Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/13526f66-5315-42a6-8175-d2f97a88a16f.jpg

0xNazgul

Security Researcher

FIRST UNIVERSAL CYBERNETIC-KINETIC ULTRA-MICRO PROGRAMMER @OpenZeppelin

Contact Me

High

7

Total

Medium

23

Total

$24.85K

Total Earnings

#369 All Time

87x

Payouts

bronze

1x

3rd Places

regular

8x

Top 10

regular

33x

Top 25

All

Sherlock

Code4rena

Jul '24

Velocimeter

Velocimeter

13.20 USDC • 2 total findings • Sherlock • 0xNazgul

#51

high

Claimable gauge distributions are locked when `pauseGauge` is called

medium

First liquidity provider of a stable pair can DOS the pool

Jan '23

Popcorn contest

Popcorn contest

2,246.26 USDC • 5 total findings • Code4rena • 0xNazgul

#6

high

First vault depositor can steal other's assets

high

Staking rewards can be drained

medium

Fee on transfer token not supported

medium

[NAZ-M1] Vault Fees Can Total To More Than `1e18`

medium

[NAZ-M2] Unchecked return of `execute()`

Reserve contest

Reserve contest

121.59 USDC • Code4rena • 0xNazgul

#26

UXD Protocol

UXD Protocol

1,453.53 USDC • 2 total findings • Sherlock • 0xNazgul

#9

high

[NAZ-H1] Any Account That Has `PerpDepository.sol` Approved as Spender of `quoteToken` Can be Forced To Pay Shortfall

high

[NAZ-M7] `DnGmxSeniorVault.sol` Has a `maxUtilizationBps` Cap on Withdraws But `RageDnDepository.sol` Has No Soft Cap For This

Dec '22

GoGoPool contest

GoGoPool contest

35.35 USDC • Code4rena • 0xNazgul

#72

Tigris Trade contest

Tigris Trade contest

207.5 USDC • 2 total findings • Code4rena • 0xNazgul

#40

medium

Must approve 0 first

medium

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

prePO contest

prePO contest

28.12 USDC • Code4rena • 0xNazgul

#31

Escher contest

Escher contest

320.32 USDC • 1 total finding • Code4rena • 0xNazgul

#18

medium

Escher721 contract does not have setTokenRoyalty function

Nov '22

ParaSpace contest

ParaSpace contest

923.33 USDC • Code4rena • 0xNazgul

#24

Redacted Cartel contest

Redacted Cartel contest

53.49 USDC • Code4rena • 0xNazgul

#46

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

475.56 USDC • Code4rena • 0xNazgul

#28

Blur Exchange contest

Blur Exchange contest

42.55 USDC • Code4rena • 0xNazgul

#29

DODO

DODO

62.49 USDC • 1 total finding • Sherlock • 0xNazgul

#6

medium

[NAZ-M2] Usage of deprecated `transfer()` can result in revert.

Debt DAO contest

Debt DAO contest

61.35 USDC • Code4rena • 0xNazgul

#50

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • 0xNazgul

#29

Inverse Finance contest

Inverse Finance contest

37.11 USDC • 1 total finding • Code4rena • 0xNazgul

#41

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Astaria

Astaria

63.28 USDC • 2 total findings • Sherlock • 0xNazgul

#28

medium

[NAZ-M1] First ERC4626 vault deposit exploit can break share calculation

medium

[NAZ-M2] Incorrect Logic Comparison

Holograph contest

Holograph contest

549.04 USDC • Code4rena • 0xNazgul

#18

3xcalibur contest

3xcalibur contest

2,247.23 USDC • Code4rena • 0xNazgul

#4

Juicebox contest

Juicebox contest

37.88 USDC • Code4rena • 0xNazgul

#17

The Graph L2 bridge contest

The Graph L2 bridge contest

71.07 USDC • Code4rena • 0xNazgul

#14

Blur Exchange contest

Blur Exchange contest

83.13 USDC • Code4rena • 0xNazgul

#21

Sep '22

Knox Finance

Knox Finance

3,047.92 USDC • 2 total findings • Sherlock • 0xNazgul

#8

high

[NAZ-M6] Unbounded loop in `_previewWithdraw() && _redeemMax()` Can Lead To DoS

medium

[NAZ-M2] Lack of Price Freshness Check In `_latestAnswer64x64()` Allows A Stale Price To Be Used

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

586.05 USDC • Code4rena • 0xNazgul

#12

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

96.07 USDC • Code4rena • 0xNazgul

#29

VTVL contest

VTVL contest

60.12 USDC • 1 total finding • Code4rena • 0xNazgul

#44

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

Art Gobblers contest

Art Gobblers contest

123.86 USDC • Code4rena • 0xNazgul

#18

Harpie

Harpie

170.22 USDC • 2 total findings • Sherlock • 0xNazgul

#11

medium

[NAZ-H1] ECDSA Signature Malleability

medium

[NAZ-M1] Using `transferFrom` On ERC721 Tokens

Y2k Finance contest

Y2k Finance contest

175.3 USDC • 1 total finding • Code4rena • 0xNazgul

#31

high

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

PartyDAO contest

PartyDAO contest

198.1 USDC • Code4rena • 0xNazgul

#22

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.81 USDC • Code4rena • 0xNazgul

#11

Canto Dex Oracle contest

Canto Dex Oracle contest

146.62 CANTO • Code4rena • 0xNazgul

#10

Nouns Builder contest

Nouns Builder contest

90.77 USDC • Code4rena • 0xNazgul

#89

Aug '22

Sentiment

Sentiment

3.50 USDC • 1 total finding • Sherlock • 0xNazgul

#26

medium

[NAZ-M4] Chainlink's `latestRoundData` Might Return Stale Results

Olympus DAO contest

Olympus DAO contest

584.04 USDC • 2 total findings • Code4rena • 0xNazgul

#31

medium

No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

224.81 USDC • Code4rena • 0xNazgul

#14

FIAT DAO veFDT contest

FIAT DAO veFDT contest

54.24 USDC • Code4rena • 0xNazgul

#42

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

99.85 USDC • Code4rena • 0xNazgul

#27

Foundation Drop contest

Foundation Drop contest

63.31 USDC • Code4rena • 0xNazgul

#41

Mimo August 2022 contest

Mimo August 2022 contest

2,436.29 USDC • 1 total finding • Code4rena • 0xNazgul

#8

medium

`vaultOwner` Can Front-Run `rebalance()` With `setAutomation()` To Lower Incentives

Rigor Protocol contest

Rigor Protocol contest

373.8 USDC • 1 total finding • Code4rena • 0xNazgul

#23

medium

Builders must pay more interest when the system is paused.

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

88.08 USDC • Code4rena • 0xNazgul

#28

Golom contest

Golom contest

189.05 USDC • Code4rena • 0xNazgul

#53

Yield Witch v2 contest

Yield Witch v2 contest

83.86 USDC • Code4rena • 0xNazgul

#12

Swivel v3 contest

Swivel v3 contest

77.05 USDC • Code4rena • 0xNazgul

#35

ENS contest

ENS contest

123.53 USDC • Code4rena • 0xNazgul

#45

Fractional v2 contest

Fractional v2 contest

201.39 USDC • 1 total finding • Code4rena • 0xNazgul

#47

medium

`fallback()` function can bypass permission/auth checks imposed in `execute()`

Juicebox V2 contest

Juicebox V2 contest

147.37 USDC • Code4rena • 0xNazgul

#32

Jun '22

Putty contest

Putty contest

75.27 USDC • Code4rena • 0xNazgul

#54

Nibbl contest

Nibbl contest

47.59 USDC • Code4rena • 0xNazgul

#29

Yieldy contest

Yieldy contest

111.21 USDC • Code4rena • 0xNazgul

#42

Illuminate contest

Illuminate contest

126.4 USDC • Code4rena • 0xNazgul

#50

Nested Finance contest

Nested Finance contest

631.81 USDC • Code4rena • 0xNazgul

bronze
Badger-Vested-Aura contest

Badger-Vested-Aura contest

132.64 USDC • Code4rena • 0xNazgul

#21

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

84.25 USDC • Code4rena • 0xNazgul

#47

Canto contest

Canto contest

513.69 USDC • Code4rena • 0xNazgul

#31

Connext Amarok contest

Connext Amarok contest

226.92 USDC • Code4rena • 0xNazgul

#40

Notional x Index Coop

Notional x Index Coop

135.59 USDC • Code4rena • 0xNazgul

#34

May '22

Backd Tokenomics contest

Backd Tokenomics contest

171.81 USDC • Code4rena • 0xNazgul

#26

veToken Finance contest

veToken Finance contest

262.4 USDT • 1 total finding • Code4rena • 0xNazgul

#32

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Velodrome Finance contest

Velodrome Finance contest

644.68 USDC • Code4rena • 0xNazgul

#17

Rubicon contest

Rubicon contest

86.32 USDC • Code4rena • 0xNazgul

#56

Sturdy contest

Sturdy contest

93.84 USDC • Code4rena • 0xNazgul

#24

Aura Finance contest

Aura Finance contest

301.04 USDC • Code4rena • 0xNazgul

#22

Cally contest

Cally contest

30.09 USDC • Code4rena • 0xNazgul

#76

Enso Finance contest

Enso Finance contest

303.01 USDT • Code4rena • 0xNazgul

#32

Alchemix contest

Alchemix contest

305.02 DAI • Code4rena • 0xNazgul

#21

FactoryDAO contest

FactoryDAO contest

59.77 DAI • Code4rena • 0xNazgul

#56

Cudos contest

Cudos contest

96.72 USDC • Code4rena • 0xNazgul

#44

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

15.49 USDC • Code4rena • 0xNazgul

#57

bunker.finance contest

bunker.finance contest

383.36 USDC • 1 total finding • Code4rena • 0xNazgul

#11

medium

Chainlink pricer is using a deprecated API

Apr '22

Mimo DeFi contest

Mimo DeFi contest

148.39 USDC • Code4rena • 0xNazgul

#20

AbraNFT contest

AbraNFT contest

48.92 MIM • Code4rena • 0xNazgul

#49

Backd contest

Backd contest

89.35 USDC • Code4rena • 0xNazgul

#40

xTRIBE contest

xTRIBE contest

78.14 USDC • Code4rena • 0xNazgul

#33

Phuture Finance contest

Phuture Finance contest

49.45 USDC • Code4rena • 0xNazgul

#29

Badger Citadel contest

Badger Citadel contest

54.33 USDC • Code4rena • 0xNazgul

#56

JPEG'd contest

JPEG'd contest

123.75 USDC • Code4rena • 0xNazgul

#46

Axelar Network contest

Axelar Network contest

131.23 USDC • Code4rena • 0xNazgul

#14

Mar '22

Volt Protocol contest

Volt Protocol contest

78.91 USDC • Code4rena • 0xNazgul

#29

Joyn contest

Joyn contest

34.11 USDC • Code4rena • 0xNazgul

#38

Paladin contest

Paladin contest

52.84 USDC • Code4rena • 0xNazgul

#37

Sublime contest

Sublime contest

41.55 USDC • Code4rena • 0xNazgul

#23

LI.FI contest

LI.FI contest

63 USDC • Code4rena • 0xNazgul

#55

prePO contest

prePO contest

81.24 USDC • Code4rena • 0xNazgul

#23

Maple Finance contest

Maple Finance contest

111.36 USDC • Code4rena • 0xNazgul

#11

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

178.72 USDT • Code4rena • 0xNazgul

#41