https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/aea3e895-3367-4ec7-aa5c-a413402d239d.jpg

0xloscar01

Security Researcher

Smart contract security researcher | Warden at @code4rena

Contact Me

High

11

Total

Medium

7

Total

$3.26K

Total Earnings

#925 All Time

18x

Payouts

regular

4x

Top 10

regular

11x

Top 25

regular

14x

Top 50

All

Sherlock

Code4rena

CodeHawks

Jun '25

Superfluid Locker System

Superfluid Locker System

323.57 USDC • 1 total finding • Sherlock • 0xloscar01

#8

high

Locker owners can bypass the buy pressure mechanism (`FluidLocker::_pump`) when providing liquidity

Feb '25

Usual Labs

Usual Labs

523.48 USDC • Sherlock • 0xloscar01

#19

THORWallet

THORWallet

0 USDC • 1 total finding • Code4rena • 0xloscar01

#10

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Dec '24

Tally ARB Staker

Tally ARB Staker

223.79 USDC • Sherlock • 0xloscar01

#13

SecondSwap

SecondSwap

5.38 USDC • 2 total findings • Code4rena • 0xloscar01

#48

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

high

Users can claim more that their actual allotment

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

3.99 OP • 1 total finding • Sherlock • 0xloscar01

#37

medium

`Bracket::performUpkeep` will revert due to residual allowance and the usage of `safeApprove`

Nov '24

Debita Finance V3

Debita Finance V3

9.58 USDC • 2 total findings • Sherlock • 0xloscar01

#50

medium

Attacker will prevent lenders from canceling lend orders and block non-perpetual lend orders matching.

medium

DebitaIncentives::updateFunds will exit prematurely and not update whitelisted pairs causing loss of funds to lenders and borrowers

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

23.07 USDC • 1 total finding • Sherlock • 0xloscar01

#22

high

Incentives `clawback` and `drawRaffle` functions are inaccessible to all parties, including Boost creators and Boost owners.

Aug '24

Fjord Token Staking

Fjord Token Staking

0.27 USDC • 1 total finding • CodeHawks • 0xloscar01

#19

medium

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Tadle

Tadle

0.00 USDC • 1 total finding • CodeHawks • 0xloscar01

#177

high

TokenManager - Unlimited withdraw

May '24

Midas

Midas

656.97 USDC • 1 total finding • Sherlock • 0xloscar01

#4

high

`MidasAccessControl` allows blacklisted users to bypass `mTBILL` ban by renouncing the `BLACKLISTED_ROLE`

Munchables

Munchables

0.01 USDC • 1 total finding • Code4rena • 0xloscar01

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Apr '24

DYAD

DYAD

0.02 USDC • 1 total finding • Code4rena • 0xloscar01

#114

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Mar '24

Revert Lend

Revert Lend

17.32 USDC • 1 total finding • Code4rena • 0xloscar01

#67

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Feb '24

Jala Swap

Jala Swap

255.08 USDC • 1 total finding • Sherlock • 0xloscar01

#6

medium

`JalaPair` functions calling `_update` will revert when `price0CumulativeLast` or `price1CumulativeLast` overflows

Althea Liquid Infrastructure

Althea Liquid Infrastructure

104.73 USDC • 1 total finding • Code4rena • 0xloscar01

#23

medium

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Dec '23

The Standard

The Standard

0.07 USDC • 1 total finding • CodeHawks • 0xloscar01

#102

high

Rewards can be drained because of lack of access control

Nov '23

Panoptic

Panoptic

1,111.11 USDC • 1 total finding • Code4rena • 0xloscar01

#13

high

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be