https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

0xPhantom2

Security Researcher

Contact Me

High

17

Total

Medium

12

Total

$5.26K

Total Earnings

#736 All Time

9x

Payouts

regular

1x

Top 10

regular

6x

Top 25

regular

7x

Top 50

All

Sherlock

Code4rena

CodeHawks

Jan '25

Part 2

Part 2

1,539.25 usdc • 3 total findings • CodeHawks • 0xphantom

#12

high

Underflow when updating credit delegation will result protocol DoS

high

The protocol is insolvent

medium

No way to set UsdTokenSwapConfig pd curve parameters

Plaza Finance

Plaza Finance

0.18 USDC • 1 total finding • Sherlock • 0xPhantom2

#100

high

No Auction can succeed

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

509.27 USDC • 4 total findings • Sherlock • 0xPhantom2

#11

high

buyVotes have an accounting error that make the protocol insolvent

high

increaseVouch reward the own vouch of the caller

high

The buyVotes function charge fees for votes that the user didn't buy

medium

A mallicious user can avoid a slashing event during the evaluation period of the slasher contract

Debita Finance V3

Debita Finance V3

304.57 USDC • 5 total findings • Sherlock • 0xPhantom2

#17

high

TaxTokensReceipts is not usable as collateral in the Auction contract

high

The buyer can not receive his NFT in the BuyOrder contract

medium

DOS in extendLoan because of an Underflow

medium

extendLoan will always charge the max fees for the borrower

medium

DOS attack in the lendOrderFactory

Aug '24

Fjord Token Staking

Fjord Token Staking

1,558.93 USDC • 1 total finding • CodeHawks • 0xphantom

#5

high

Loss of funds for a user due to incorrect state updates while unstaking

Tadle

Tadle

55.03 USDC • 6 total findings • CodeHawks • 0xphantom

#61

high

TokenManager - Unlimited withdraw

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Token withdrawal fails until someone manually approves spending

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Mar '24

Revert Lend

Revert Lend

715.48 USDC • 2 total findings • Code4rena • 0xPhantom

#20

medium

Users' newly created positions can be prematurely closed and removed from the vault directly after they are created

medium

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

Jan '24

Curves

Curves

325.89 USDC • 6 total findings • Code4rena • 0xPhantom

#13

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

Selling will be bricked if all other tokens are withdrawn to ERC20 token

medium

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

medium

onBalanceChange causes previously unclaimed rewards to be cleared

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

249.22 USDC • 1 total finding • Code4rena • 0xPhantom

#50

medium

PnL system can be broken by large users intentionally or unintentionally.