https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

0xpiken

Security Researcher

Contact Me

High

29

Total

Medium

46

Total

$55.39K

Total Earnings

#163 All Time

29x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

bronze

3x

3rd Places

All

Sherlock

Code4rena

Cantina

Apr '25

Aegis.im YUSD

Aegis.im YUSD

45.94 OP • 1 total finding • Sherlock • 0xpiken

#4

high

Faulty fee logic in `approveRedeemRequest()` can dilute YUSD value

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

8.90 USDC • 2 total findings • Sherlock • 0xpiken

#16

medium

`SymmVesting#addLiquidity()` might revert due to wrong sanity check

medium

Anyone can dilute reward distribution rate and postpone the end of reward distribution

badger-ebtc-bsm

badger-ebtc-bsm

14.85 USDC • 1 total finding • Cantina • 0xpiken

#31

high

Finding not yet public.

Feb '25

Usual Labs

Usual Labs

2,444.41 USDC • Sherlock • 0xpiken

#9

Dec '24

Chainlink Payment Abstraction

Chainlink Payment Abstraction

1,987.07 USDC • Code4rena • 0xpiken

bronze

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

56.21 USDC • 2 total findings • Sherlock • 0xpiken

#29

high

Any ether withdrawing functions could be DoS'ed due to incorrect fund calculation in `ReputationMarket#buyVotes()`

medium

The balance of vouch is less than expected due to the incorrect fee calculation

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

775.58 USDC • Sherlock • 0xpiken

#7

Sep '24

symbioticfi-core

symbioticfi-core

3,745.44 USDC • 1 total finding • Cantina • 0xpiken

#4

medium

Finding not yet public.

Aug '24

The Wildcat Protocol

The Wildcat Protocol

2,588.69 USDC • 3 total findings • Code4rena • 0xpiken

bronze

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

medium

No lender is able to exit even after the market is closed

medium

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

Midas - Instant Minter/Redeemer

Midas - Instant Minter/Redeemer

2,671.79 USDC • 3 total findings • Sherlock • 0xpiken

bronze

medium

`RedemptionVaultWithBUIDL#redeemInstant‎()` doesn't implement BUIDL balance threshold check

medium

`ManageableVault` does not provide any function to allow `tokensReceiver` to be updated

medium

`RedemptionVaultWithBUIDL#redeemInstant()` does not work due to an incorrect function call

Jul '24

LoopFi

LoopFi

1,627.79 USDC • 10 total findings • Code4rena • 0xpiken

#10

high

`vestTokens` bug in MultiFeeDistribution.sol causes new incentives to erase previous incentives

high

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

medium

`PoolV3#repayCreditAccount()` use incorrect share converting function to calculate profit and loss

medium

Incorrect address is used as `spender` for ERC20 permit signature verification

medium

`lastRPS` could be set to `0` accidentally

medium

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

medium

In CDPVault::liquidatePositionBadDebt(), the calculation of `loss` is incorrect.

medium

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

medium

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

medium

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

Velocimeter

Velocimeter

735.21 USDC • 5 total findings • Sherlock • 0xpiken

#10

high

The last item of `max_locked_nfts` in `VotingEscrow` cannot be marked as max_lock disabled by calling `VotingEscrow#disable_max_lock()`

high

Anyone calling `exerciseVe()` or `exerciseLp()` could suffer a sandwich attack or a loss on the paymentToken due to the lack of slippage protection

high

Undistributed gauge reward might be locked forever when `pauseGauge()` is called to kill gauge

high

The owner of `veNFT` could suffer a DOS attack when transferring, withdrawing or minting their `veNFT` tokens

high

`ve_supply` is updated incorrectly

Jun '24

Size

Size

4,142.59 USDC • 5 total findings • Code4rena • 0xpiken

#10

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Neither `sellCreditMarket‎()` nor `compensate‎()` checks whether the credit position to be sold is allowed for sale

medium

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

medium

Multicall does not work as intended

May '24

Euler-v2

Euler-v2

13,669 USDC • Cantina • 0xpiken

#10

Apr '24

Zivoe

Zivoe

1,341.16 USDC • 7 total findings • Sherlock • 0xpiken

#8

high

Anyone can prolong the yield distribution period to dilute the staker's reward

high

ITO liquidity provider might receive less $ZVE than expected due to incorrect calculation

high

`claimRewards()` might revert due to Incorrect token transferring

high

Incorrect subtraction in `ZivoeRewardsVesting#revokeVestingSchedule()`

medium

Yield distribution period in `OCL_ZVE` can be bypassed

medium

`OCL_ZVE#pushToLockerMulti()` is unlikely to succeed due to the failure of assertion

medium

The yield rewards obtained though `OCL_ZVE` could be prevented from being distributed

Mar '24

M^0

M^0

3,912.02 USDC • 1 total finding • Sherlock • 0xpiken

#4

medium

An earner can still continue earning even after being removed from the approved list.

Feb '24

Althea Liquid Infrastructure

Althea Liquid Infrastructure

87.74 USDC • 2 total findings • Code4rena • 0xpiken

#24

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

medium

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Jan '24

Salty.IO

Salty.IO

9,530.29 USDC • 9 total findings • Code4rena • 0xpiken

gold

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

high

Development Team might receive less SALT because there is no access control on `VestingWallet#release()`

medium

Incorrect calculation to check remaining ratio after reward in StableConfig.sol

medium

No proposal time limit traps sponsors of unpopular proposals

medium

changeWallets() can be confirmed immediately after proposalWallets() by manipulating activeTimelock beforehand

medium

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

medium

SALT staker can get extra voting power by simply unstaking their xSALT

medium

Impossible to change managed wallets with `proposeWallets` after first rejection

medium

If there is only one USDS borrower, he can never be liquidated

reNFT

reNFT

79.38 USDC • Code4rena • 0xpiken

#42

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

2,258.19 USDC • 7 total findings • Code4rena • 0xpiken

#11

high

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

high

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

medium

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

medium

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

medium

The gauge status wasn't checked before reducing the user's gauge weight.

medium

SurplusGuildMinter.getReward() is susceptible to DoS due to unbounded loop

medium

Anyone can prolong the time for the rewards to get distributed

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

902.93 USDC • 3 total findings • Code4rena • 0xpiken

silver

high

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

medium

No slippage protection for Market functions

medium

Users will lose rewards when buying new tokens if they already own some tokens

Oct '23

NextGen

NextGen

2 USDC • 4 total findings • Code4rena • 0xpiken

#103

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Ethena Labs

Ethena Labs

130.12 USDC • 1 total finding • Code4rena • 0xpiken

#24

medium

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

The Wildcat Protocol

The Wildcat Protocol

0.16 USDC • 3 total findings • Code4rena • 0xpiken

#74

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

medium

No lender is able to exit even after the market is closed

medium

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

Canto Liquidity Mining Protocol

Canto Liquidity Mining Protocol

359.93 USDC • 1 total finding • Code4rena • 0xpiken

#10

high

Array Length of `tickTracking_ ` Can be Purposely Increased to Brick Minting and Burning of Most Users' Liquidity Positions

Sep '23

Venus Prime

Venus Prime

129.33 USDC • 1 total finding • Code4rena • 0xpiken

#26

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

Centrifuge

Centrifuge

296.01 USDC • 1 total finding • Code4rena • 0xpiken

#23

medium

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Ondo Finance

Ondo Finance

1,598.79 USDC • 2 total findings • Code4rena • 0xpiken

#6

medium

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

medium

All bridged funds will be lost for the users using the account abstraction wallet

Aug '23

Tangible Caviar

Tangible Caviar

247.44 USDC • Code4rena • 0xpiken

#37