https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/dae2ac43-e6ea-4bff-9661-c2aec38aba35.jpg

0xSecuri

Security Researcher

Smart Contracts Security Researcher

Contact Me

High

Total

Medium

Total

$2.35K

Total Earnings

#965 All Time

9x

Payouts

2x

Top 10

5x

Top 25

8x

Top 50

All

Sherlock

Code4rena

Cantina

Oct '24

Kleidi

0 USDC • Code4rena • 0xSecuri

#12

Sep '24

Boost Core Incentive Protocol

97.81 USDC • 2 total findings • Sherlock • 0xSecuri

#15

high

Ownership flaw in Boost incentive contracts blocks clawback functionality

medium

Predictable randomness vulnerability in Boost's raffle draw function

Aug '24

zetachain-protocol

625 USDC • Cantina • 0xSecuri

#35

Jul '24

Basin

135.48 USDC • 1 total finding • Code4rena • 0xSecuri

high

`WellUpgradeable` can be upgraded by anyone

May '24

Euler-v2

1,000 USDC • Cantina • 0xSecuri

#35

LoopFi

71.11 USDC • 1 total finding • Code4rena • 0xSecuri

high

Availability of deposit invariant can be bypassed

Apr '24

NOYA

19.18 USDC + NOYA stars • 1 total finding • Code4rena • 0xSecuri

#82

medium

Chainlink connector doesn’t check for the Min / Max prices returned

DYAD

295.78 USDC • 4 total findings • Code4rena • 0xSecuri

#39

high

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Value of kerosene can be manipulated to force liquidate users

medium

Incorrect deployment / missing contract will break functionality

Mar '24

DittoETH

102.05 USDC • 1 total finding • Code4rena • 0xSecuri

#20

medium

oracleCircuitBreaker: Not checking if price information of asset is stale