https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/40b1fa00-ed3b-46e4-a71b-178331ae1408.jpg

0xvj

Security Researcher

Smart contract auditor | Block 5 fellow @yAcademyDAO | Independent Security Researcher @code4rena | @sherlockdefi

Contact Me

High

18

Total

Medium

8

Total

$1.48K

Total Earnings

#1114 All Time

10x

Payouts

regular

2x

Top 25

regular

5x

Top 50

All

Sherlock

Code4rena

Apr '24

Zivoe

Zivoe

139.40 USDC • 6 total findings • Sherlock • 0xvj

#42

high

`totalSupply` is reduced by incorrect amount in revokeVestingSchedule function

high

user votes are reduced by Incorrect amount in `revokeVestingSchedule` function

high

airdrop amount is calculated using Incorrect total supplies in ITO

high

Attacker can nullify rewards in ZivoeRewards and ZivoeRewardsVesting

medium

Adding liquidity in OCL_ZVE will always fail due to allowance assertion checks

medium

forwardYield function can be sandwiched to make it distribute more yield than intended

Feb '24

AI Arena

AI Arena

34.87 USDC • 8 total findings • Code4rena • 0xvj

#97

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Minter / Staker / Spender roles can never be revoked`..,

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element

Jan '24

Flat Money

Flat Money

80.91 USDC • 1 total finding • Sherlock • 0xvj

#17

high

An attacker can bypass the leverage position NFT locking mechanism

Nov '23

Kelp DAO | rsETH

Kelp DAO | rsETH

2.76 USDC • Code4rena • 0xvj

#54

Aug '23

Dopex

Dopex

187.04 USDC • 4 total findings • Code4rena • 0xvj

#61

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

medium

_curveSwap: getDpxEthPrice and getEthPrice is in wrong order

Jul '23

Tokemak

Tokemak

917.51 USDC • 5 total findings • Sherlock • 0xvj

#24

high

deposits with native ETH are not correctly handled in LMPVaultRouterBase

high

An attacker can steal all the rewards due to incorrect reward accounting

high

queueNewRewards function trying to pull more amount of rewards from liquidator

high

Tokens are not being transferred to swapper before swapping in LiquidationRow contract

high

Destination vault rewards should be claimed before every withdrawal in LMPVault

Beam

Beam

28.05 USDC • Sherlock • 0xvj

#37

Jun '23

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • 0xvj

#30

medium

Chainlink’s latestRoundData might return stale or incorrect results

Mar '23

Gitcoin

Gitcoin

28.53 USDC • Sherlock • 0xvj

#59

Y2K

Y2K

57.66 USDC • 1 total finding • Sherlock • 0xvj

#56

medium

Attacker can lock user premium vault funds on collateral vault by calling triggerEndEpoch function during NullEpoch