https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/01b7faf7-cc55-4536-ab79-1903a1e2c34c.jpg

0xMAKEOUTHILL

Security Researcher

For pay-per-vuln private audits - DM 📝

Contact Me

High

10

Total

Medium

7

Total

$2.19K

Total Earnings

#995 All Time

12x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

Jun '24

Vultisig

Vultisig

6.78 USDC • 1 total finding • Code4rena • 0xMAKEOUTHILL

#31

high

Vultisig whitelisting can be bypassed by anyone

Jan '24

LooksRare YOLO

LooksRare YOLO

104.78 USDC • 2 total findings • Sherlock • 0xMAKEOUTHILL

#5

high

User can get free entries to rounds

medium

A ready to be withdrawn round can be forcefully extended by a single user

Curves

Curves

5.09 USDC • 4 total findings • Code4rena • 0xMAKEOUTHILL

#102

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

onBalanceChange causes previously unclaimed rewards to be cleared

Oct '23

NextGen

NextGen

5.49 USDC • 2 total findings • Code4rena • 0xMAKEOUTHILL

#99

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Real Wagmi #2

Real Wagmi #2

257.41 USDC • 1 total finding • Sherlock • 0xMAKEOUTHILL

#14

high

Whenever a user wants to `takeOverDebt` will never work

Sep '23

Allo V2

Allo V2

2.50 USDC • 2 total findings • Sherlock • 0xMAKEOUTHILL

#65

high

Approved allocator can send as many votes as he wants to an accepted recipient

medium

Registering a recipient for a RFPSimpleStrategy while useRegistryAnchor is true will always revert

Aug '23

Cooler Update

Cooler Update

170.90 USDC • 1 total finding • Sherlock • 0xMAKEOUTHILL

#13

high

Lender can lose funds after lending debt token

Tangible Caviar

Tangible Caviar

0.72 USDC • Code4rena • 0xMAKEOUTHILL

#86

Jul '23

Tokensoft

Tokensoft

1,627.94 USDC • 1 total finding • Sherlock • 0xMAKEOUTHILL

bronze

medium

Loss of funds during user adjusting

Jun '23

Lybra Finance

Lybra Finance

1.32 USDC • 1 total finding • Code4rena • 0xMAKEOUTHILL

#85

medium

Incorrect function call in LybraRETHVault's getAssetPrice

May '23

Iron Bank

Iron Bank

0.03 USDC • 1 total finding • Sherlock • 0xMAKEOUTHILL

#24

medium

No checks if an Arbitrum L2 sequencer is down

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

2.59 USDC • 1 total finding • Code4rena • 0xMAKEOUTHILL

#84

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts