https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/08c3db71-5f40-43fb-abe0-8a640336c3bc.jpg

0xDetermination

Security Researcher

Multiple top 3 in Web3 Security contests || Whitehat @Immunefi || DMs open for private audits on X/Twitter @0xDetermination 📩

Contact Me

High

13

Total

Medium

3

Solo

9

Total

$21.22K

Total Earnings

#354 All Time

9x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Feb '24

Real Wagmi #2 Update

Real Wagmi #2 Update

13,461.53 USDC • 3 total findings • Sherlock • 0xDetermination

gold

high

Fees aren't distributed properly for positions with multiple lenders, causing loss of funds for lenders

medium

Entrance fees are distributed wrongly in loans with multiple lenders

medium

A borrower eligible for liquidation can pay an improperly large amount of fees, and may be unfairly liquidated

AI Arena

AI Arena

681.67 USDC • 8 total findings • Code4rena • 0xDetermination

#7

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Can mint NFT with the desired attributes by reverting transaction

medium

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element

Nov '23

Convergence

Convergence

1,359.98 USDC • 1 total finding • Sherlock • 0xDetermination

#8

high

GaugeController: Reducing gauge weight via change_gauge_weight() can lead to permanent DoS of all non-view functions related to a gauge, trapping user voting power and DoSing rewarding in the CvgRewards contract

Oct '23

NextGen

NextGen

2.77 USDC • 2 total findings • Code4rena • 0xDetermination

#102

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Real Wagmi #2

Real Wagmi #2

1,624.16 USDC • 1 total finding • Sherlock • 0xDetermination

bronze

medium

DoS of lenders and gas griefing by packing tokenIdToBorrowingKeys arrays

Brahma

Brahma

14.47 USDC • Code4rena • 0xDetermination

#14

Sep '23

Venus Prime

Venus Prime

1,161.45 USDC • 4 total findings • Code4rena • 0xDetermination

silver

high

Incorrect decimal usage in score calculation leads to reduced user reward earnings

high

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

medium

DoS and gas griefing of calls to Prime.updateScores()

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

371.21 USDC • Code4rena • 0xDetermination

#44

veRWA

veRWA

2,539.35 USDC • 3 total findings • Code4rena • 0xDetermination

#4

high

It is possible to DoS all the functions related to some gauge in `GaugeController`

high

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

high

If governance removes a gauge, user's voting power for that gauge will be lost.