https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

0xNirix

Security Researcher

Contact Me

High

22

Total

Medium

4

Solo

12

Total

$29.12K

Total Earnings

#281 All Time

13x

Payouts

gold

2x

1st Places

silver

1x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Feb '25

SEDA Protocol

SEDA Protocol

1,062.56 USDC • 2 total findings • Sherlock • 0xNirix

#7

high

Missing Minimum Length Check in verifyBatchSignatures Allows Chain Halting Attack

medium

Mean-Based Outlier Detection Vulnerability Allows Single Node to Sabotage Consensus

Babylon Chain Launch (Phase-2)

Babylon Chain Launch (Phase-2)

15,789.47 USDC • 1 total finding • Sherlock • 0xNirix

bronze

medium

Incorrect BTC Delegation Reward Calculation Due to Using Current Stake Amount Instead of Historical Stake

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

1.83 OP • 4 total findings • Sherlock • 0xNirix

#49

high

Duplicate Order IDs Will Lead to Lost Orders/ Drain of Funds

high

OracleLess Protocol Reentrancy Vulnerability Can Lead to Fund Drain

medium

DoS via Dust Order Spam in OracleLess Contract

medium

Incorrect Price Validation in PythOracle

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

189.51 OP • 5 total findings • Sherlock • 0xNirix

#15

high

Arbitrary Price Input in CDS Redeem Function Allows Exchange Rate Manipulation

high

Missing Access Control on updateDownsideProtected() Enables Critical Pool Manipulation in CDS Protocol

high

Missing Replay Protection in ODOS Swap Authorization

high

LayerZero Message Delays Can Cause Protocol Issues Through Cross-Chain State Desynchronization

medium

Unbounded Liquidation Iterations Can Lead to Withdrawal DoS

Nov '24

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • 0xNirix

gold

high

Front-Running Vulnerability in VVVVCTokenDistributor Claim Function

Oct '24

Usual V1

Usual V1

4,367.29 USDC • 2 total findings • Sherlock • 0xNirix

gold

high

Loss of Vesting Rewards Upon Allocation Removal

high

Incorrect Fee Calculation Inflates Share Value

Gamma Brevis Rewarder

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • 0xNirix

bronze

high

Claim Blocking Vulnerability in GammaRewarder Contract

Orderly Solana Vault Contract

Orderly Solana Vault Contract

2,793.60 USDC • 2 total findings • Sherlock • 0xNirix

silver

high

Attacker will drain vault assets through token validation bypass

medium

Missing LayerZero Ordered Execution Option For Orderly Chain Messages

predict.fun lending market

predict.fun lending market

337.23 USDC • 1 total finding • Sherlock • 0xNirix

#6

medium

Contract will charge inconsistent protocol fees affecting users and protocol revenue

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

370.31 USDC • 2 total findings • Sherlock • 0xNirix

#12

high

Inability to Clawback in Incentive Contracts Leads to Locked Funds

medium

Weird tokens will impact protocol functionality for users

Flayer

Flayer

952.16 USDC • 4 total findings • Sherlock • 0xNirix

#17

high

Listings Contract will erroneously attempt to deposit fees and issue refunds when relisting a liquidated listing

high

Malicious user can exploit stale listings to gain undue refunds, impacting protocol funds and listing integrity

high

Users will suffer unexpected liquidations and unfair interest charges on Protected Listings

medium

User can cancel or modify Dutch auctions, compromising market integrity and user trust

Aug '24

Cork Protocol

Cork Protocol

839.23 USDC • 6 total findings • Sherlock • 0xNirix

#5

high

Liquidity Vault will accumulate inaccessible Pegged Assets (PA) affecting users funds

high

Lack of exchange rate consideration during lvRedeemRaWithCtDs will cause loss for users and protocol

high

Missing RA balance update for PSM during LV redemptions will cause incorrect RA balance

high

Protocol will lose access to repurchased RA tokens after issue expiry, impacting CT holders.

high

Incorrect value from emptyReservePartial may cause user redemption requests to be blocked in LV

medium

User can manipulate initial RA/CT AMM price, causing significant loss to the protocol and other users

ZeroLend One

ZeroLend One

2,192.86 USDC • 3 total findings • Sherlock • 0xNirix

#5

high

Malicious users will exploit NFT based reward distribution flaws, affecting legitimate users and the protocol

medium

Malicious actors can execute sandwich attacks during market addition with existing funds

medium

Frequent Updaters will Gain Disproportionate Rewards Affecting Passive Users