https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

0xDarko

Security Researcher

High

11

Total

Medium

14

Total

$784.00

Total Earnings

#1402 All Time

6x

Payouts

regular

3x

Top 25

regular

4x

Top 50

All

Sherlock

Code4rena

CodeHawks

Mar '25

Crestal Network

Crestal Network

2.37 USDC • 1 total finding • Sherlock • 0xDarko

#11

medium

Unauthorized Worker Assignment In `BlueprintCore` Leads to Deployment Denial of Service

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • 0xDarko

#18

medium

Missing Access Control in `SymmStaking::notifyRewardAmount` Allows Any User to Dilute Reward Rates and Extend Staking Periods

Feb '25

Core Contracts

Core Contracts

119.66 usdc • 20 total findings • CodeHawks • 0xdarko

#126

high

Users can borrow more assets than they have deposited as collateral

high

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Incorrect Debt Scaling Leading to Protocol Solvency Risk

high

Ineffective Time-Weighted Average Implementation in Fee Distribution

high

Gauge stakers won't get any reward due to round-down in user weight calculation

medium

Missing Vote Frequency Control in GaugeController

medium

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

medium

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

medium

There is no logic checking for RAACNFT price staleness before minting it

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Inconsistent Scaling in RToken Transfer Functions

medium

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

medium

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

low

Canceled vote still get voted on and accumulate voting power in Goverance.sol

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

`DebtToken::burn`'s Return Values are wrong

low

Incorrect Timestamp Tracking in RAACHousePrice contract

low

Missing Check for Gauge Activation Status in vote :: GaugeController.sol

low

Missing Validation for Minimum Vote Weight in `vote` Function

Jan '25

Part 2

Part 2

462.32 usdc • 5 total findings • CodeHawks • 0xdarko

#25

high

Underflow when updating credit delegation will result protocol DoS

medium

`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error

medium

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

medium

No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions

low

`initiateSwap` allows users to initiate swap even when the vault is paused

Aug '24

Tadle

Tadle

3.89 USDC • 3 total findings • CodeHawks • 0xdarko

#129

high

TokenManager - Unlimited withdraw

high

Token withdrawal fails until someone manually approves spending

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Jul '24

TraitForge

TraitForge

196.34 USDC • 3 total findings • Code4rena • 0xDarko

#27

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

Incorrect Percentage Calculation in NukeFund and EntityForging when `taxCut` is Changed from Default Value

medium

Pause and unpause functions are inaccessible