https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7f00ea36-344d-47a5-acdb-88755d42b4d0.jpg

0xShitgem

Security Researcher

i'm learning

Contact Me

High

10

Total

Medium

4

Total

$3.44K

Total Earnings

#1007 All Time

8x

Payouts

bronze

1x

3rd Places

regular

4x

Top 10

regular

4x

Top 25

All

Sherlock

Code4rena

Cantina

Aug '25

GTE Perps and Launchpad

GTE Perps and Launchpad

2,380.28 USDC • 5 total findings • Code4rena • 0xShitgem

#7

high

Total reward shares for token can reach zero after unlocking, causing `GTELaunchpadV2Pair` to be bricked

high

Backstop bid-side frozen by tick-size constraint

high

CREATE2 address of the uniswap pair used by `LaunchPad` does not match address of pair deployed by `GTELaunchpadV2PairFactory`

high

DOS of Launchpad Graduation via addLiquidity with 1 Wei donation

medium

Liquidation stalls when top-of-book is outside divergence band (STANDARD & BACKSTOP), allowing under-margined positions to persist

May '25

jigsaw-contracts

jigsaw-contracts

71.74 USDC • 2 total findings • Cantina • nikos

#53

high

Finding not yet public.

high

Finding not yet public.

Mar '25

Nudge.xyz

Nudge.xyz

610.41 USDC • 1 total finding • Code4rena • 0xShitgem

#6

medium

Anyone can DOS handleReallocation over and over

Feb '25

Virtuals Protocol

Virtuals Protocol

27.3 USDC • 1 total finding • Code4rena • 0xShitgem

#62

medium

Attacker can prevent user from executing application registered through `initFromToken()` in `AgentFactoryV4`.

Apr '24

DYAD

DYAD

4.1 USDC • 2 total findings • Code4rena • 0xShitgem

#106

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Mar '24

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • 0xShitgem

bronze

high

Not implemented restriction inside `EnglishPeriodAuctionInternal::_cancelAllBids` leads to possibility of stealing funds by attacker

Amphor

Amphor

235.05 USDC • 1 total finding • Sherlock • 0xShitgem

#9

medium

Use safeTransfer() instead of transfer()

Feb '24

AI Arena

AI Arena

111.68 USDC • 1 total finding • Code4rena • 0xShitgem

#59

high

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8