https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/28ef4d6d-b724-4fdb-9fc2-376b1e54df7f.png

0xBinChook

Security Researcher

Rummaging through the quagmire known as Web3, securing it the common good

Contact Me

High

Total

Medium

Total

$3.24K

Total Earnings

#927 All Time

4x

Payouts

1x

1st Places

1x

Top 10

1x

Top 25

All

Code4rena

CodeHawks

Jun '24

eBTC Zap Router

2,995.69 USDC • 1 total finding • Code4rena • 0xBinChook

medium

Staking ETH incorrectly assumes revert bubbling

Feb '24

AI Arena

75.3 USDC • 4 total findings • Code4rena • 0xBinChook

#66

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

Salty.IO

168.77 USDC • 3 total findings • Code4rena • 0xBinChook

#55

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

No proposal time limit traps sponsors of unpopular proposals

medium

SALT staker can get extra voting power by simply unstaking their xSALT

Dec '23

The Standard

1.28 USDC • 2 total findings • CodeHawks • 0xBinChook

#88

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

medium

Fees are hardcoded to 3000 in ExactInputSingleParams