https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

0xkazim

Security Researcher

Contact Me

High

5

Total

Medium

10

Total

$1.32K

Total Earnings

#1180 All Time

14x

Payouts

regular

3x

Top 25

regular

8x

Top 50

All

Sherlock

Code4rena

Oct '23

The Wildcat Protocol

The Wildcat Protocol

0.06 USDC • 1 total finding • Code4rena • 0xkazim

#75

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Sep '23

Centrifuge

Centrifuge

132.86 USDC • 1 total finding • Code4rena • 0xkazim

#28

medium

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Aug '23

Dopex

Dopex

36.55 USDC • 2 total findings • Code4rena • 0xkazim

#99

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

veRWA

veRWA

9.82 USDC • Code4rena • 0xkazim

#52

Jul '23

Moonwell

Moonwell

299.96 USDC • 2 total findings • Code4rena • 0xkazim

#25

medium

`TemporalGovernor` can be bricked by `guardian`

medium

missing check for the max/min price in the `chainlinkOracle.sol` contract

Axelar Network

Axelar Network

94.77 USDC • 1 total finding • Code4rena • 0xkazim

#22

medium

Proposal requiring native coin transfers cannot be executed

Basin

Basin

17.52 USDC • Code4rena • 0xkazim

#26

Jun '23

Lybra Finance

Lybra Finance

40.31 USDC • 2 total findings • Code4rena • 0xkazim

#73

medium

Incorrect function call in LybraRETHVault's getAssetPrice

medium

`stakerewardV2pool.withdraw()` should check the user's boost lock status.

May '23

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

219.27 USDC • 2 total findings • Code4rena • 0xkazim

#34

high

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

medium

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

Apr '23

JOJO Exchange

JOJO Exchange

275.96 USDC • 1 total finding • Sherlock • 0xkazim

#33

high

Low-level transfer via call() can fail silently

Rubicon v2

Rubicon v2

80.52 USDC • 2 total findings • Code4rena • 0xkazim

#62

medium

Use of `block.number` leads to incorrect interest calculations

medium

REENTRANCY ATTACK POSSIBLE IF THE `_feeTo` IS A MALICIOUS CONTRACT IN `FeeWrapper._chargeFeePayable()` FUNCTION

Mar '23

Asymmetry contest

Asymmetry contest

61.76 USDC • 1 total finding • Code4rena • 0xkazim

#70

medium

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Neo Tokyo contest

Neo Tokyo contest

29.67 USDC • Code4rena • 0xkazim

#21

Wenwin contest

Wenwin contest

21.7 USDC • Code4rena • 0xkazim

#26