https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/45ea29c4-55bf-4219-a6f4-7950ae962ac3.jpg

0xAnmol

Security Researcher

Building in web 3

Contact Me

High

16

Total

Medium

18

Total

$1.50K

Total Earnings

#1109 All Time

13x

Payouts

regular

1x

Top 10

regular

5x

Top 25

regular

7x

Top 50

All

Sherlock

Code4rena

CodeHawks

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

160.07 USDC • 2 total findings • Sherlock • 0xAnmol

#19

medium

No slippage check in `sellVotes` can cause users to receive less ETH than expected.

medium

Users can unvouch during the 24-hour evaluation period.

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

550.37 USDC • 5 total findings • Sherlock • 0xAnmol

#10

high

Double voting is possible if the user withdraws and reopens a position within the voting duration.

medium

`harvestPositionTo` should always send rewards to owner of NFT.

medium

Loss of reward if `emergencyWithdraw` is called

medium

Malicious users can exploit the bribe mechanism by awarding worthless tokens as a bribe and reaching the max bribe limit.

medium

`BribeRewarder` will not handle fee-on-transfer tokens

Jun '24

Size

Size

13.76 USDC • 2 total findings • Code4rena • 0xanmol

#53

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Apr '24

Teller Finance

Teller Finance

153.13 USDC • 5 total findings • Sherlock • 0xAnmol

#21

high

Rewards in `LenderCommitmentGroup_Smart` is sandwichable.

high

The return value of arbitrary ERC20 tokens transfers is not checked.

high

The liquidator will not receive the collateral after liquidation.

medium

`LenderCommitmentGroup_smart` does not support Fee on Transfer tokens

medium

`OwnableUpgradeable` is not initialized in `LenderCommitmentGroup_Smart`

Zivoe

Zivoe

50.15 USDC • 4 total findings • Sherlock • 0xAnmol

#46

high

Double counting of the vote is possible in `ZivoeRewardVesting:revokeVestingSchedule` breaking the protocol core invariant.

high

Incorrect Accounting of `_totalSupply` and `_totalSupplyCheckpoints` in `zivoeStakingRewards:revokeVestingSchedule` can cause DOS.

high

Malicious actor can call `ZivoeRewards:depositReward` with 1 wei many times increase the reward’s `periodFinish` making the contract unusable..

medium

`OCL_ZVE:pushToLockerMulti ` will likely revert because of allowance check.

Jan '24

Salty.IO

Salty.IO

49.93 USDC • 4 total findings • Code4rena • 0xanmol

#90

high

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

medium

Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.

Dec '23

The Standard

The Standard

0.00 USDC • 1 total finding • CodeHawks • 0xanmol

#105

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Ethereum Credit Guild

Ethereum Credit Guild

66.42 USDC • 2 total findings • Code4rena • 0xanmol

#72

medium

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

medium

Malicious borrower can decrease Guild holders reward

Oct '23

Steadefi

Steadefi

238.22 USDC • 4 total findings • CodeHawks • 0xanmol

#20

medium

The protocol will mint unnecessary fees if the vault is paused and reopened later.

medium

Wrong hardcoded PnL factor is used in all GMXVault add liquidity operations

low

Unhandled DoS when access to Chainlik oracle is blocked

low

`processDeposit()` can cause a DoS if equityAfter is 0 and equityBefore > 0.

Sep '23

DittoETH

DittoETH

5.78 USDC • 1 total finding • CodeHawks • 0xanmol

#54

low

Loss of precision in `twapPriceInEther` due to division before multiplication

Ondo Finance

Ondo Finance

7.08 USDC • Code4rena • 0xanmol

#32

Aug '23

Sparkn

Sparkn

5.30 USDC • 2 total findings • CodeHawks • 0xanmol

#75

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Centralization Risk for trusted organizers

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

198.82 USDC • 8 total findings • CodeHawks • 0xanmol

#19

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Using forged/fake lending pools to steal any loan opening for auction

high

Fee on transfer tokens will cause users to lose funds

high

update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards

high

Rewards can be sabotaged by large deposit and withdraw

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

gas

Floating pragma in all contracts

gas

Misspelled event in `Lender.sol`