https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/ef0fe481-e7c0-4d1b-9c68-8c5b91b7b7fd.jpg

0xfox

Security Researcher

Contact Me

High

4

Total

Medium

1

Total

$338.00

Total Earnings

#1534 All Time

3x

Payouts

regular

2x

Top 25

regular

3x

Top 50

All

Code4rena

Jun '24

Thorchain

Thorchain

18.87 USDC • 1 total finding • Code4rena • 0xfox

#19

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

May '24

Munchables

Munchables

0.01 USDC • 1 total finding • Code4rena • 0xfox

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Apr '24

DYAD

DYAD

319.6 USDC • 3 total findings • Code4rena • 0xfox

#37

high

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

high

User can get their Kerosene stuck because of an invalid check on withdraw

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults