2

Collaborative Audit • Blackthorn • 0x37

Jan '25

Aave v3.3

Aave v3.3

5,423.33 USDC • Sherlock • 0x37

#10

FlatMoney v2 Update

FlatMoney v2 Update

2,426.15 USDC • Sherlock • 0x37

#4

Findings not publicly available for private contests.

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

25.72 OP • 5 total findings • Sherlock • 0x37

#22

high

Malicious users can drain funds

high

Malicious users can steal funds from contracts

high

Order performers can drain funds from contracts

high

Malicious users can steal other users' funds via approval.

medium

Cancel order can be dos in OracleLess

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

3,079.01 OP • 34 total findings • Sherlock • 0x37

silver

high

Missing lastEventTime update in liquidate()

high

Incorrect liqIndex in sendForLiquidation function

high

Option expiry time does not work

high

odosAssembledData can be manipulated

high

Borrowers can earn more profit via manipulating the strikePrice

high

downsideProtected does not work for borrowers

high

Abond holders can lose their liquidation gain

high

Missing totalAvailableLiquidationAmount update when cds owner withdraw.

high

Lack of access control for function updateDownsideProtected()

high

USDT token can be drain via manipulating the usdt/usda price

high

cds owners can withdraw more than expected via manipulating excessProfitCumulativeValue

high

Lack of lastEthPrice sync between different chains

high

Missing usdaCollectedFromCdsWithdraw update in withdrawUserWhoNotOptedForLiq

high

Incorrect usdaToTransfer calculation when cds owners withdraw

high

Incorrect deducted cds deposit amount in withdrawUser

high

Liquidated position by liquidation type 2 can be withdrawn

high

Some liquidated collateral will be locked

high

Possible failure to sync global data

medium

Borrowers can manipulate volatility to pay less option fees

medium

Borrowers will get more normalizedAmount than expected.

medium

Lack of Ether refund to users

medium

Borrowers can pay less borrow interest because of `lastEventTime` early update in _withdraw

medium

Liquidation may be reverted when LTV is high

medium

Missing lastEthprice update in depositTokens

medium

Incorrect totalVolumeOfBorrowersAmountinWei update in withdraw()

medium

Lack of transfer Ether from the treasury to borrowLiquidation

medium

Non-functional wrapper in BorrowLiquidation

medium

Incorrect margin calculation in liquidationType2

medium

Incorrect short position sizeDelta calculation

medium

sUSD will be locked in the borrowLiquidation

medium

One part of protocol profit will be locked in the treasury

medium

cds owners may fail to withdraw

medium

Lack of access control for executeSetterFunction function.

medium

Missing cds deposit amount in swapCollateralForUSDT

Nov '24

Debita Finance V3

Debita Finance V3

1,749.26 USDC • 14 total findings • Sherlock • 0x37

#5

high

Auction can not work well with TaxTokensReceipt because of TaxTokensReceipt's transfer limitation

high

BuyOrder can not work well with TaxTokensReceipt

high

wantedToken NFT will be locked in buyOrder

medium

Incentivized token may be locked in the DebitaIncentive contract

medium

Lenders or borrowers may lose their expected bribe rewards

medium

Lend offer can be deleted multiple times

medium

Lend offer can be deleted multiple times

medium

Borrowers need to pay more interest than expected because of precision loss

medium

Lenders may lose some interest when borrowers extend their loan.

medium

Borrowers may fail to extend their loan in some cases.

medium

Incorrect feeOfMaxDeadline calculation in extendLoan

medium

Borrowers may fail to extend loans because of the incorrect minFEE

medium

Lenders or borrowers may fail to claim collateral after the auction is finished

medium

buyOrder can be deleted twice

Oct '24

Usual V1

Usual V1

4,367.29 USDC • 2 total findings • Sherlock • 0x37

gold

high

Lack of update rewards in removeOriginalAllocation

high

Incorrect withdraw fee calculation in withdraw

Ethos Network Social Contracts

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • 0x37

#6

medium

Compromised address can still invite users and do some key operations

AXION

AXION

1,714.77 USDC • 5 total findings • Sherlock • 0x37

silver

high

Improper liquidity calculation in V3AMO's _addLiquidity()

high

Improper price check can cause _unfarmBuyBurn dos

high

Not compatible getReward with Aerodrome

medium

Improper calculation order cause the serious precision loss

medium

Approval operation will be reverted if usd token is USDT in Ethereum

Sep '24

Flayer

Flayer

1,170.75 USDC • 12 total findings • Sherlock • 0x37

#14

high

Lack of delete `_listings[_collection][_tokenId]` in reserve

high

Incorrect index return in _createCheckpoint

high

Users may lose their ERC721 token if they unlockProtectedListing token with _withdraw = false

high

users can sandwich rewards because of unused donateThresholdMax

high

The initial liquidity provider will lose their position

high

Incorrect compound factor calculation

high

Missing update `_isLiquidation` in relist

high

The liquidation list owner may receive some tax refund

high

Borrowers can avoid paying borrowing interest via adjustPosition

high

Users' voting token in CollectionShutdown will be locked when we cancel this shutdown flow

medium

Refund does not work in initializeCollection

medium

Fail to start one shut down flow if the collection was shut down before.

Aug '24

Velar Artha PerpDEX

Velar Artha PerpDEX

3,143.31 USDC • 2 total findings • Sherlock • 0x37

#4

high

Traders may decrease their trading loss via mint/burn

medium

Penalized funding received token will be locked in the contract

Dec '23

Usual Labs

Usual Labs

Collaborative Audit • Blackthorn • 0x37