https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/45ea29c4-55bf-4219-a6f4-7950ae962ac3.jpg

0xAnmol

Security Researcher

Building in web 3

Contact Me

High

32

Total

Medium

43

Total

$38.72K

Total Earnings

#272 All Time

25x

Payouts

regular

6x

Top 10

regular

15x

Top 25

regular

18x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Mar '26

Audit Comp | Folks Finance: Staking Contracts

Audit Comp | Folks Finance: Staking Contracts

340 USDC • 1 total finding • Immunefi • OxAnmol

#38

medium

Finding not yet public.

Intuition

Intuition

340.67 USDC • 1 total finding • Code4rena • 0xanmol

#4

medium

Epoch-boundary checkpoints retroactively qualify for the previous epoch's rewards

Nov '25

Mento-V3

Mento-V3

256.78 USDC • 1 total finding • Cantina • Slayer-Security-Mento

#7

medium

Finding not yet public.

Mar '25

Audit Comp | Yeet

Audit Comp | Yeet

218 USDC • 2 total findings • Immunefi • OxAnmol

#11

high

Finding not yet public.

medium

Finding not yet public.

Feb '25

velvet-v4

velvet-v4

4,647.69 USDC • 5 total findings • Cantina • Slayer-Security-Velvet

#5

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Core Contracts

Core Contracts

313.86 usdc • 18 total findings • CodeHawks • SlayerSecurity

#73

high

Reward manipulation vulnerability in StabilityPool

high

Users can borrow more assets than they have deposited as collateral

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

high

Boost Miscalculation Leads to Excess Distribution

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

medium

Gauge reward period can be extended indefinitely

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

Using balanceOf Instead of Voting Power

medium

Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing

medium

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

medium

No check for sequencer uptime can lead to Zeno auctions being executed at lower prices or may result in incomplete auctions

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

medium

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

medium

Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.

Jan '25

infrared-contracts

infrared-contracts

12,157.11 USDC • 3 total findings • Cantina • Slayer-Security

#6

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '24

Audit Comp | Lombard

Audit Comp | Lombard

130 USDC • 1 total finding • Immunefi • OxAnmol

#13

low

Finding not yet public.

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

160.07 USDC • 2 total findings • Sherlock • 0xAnmol

#19

medium

No slippage check in `sellVotes` can cause users to receive less ETH than expected.

medium

Users can unvouch during the 24-hour evaluation period.

Sep '24

uniswap-v4

uniswap-v4

8,628.45 USDC • Cantina • SmartShield-Sec-6212

#13

Aug '24

zetachain-protocol

zetachain-protocol

2,135.59 USDC • 4 total findings • Cantina • WinSec

#17

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jul '24

Audit Comp | Folks Finance

Audit Comp | Folks Finance

688 USDC • 6 total findings • Immunefi • OxAnmol

#20

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

550.37 USDC • 5 total findings • Sherlock • 0xAnmol

#10

high

Double voting is possible if the user withdraws and reopens a position within the voting duration.

medium

`harvestPositionTo` should always send rewards to owner of NFT.

medium

Loss of reward if `emergencyWithdraw` is called

medium

Malicious users can exploit the bribe mechanism by awarding worthless tokens as a bribe and reaching the max bribe limit.

medium

`BribeRewarder` will not handle fee-on-transfer tokens

Jun '24

Size

Size

13.76 USDC • 2 total findings • Code4rena • 0xanmol

#53

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Apr '24

Audit Comp | Alchemix

Audit Comp | Alchemix

7,364 USDC • 5 total findings • Immunefi • OxAnmol

#6

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Teller Finance

Teller Finance

153.13 USDC • 5 total findings • Sherlock • 0xAnmol

#21

high

Rewards in `LenderCommitmentGroup_Smart` is sandwichable.

high

The return value of arbitrary ERC20 tokens transfers is not checked.

high

The liquidator will not receive the collateral after liquidation.

medium

`LenderCommitmentGroup_smart` does not support Fee on Transfer tokens

medium

`OwnableUpgradeable` is not initialized in `LenderCommitmentGroup_Smart`

Zivoe

Zivoe

50.15 USDC • 4 total findings • Sherlock • 0xAnmol

#46

high

Double counting of the vote is possible in `ZivoeRewardVesting:revokeVestingSchedule` breaking the protocol core invariant.

high

Incorrect Accounting of `_totalSupply` and `_totalSupplyCheckpoints` in `zivoeStakingRewards:revokeVestingSchedule` can cause DOS.

high

Malicious actor can call `ZivoeRewards:depositReward` with 1 wei many times increase the reward’s `periodFinish` making the contract unusable..

medium

`OCL_ZVE:pushToLockerMulti ` will likely revert because of allowance check.

Jan '24

Salty.IO

Salty.IO

49.93 USDC • 4 total findings • Code4rena • 0xanmol

#89

high

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

medium

Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.

Dec '23

The Standard

The Standard

0.00 USDC • 1 total finding • CodeHawks • 0xanmol

#105

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Ethereum Credit Guild

Ethereum Credit Guild

66.42 USDC • 2 total findings • Code4rena • 0xanmol

#72

medium

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

medium

Malicious borrower can decrease Guild holders reward

Oct '23

Steadefi

Steadefi

238.22 USDC • 4 total findings • CodeHawks • 0xanmol

#20

medium

The protocol will mint unnecessary fees if the vault is paused and reopened later.

medium

Wrong hardcoded PnL factor is used in all GMXVault add liquidity operations

low

Unhandled DoS when access to Chainlik oracle is blocked

low

`processDeposit()` can cause a DoS if equityAfter is 0 and equityBefore > 0.

Sep '23

DittoETH

DittoETH

5.78 USDC • 1 total finding • CodeHawks • 0xanmol

#54

low

Loss of precision in `twapPriceInEther` due to division before multiplication

Ondo Finance

Ondo Finance

7.08 USDC • Code4rena • 0xanmol

#32

Aug '23

Sparkn

Sparkn

5.30 USDC • 2 total findings • CodeHawks • 0xanmol

#75

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Centralization Risk for trusted organizers

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

198.82 USDC • 8 total findings • CodeHawks • 0xanmol

#19

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Using forged/fake lending pools to steal any loan opening for auction

high

Fee on transfer tokens will cause users to lose funds

high

update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards

high

Rewards can be sabotaged by large deposit and withdraw

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

gas

Floating pragma in all contracts

gas

Misspelled event in `Lender.sol`