0xdice91

Security Researcher

Contact Me

High

Total

Medium

Total

$10.81K

Total Earnings

#635 All Time

20x

Payouts

1x

1st Places

4x

Top 10

12x

Top 25

All

Sherlock

Code4rena

CodeHawks

Nov '25

SukukFi

0 USDC • 1 total finding • Code4rena • 0xdice91

#20

high

Finding not yet public.

Aug '25

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • 0xdice91

medium

FULL_RESTRICTED users can still stake NUSD due to insufficent checks.

Jul '25

GTE Spot CLOB and Router

34.47 USDC • 2 total findings • Code4rena • 0xdice91

#12

high

Order double-linked list is broken because order.prevOrderId is not persisted

medium

Removing only the tail order from a limit does not reduce tree size, allowing order book to grow indefinitely

Jun '25

Chainlink Rewards

1.42 USDC • Code4rena • 0xdice91

DODO Cross-Chain DEX

13.29 USDC • 2 total findings • Sherlock • 0xdice91

#51

high

Malicious users can steal all funds from GatewayTransferNative contracts using withdrawToNativeChain.

medium

An Attacker can grief user of thier refund in GatewayCrossChain.sol and GatewayTransferNative.sol

Feb '25

Liquidity Management

532.69 usdc • 1 total finding • CodeHawks • 0xdice91

#15

high

If users withdraw while a position is in loss, the whole PNL of the position to their withdrawal amount instead of just their share of it.

Sep '24

Flayer

144.93 USDC • 1 total finding • Sherlock • 0xdice91

#50

high

`InfernalRiftBelow::claimRoyalties()` does not support the claiming of royalties for `ERC1155` tokens.

Jul '24

Zaros Part 1

17.17 USDC • 1 total finding • CodeHawks • 0xdice91

#80

medium

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

May '24

Munchables

0.02 USDC • 3 total findings • Code4rena • 0xdice91

#15

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Apr '24

Panoptic

8,126.32 USDC • 1 total finding • Code4rena • 0xdice91

medium

When Burning a Tokenized Position `validate` should be done before flipping the `isLong` bits in `_validateAndForwardToAMM()`

Feb '24

UniStaker Infrastructure

694.3 USDC • Code4rena • 0xdice91

Jan '24

Decent

0.12 USDC • 1 total finding • Code4rena • 0xdice91

#53

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

reNFT

4.78 USDC • Code4rena • 0xdice91

#65

Dec '23

Ethereum Credit Guild

3.05 USDC • 1 total finding • Code4rena • 0xdice91

#87

high

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Oct '23

Brahma

14.47 USDC • Code4rena • 0xdice91

#14

Canto Liquidity Mining Protocol

40.13 USDC • Code4rena • 0xdice91

#15

Sep '23

Venus Prime

4.37 USDC • Code4rena • 0xdice91

#39

Jul '23

Beedle - Oracle free perpetual lending

4.20 USDC • 5 total findings • CodeHawks • 0xdice91

#174

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Using forged/fake lending pools to steal any loan opening for auction

low

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

low

Wrong Amount of Loan Interest is Calculated

Jun '23

RealWagmi

35.46 USDC • 1 total finding • Sherlock • 0xdice91

#20

medium

Loss Of Precision Due To Division Before Multiplication

DODO V3

199.38 USDC • 3 total findings • Sherlock • 0xdice91

#22

medium

Liquidations will be `frozen`, when the oracle go `offline` or a token's price dropping to `zero`

medium

No check if Arbitrum/Optimism L2 sequencer is `down` in Chainlink feeds

medium

Loss of Precision in ` usedQuota` .