Security Researcher
Smart contract auditor | Block 5 fellow @yAcademyDAO | Independent Security Researcher @code4rena | @sherlockdefi
High
Total
Medium
Total
Total Earnings
#1111 All Time
Payouts
Top 25
Top 50
All
Sherlock
Code4rena
Apr '24
high
`totalSupply` is reduced by incorrect amount in revokeVestingSchedule function
high
user votes are reduced by Incorrect amount in `revokeVestingSchedule` function
high
airdrop amount is calculated using Incorrect total supplies in ITO
high
Attacker can nullify rewards in ZivoeRewards and ZivoeRewardsVesting
medium
Adding liquidity in OCL_ZVE will always fail due to allowance assertion checks
medium
forwardYield function can be sandwiched to make it distribute more yield than intended
Feb '24
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes
high
Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
medium
Minter / Staker / Spender roles can never be revoked`..,
medium
DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.
medium
Fighter created by mintFromMergingPool can have arbitrary weight and element
Jan '24
Nov '23
Aug '23
high
The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP
high
The peg stability module can be compromised by forcing lowerDepeg to revert.
high
Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation
medium
_curveSwap: getDpxEthPrice and getEthPrice is in wrong order
Jul '23
high
deposits with native ETH are not correctly handled in LMPVaultRouterBase
high
An attacker can steal all the rewards due to incorrect reward accounting
high
queueNewRewards function trying to pull more amount of rewards from liquidator
high
Tokens are not being transferred to swapper before swapping in LiquidationRow contract
high
Destination vault rewards should be claimed before every withdrawal in LMPVault
Jun '23
Mar '23