https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/e7378220-9ba3-47e1-8f34-03452c2967b4.jpg

0xaxaxa

Security Researcher

Contact Me

High

18

Total

Medium

8

Total

$10.97K

Total Earnings

#514 All Time

11x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

8x

Top 10

All

Sherlock

Cantina

Apr '25

Aegis.im YUSD

Aegis.im YUSD

45.94 OP • 1 total finding • Sherlock • 0xaxaxa

#4

high

Redeemer Doesn't Pay Any Fee

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

256.38 USDC • Sherlock • 0xaxaxa

#4

Feb '25

Usual Labs

Usual Labs

3,161.42 USDC • Sherlock • 0xaxaxa

#7

Yieldoor

Yieldoor

54.84 USDC • 4 total findings • Sherlock • 0xaxaxa

#14

high

`initCollateralUsd` is incorrectly set when opening a leveraged position.

high

Collecting Fees from `vestPosition` May Revert Due to Incorrect `tickUpper` Usage

medium

Incorrect `modulo` Calculation in `Strategy._setSecondaryPositionsTicks` When `tick < 0`

medium

The `Leverager.withdraw()` Function Incorrectly Utilizes `amountOut0` Instead of `amountOut1` to Determine `repayFromWithdraw`

Jan '25

daao-contracts

daao-contracts

123.36 USDC • 5 total findings • Cantina • 0xaxaxa

#31

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Aave v3.3

Aave v3.3

5,552.74 USDC • Sherlock • 0xaxaxa

#9

Dec '24

Ethos Reputation Market Fix Review Contest

Ethos Reputation Market Fix Review Contest

144.76 USDC • 1 total finding • Sherlock • 0xaxaxa

silver

medium

Incorrect rounding in the `_calcCost` function.

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

824.10 OP • 10 total findings • Sherlock • 0xaxaxa

#4

high

Attackers can drain the `OracleLess` contract by creating an order with a `malicious tokenIn` and executing it with a `malicious target`.

high

The `execute()` function should reset the approved amount for the `target` to 0 at the end.

high

The `AutomationMaster.generateOrderId()` function does not guarantee the generation of a unique `orderId`.

high

The `_cancelOrder()` function removes the `orderId` solely from the `pendingOrderIds` array, but does not remove it from the `orders` mapping.

high

Reentrancy attack in the `OracleLess` contract.

high

In the `oracleLess` contract, when an order is created, `tokenIn` is transferred from the `recipient`, which exposes it to potential attacks.

high

Attackers can drain the `StopLimit` contract.

medium

The `execute()` function should utilize `forceApprove` instead of `safeApprove`.

medium

Incorrect staleness check in the `PythOracle.currentValue()` function.

medium

A `DoS` attack that makes order removal impossible in the `OracleLess` contract, causing all funds to become stuck.

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

130.79 USDC • 4 total findings • Sherlock • 0xaxaxa

#22

high

Unfair fee calculation in the `ReputationMarket._calculateBuy()` function.

high

Incorrect modification of `marketFunds` in the `ReputationMarket.buyVotes()` function.

medium

Improper fee mechanism in the `EthosVouch.applyFees()` function.

medium

Absence of slippage protection in the `ReputationMarket.sellVotes()` function.

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

578.45 USDC • Sherlock • 0xaxaxa

#10

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • 0xaxaxa

gold

high

The `claim()` function can be front-run, resulting in the potential loss of all funds.