https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

0xfuje

Security Researcher

Contact Me

High

2

Solo

5

Total

Medium

1

Solo

6

Total

$42.53K

Total Earnings

#232 All Time

18x

Payouts

gold

2x

1st Places

silver

3x

2nd Places

regular

12x

Top 10

All

Code4rena

Hats Finance

Sep '24

Circles

Circles

4,800 USDC • 1 total finding • Hats • 0xfuje

silver

high

`personalMint()` reentrancy attack

Jun '24

Palmera

Palmera

789.5 USDC • 1 total finding • Hats • 0xfuje

#5

medium

Any contract can bypass `isSafe` restrictions

Intuition

Intuition

400 USDC • Hats • 0xfuje

#6

Inverter Network

Inverter Network

6,900 UMA • Hats • 0xfuje

#4

Mar '24

Most: Aleph Zero Bridge

Most: Aleph Zero Bridge

2,000 USDT • 2 total findings • Hats • 0xfuje

#4

low

Zero address & `bytes32` zero value checks for additional safety

low

Attacker can initialize `Most.sol` to set critical parameters

Feb '24

Wise Lending

Wise Lending

1,800 USDC • Hats • 0xfuje

#5

Paladin

Paladin

8,900 PAL • Hats • 0xfuje

#4

Nov '23

Possum Labs (Portals)

Possum Labs (Portals)

2,800 USDC • 3 total findings • Hats • 0xfuje

#4

low

Approve on principal token can revert

low

Reward token can be unclaimable and stuck in an edge case

low

Quote functions return incorrect values during funding phase

ether.fi

ether.fi

1,400 USDC • Hats • 0xfuje

silver

Oct '23

HATs Arbitration Contracts

HATs Arbitration Contracts

5,700 USDC • 1 total finding • Hats • 0xfuje

silver

high

Anyone can drain `HATArbitrator` via `refundExpiredSubmitClaimRequest()` with non-existing claims

SafeStaking by HOPR

SafeStaking by HOPR

3,500 HOPR • Hats • 0xfuje

gold
SafeStaking (by HOPR)

SafeStaking (by HOPR)

1,600 DAI • Hats • 0xfuje

gold

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.79 USDC • 1 total finding • Code4rena • 0xfuje

#54

high

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Centrifuge

Centrifuge

296.01 USDC • 1 total finding • Code4rena • 0xfuje

#23

medium

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Jul '23

Tapioca DAO

Tapioca DAO

830.86 USDC • 6 total findings • Code4rena • 0xfuje

#50

high

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

high

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

medium

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

medium

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

medium

Single UniswapV3Swapper using a single fee makes it highly likely to be suboptimal

medium

FullMath and TickMath libraries desire overflow behavior

Mar '23

Wenwin contest

Wenwin contest

21.7 USDC • Code4rena • 0xfuje

#26

Dec '22

Escher contest

Escher contest

31.16 USDC • Code4rena • 0xfuje

#57

Nov '22

Redacted Cartel contest

Redacted Cartel contest

732.03 USDC • Code4rena • 0xfuje

#19