https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/8e2f31da-7db0-4f00-b30f-3426a3a5c9fb.jpg

0xlrivo

Security Researcher

🇮🇹 cybersecurity student at UNIMI

Contact Me

High

10

Total

Medium

3

Total

$4.72K

Total Earnings

#761 All Time

10x

Payouts

gold

1x

1st Places

regular

1x

Top 10

regular

1x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '25

daao-contracts

daao-contracts

108.71 USDC • 4 total findings • Cantina • 0xlrivo

#35

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

2.70 USDC • Sherlock • 0xlrivo

#66

Debita Finance V3

Debita Finance V3

0.47 USDC • 1 total finding • Sherlock • 0xlrivo

#56

medium

Malicious lend offer owner can delete the other active orders in the factory

Sep '24

Thanos L2 Native Token Bridge

Thanos L2 Native Token Bridge

4,500 USDC • 1 total finding • Sherlock • 0xlrivo

gold

high

Smart contract addresses can bypass address aliasing via OptimismPortal2:onApprove()

Aug '24

ZeroLend One

ZeroLend One

12.11 USDC • 1 total finding • Sherlock • 0xlrivo

#43

medium

PoolGetters:getAssetPrice() uses a staleness period of 30 minutes which is too low for almost every data feed

Tadle

Tadle

48.81 USDC • 3 total findings • CodeHawks • 0xlrivo

#64

high

Native token withdrawal fails until manually approved

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Jul '24

TraitForge

TraitForge

0 USDC • 2 total findings • Code4rena • lrivo

#89

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

medium

Pause and unpause functions are inaccessible

Zaros Part 1

Zaros Part 1

2.12 USDC • 1 total finding • CodeHawks • 0xlrivo

#94

low

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

TempleGold

TempleGold

31.81 USDC • 2 total findings • CodeHawks • 0xlrivo

#32

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

low

Incosistent message generation in TempleTeleporter.quote() and TempleTeleporter.teleport() results in inaccurate required fee calculation by TempleTeleporter.quote()

Feb '24

AI Arena

AI Arena

13.63 USDC • Code4rena • lrivo

#118