https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_5.png

0x486776

Security Researcher

Contact Me

High

1

Solo

14

Total

Medium

9

Total

$3.38K

Total Earnings

#857 All Time

11x

Payouts

regular

1x

Top 10

regular

5x

Top 25

regular

8x

Top 50

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

67.36 USDC • Sherlock • 0x486776

#19

Jan '25

Aave v3.3

Aave v3.3

537.80 USDC • Sherlock • 0x486776

#43

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.50 OP • 3 total findings • Sherlock • 0x486776

#59

high

Attackers can override others' orders by generating the same `orderId`.

high

When an order is canceled, its information remains intact.

medium

PythOracle will provide outdated prices.

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

72.48 USDC • 2 total findings • Sherlock • 0x486776

#25

high

In the `ReputationMarket.sellVotes()` function, `protocolFee` should also be deducted from `marketFunds` because `protocolFee` is already sent.

high

Buyers pay more fees unfairly when buying votes.

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

211.09 USDC • Sherlock • 0x486776

#18

Telcoin Update #2

Telcoin Update #2

148.23 USDC • Sherlock • 0x486776

#16

Jul '24

MakerDAO Endgame

MakerDAO Endgame

897.84 USDC • Sherlock • 0x486776

#62

May '24

Elfi

Elfi

1,088.16 USDC • 4 total findings • Sherlock • 0x486776

#5

high

Improper implementation of the `PositionMarginProcess.updatePositionFromBalanceMargin()` function.

medium

Incorrect `collateralUserCap` check in the `AssetsProcess.deposit()` function.

medium

No modifications to the `CommonData` while updating the position margin.

medium

The `AccountFacet` contract lacks a gas refund mechanism for the keeper.

Apr '24

NOYA

NOYA

21.33 USDC + NOYA stars • 2 total findings • Code4rena • 0x486776

#80

high

`AccountingManager::resetMiddle` will not behave as expected

medium

Withdrawals in AccountManager are prone to DOS attacks.

TITLES Publishing Protocol

TITLES Publishing Protocol

8.36 USDC • 4 total findings • Sherlock • 0x486776

#43

high

`Edition::mintBatch` receives less money than it should.

high

`FeeManager::_splitProtocolFee` doesn't send the `collectionReferrerShare` to the correct referrer.

medium

`Edition::mintBatch` is always reverted.

medium

`Edition::_refundExcess` doesn't refund to the buyers.

DYAD

DYAD

323.25 USDC • 8 total findings • Code4rena • 0x486776

#36

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

medium

No incentive to liquidate when CR <= 1 as asset received < dyad burned