https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/aea3e895-3367-4ec7-aa5c-a413402d239d.jpg

0xloscar01

Security Researcher

Smart contract security researcher | Warden at @code4rena

Contact Me

High

10

Total

Medium

7

Total

$2.93K

Total Earnings

#909 All Time

17x

Payouts

regular

3x

Top 10

regular

10x

Top 25

regular

13x

Top 50

All

Sherlock

Code4rena

CodeHawks

Feb '25

Usual Labs

Usual Labs

523.48 USDC • Sherlock • 0xloscar01

#19

THORWallet

THORWallet

0 USDC • 1 total finding • Code4rena • 0xloscar01

#10

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Dec '24

Tally ARB Staker

Tally ARB Staker

223.79 USDC • Sherlock • 0xloscar01

#13

SecondSwap

SecondSwap

5.38 USDC • 2 total findings • Code4rena • 0xloscar01

#48

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

high

Users can claim more that their actual allotment

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

3.99 OP • 1 total finding • Sherlock • 0xloscar01

#37

medium

`Bracket::performUpkeep` will revert due to residual allowance and the usage of `safeApprove`

Nov '24

Debita Finance V3

Debita Finance V3

9.58 USDC • 2 total findings • Sherlock • 0xloscar01

#50

medium

Attacker will prevent lenders from canceling lend orders and block non-perpetual lend orders matching.

medium

DebitaIncentives::updateFunds will exit prematurely and not update whitelisted pairs causing loss of funds to lenders and borrowers

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

23.07 USDC • 1 total finding • Sherlock • 0xloscar01

#22

high

Incentives `clawback` and `drawRaffle` functions are inaccessible to all parties, including Boost creators and Boost owners.

Aug '24

Fjord Token Staking

Fjord Token Staking

0.27 USDC • 1 total finding • CodeHawks • 0xloscar01

#19

medium

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Tadle

Tadle

0.00 USDC • 1 total finding • CodeHawks • 0xloscar01

#177

high

TokenManager - Unlimited withdraw

May '24

Midas

Midas

656.97 USDC • 1 total finding • Sherlock • 0xloscar01

#4

high

`MidasAccessControl` allows blacklisted users to bypass `mTBILL` ban by renouncing the `BLACKLISTED_ROLE`

Munchables

Munchables

0.01 USDC • 1 total finding • Code4rena • 0xloscar01

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Apr '24

DYAD

DYAD

0.02 USDC • 1 total finding • Code4rena • 0xloscar01

#114

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Mar '24

Revert Lend

Revert Lend

17.32 USDC • 1 total finding • Code4rena • 0xloscar01

#67

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Feb '24

Jala Swap

Jala Swap

255.08 USDC • 1 total finding • Sherlock • 0xloscar01

#6

medium

`JalaPair` functions calling `_update` will revert when `price0CumulativeLast` or `price1CumulativeLast` overflows

Althea Liquid Infrastructure

Althea Liquid Infrastructure

104.73 USDC • 1 total finding • Code4rena • 0xloscar01

#23

medium

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Dec '23

The Standard

The Standard

0.07 USDC • 1 total finding • CodeHawks • 0xloscar01

#102

high

Rewards can be drained because of lack of access control

Nov '23

Panoptic

Panoptic

1,111.11 USDC • 1 total finding • Code4rena • 0xloscar01

#13

high

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be