Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/13526f66-5315-42a6-8175-d2f97a88a16f.jpg

0xNazgul

Security Researcher

FIRST UNIVERSAL CYBERNETIC-KINETIC ULTRA-MICRO PROGRAMMER @OpenZeppelin

Contact Me

High

9

Total

Medium

27

Total

$24.85K

Total Earnings

#322 All Time

87x

Payouts

bronze

1x

3rd Places

regular

8x

Top 10

regular

33x

Top 25

All

Sherlock

Code4rena

Jul '24

Velocimeter

Velocimeter

13.20 USDC • 2 total findings • Sherlock • 0xNazgul

#51

high

Claimable gauge distributions are locked when `pauseGauge` is called

medium

First liquidity provider of a stable pair can DOS the pool

Jan '23

Popcorn contest

Popcorn contest

2,246.26 USDC • 5 total findings • Code4rena • 0xNazgul

#6

high

First vault depositor can steal other's assets

high

Staking rewards can be drained

medium

Fee on transfer token not supported

medium

[NAZ-M1] Vault Fees Can Total To More Than `1e18`

medium

[NAZ-M2] Unchecked return of `execute()`

Reserve contest

Reserve contest

121.59 USDC • Code4rena • 0xNazgul

#26

UXD Protocol

UXD Protocol

1,453.53 USDC • 2 total findings • Sherlock • 0xNazgul

#9

high

[NAZ-H1] Any Account That Has `PerpDepository.sol` Approved as Spender of `quoteToken` Can be Forced To Pay Shortfall

high

[NAZ-M7] `DnGmxSeniorVault.sol` Has a `maxUtilizationBps` Cap on Withdraws But `RageDnDepository.sol` Has No Soft Cap For This

Dec '22

GoGoPool contest

GoGoPool contest

35.35 USDC • 2 total findings • Code4rena • 0xNazgul

#72

high

Inflation of ggAVAX share price by first depositor

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

Tigris Trade contest

Tigris Trade contest

207.5 USDC • 2 total findings • Code4rena • 0xNazgul

#40

medium

Must approve 0 first

medium

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

prePO contest

prePO contest

28.12 USDC • Code4rena • 0xNazgul

#31

Escher contest

Escher contest

320.32 USDC • 1 total finding • Code4rena • 0xNazgul

#18

medium

Escher721 contract does not have setTokenRoyalty function

Nov '22

ParaSpace contest

ParaSpace contest

923.33 USDC • 2 total findings • Code4rena • 0xNazgul

#25

high

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

medium

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Redacted Cartel contest

Redacted Cartel contest

53.49 USDC • Code4rena • 0xNazgul

#46

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

475.56 USDC • Code4rena • 0xNazgul

#29

Blur Exchange contest

Blur Exchange contest

42.55 USDC • Code4rena • 0xNazgul

#29

DODO

DODO

62.49 USDC • 1 total finding • Sherlock • 0xNazgul

#6

medium

[NAZ-M2] Usage of deprecated `transfer()` can result in revert.

Debt DAO contest

Debt DAO contest

61.35 USDC • Code4rena • 0xNazgul

#51

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • 0xNazgul

#30

Inverse Finance contest

Inverse Finance contest

37.11 USDC • 1 total finding • Code4rena • 0xNazgul

#42

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Astaria

Astaria

63.28 USDC • 2 total findings • Sherlock • 0xNazgul

#28

medium

[NAZ-M1] First ERC4626 vault deposit exploit can break share calculation

medium

[NAZ-M2] Incorrect Logic Comparison

Holograph contest

Holograph contest

549.04 USDC • Code4rena • 0xNazgul

#19

3xcalibur contest

3xcalibur contest

2,247.23 USDC • Code4rena • 0xNazgul

#4

Juicebox contest

Juicebox contest

37.88 USDC • Code4rena • 0xNazgul

#18

The Graph L2 bridge contest

The Graph L2 bridge contest

71.07 USDC • Code4rena • 0xNazgul

#14

Blur Exchange contest

Blur Exchange contest

83.13 USDC • Code4rena • 0xNazgul

#21

Sep '22

Knox Finance

Knox Finance

3,047.92 USDC • 2 total findings • Sherlock • 0xNazgul

#8

high

[NAZ-M6] Unbounded loop in `_previewWithdraw() && _redeemMax()` Can Lead To DoS

medium

[NAZ-M2] Lack of Price Freshness Check In `_latestAnswer64x64()` Allows A Stale Price To Be Used

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

586.05 USDC • 1 total finding • Code4rena • 0xNazgul

#13

medium

A "FrontRunning attack" can be made to the `initialize` function

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

96.07 USDC • Code4rena • 0xNazgul

#30

VTVL contest

VTVL contest

60.12 USDC • 1 total finding • Code4rena • 0xNazgul

#45

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

Art Gobblers contest

Art Gobblers contest

123.86 USDC • Code4rena • 0xNazgul

#19

Harpie

Harpie

170.22 USDC • 2 total findings • Sherlock • 0xNazgul

#11

medium

[NAZ-H1] ECDSA Signature Malleability

medium

[NAZ-M1] Using `transferFrom` On ERC721 Tokens

Y2k Finance contest

Y2k Finance contest

175.3 USDC • 1 total finding • Code4rena • 0xNazgul

#32

high

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

PartyDAO contest

PartyDAO contest

198.1 USDC • Code4rena • 0xNazgul

#23

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.81 USDC • Code4rena • 0xNazgul

#11

Canto Dex Oracle contest

Canto Dex Oracle contest

146.62 CANTO • 1 total finding • Code4rena • 0xNazgul

#10

medium

Calculated `token0TVL` may be zero under certain scenarios

Nouns Builder contest

Nouns Builder contest

90.77 USDC • Code4rena • 0xNazgul

#90

Aug '22

Sentiment

Sentiment

3.50 USDC • 1 total finding • Sherlock • 0xNazgul

#26

medium

[NAZ-M4] Chainlink's `latestRoundData` Might Return Stale Results

Olympus DAO contest

Olympus DAO contest

584.04 USDC • 2 total findings • Code4rena • 0xNazgul

#32

medium

No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

224.81 USDC • Code4rena • 0xNazgul

#15

FIAT DAO veFDT contest

FIAT DAO veFDT contest

54.24 USDC • Code4rena • 0xNazgul

#42

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

99.85 USDC • Code4rena • 0xNazgul

#28

Foundation Drop contest

Foundation Drop contest

63.31 USDC • Code4rena • 0xNazgul

#42

Mimo August 2022 contest

Mimo August 2022 contest

2,436.29 USDC • 1 total finding • Code4rena • 0xNazgul

#9

medium

`vaultOwner` Can Front-Run `rebalance()` With `setAutomation()` To Lower Incentives

Rigor Protocol contest

Rigor Protocol contest

373.8 USDC • 1 total finding • Code4rena • 0xNazgul

#24

medium

Builders must pay more interest when the system is paused.

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

88.08 USDC • Code4rena • 0xNazgul

#29

Golom contest

Golom contest

189.05 USDC • Code4rena • 0xNazgul

#54

Yield Witch v2 contest

Yield Witch v2 contest

83.86 USDC • Code4rena • 0xNazgul

#12

Swivel v3 contest

Swivel v3 contest

77.05 USDC • Code4rena • 0xNazgul

#35

ENS contest

ENS contest

123.53 USDC • Code4rena • 0xNazgul

#46

Fractional v2 contest

Fractional v2 contest

201.39 USDC • 1 total finding • Code4rena • 0xNazgul

#48

medium

`fallback()` function can bypass permission/auth checks imposed in `execute()`

Juicebox V2 contest

Juicebox V2 contest

147.37 USDC • Code4rena • 0xNazgul

#33

Jun '22

Putty contest

Putty contest

75.27 USDC • Code4rena • 0xNazgul

#55

Nibbl contest

Nibbl contest

47.59 USDC • Code4rena • 0xNazgul

#30

Yieldy contest

Yieldy contest

111.21 USDC • Code4rena • 0xNazgul

#43

Illuminate contest

Illuminate contest

126.4 USDC • Code4rena • 0xNazgul

#51

Nested Finance contest

Nested Finance contest

631.81 USDC • Code4rena • 0xNazgul

bronze
Badger-Vested-Aura contest

Badger-Vested-Aura contest

132.64 USDC • Code4rena • 0xNazgul

#21

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

84.25 USDC • Code4rena • 0xNazgul

#48

Canto contest

Canto contest

513.69 USDC • Code4rena • 0xNazgul

#32

Connext Amarok contest

Connext Amarok contest

226.92 USDC • Code4rena • 0xNazgul

#41

Notional x Index Coop

Notional x Index Coop

135.59 USDC • Code4rena • 0xNazgul

#34

May '22

Backd Tokenomics contest

Backd Tokenomics contest

171.81 USDC • Code4rena • 0xNazgul

#26

veToken Finance contest

veToken Finance contest

262.4 USDT • 1 total finding • Code4rena • 0xNazgul

#32

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Velodrome Finance contest

Velodrome Finance contest

644.68 USDC • Code4rena • 0xNazgul

#17

Rubicon contest

Rubicon contest

86.32 USDC • Code4rena • 0xNazgul

#56

Sturdy contest

Sturdy contest

93.84 USDC • Code4rena • 0xNazgul

#24

Aura Finance contest

Aura Finance contest

301.04 USDC • Code4rena • 0xNazgul

#22

Cally contest

Cally contest

30.09 USDC • Code4rena • 0xNazgul

#76

Enso Finance contest

Enso Finance contest

303.01 USDT • Code4rena • 0xNazgul

#32

Alchemix contest

Alchemix contest

305.02 DAI • Code4rena • 0xNazgul

#21

FactoryDAO contest

FactoryDAO contest

59.77 DAI • Code4rena • 0xNazgul

#56

Cudos contest

Cudos contest

96.72 USDC • Code4rena • 0xNazgul

#44

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

15.49 USDC • Code4rena • 0xNazgul

#57

bunker.finance contest

bunker.finance contest

383.36 USDC • 1 total finding • Code4rena • 0xNazgul

#11

medium

Chainlink pricer is using a deprecated API

Apr '22

Mimo DeFi contest

Mimo DeFi contest

148.39 USDC • Code4rena • 0xNazgul

#20

AbraNFT contest

AbraNFT contest

48.92 MIM • Code4rena • 0xNazgul

#49

Backd contest

Backd contest

89.35 USDC • Code4rena • 0xNazgul

#40

xTRIBE contest

xTRIBE contest

78.14 USDC • Code4rena • 0xNazgul

#33

Phuture Finance contest

Phuture Finance contest

49.45 USDC • Code4rena • 0xNazgul

#29

Badger Citadel contest

Badger Citadel contest

54.33 USDC • Code4rena • 0xNazgul

#56

JPEG'd contest

JPEG'd contest

123.75 USDC • Code4rena • 0xNazgul

#46

Axelar Network contest

Axelar Network contest

131.23 USDC • Code4rena • 0xNazgul

#14

Mar '22

Volt Protocol contest

Volt Protocol contest

78.91 USDC • Code4rena • 0xNazgul

#29

Joyn contest

Joyn contest

34.11 USDC • Code4rena • 0xNazgul

#38

Paladin contest

Paladin contest

52.84 USDC • Code4rena • 0xNazgul

#37

Sublime contest

Sublime contest

41.55 USDC • Code4rena • 0xNazgul

#23

LI.FI contest

LI.FI contest

63 USDC • Code4rena • 0xNazgul

#55

prePO contest

prePO contest

81.24 USDC • Code4rena • 0xNazgul

#23

Maple Finance contest

Maple Finance contest

111.36 USDC • Code4rena • 0xNazgul

#11

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

178.72 USDT • Code4rena • 0xNazgul

#41