https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_2.png

0xyPhilic

Security Researcher

Contact Me

High

12

Total

Medium

2

Total

$1.07K

Total Earnings

#1217 All Time

8x

Payouts

regular

3x

Top 25

regular

5x

Top 50

All

Sherlock

CodeHawks

Dec '23

Footium Update

Footium Update

14.67 USDC • Sherlock • 0xyPhilic

#27

Aug '23

Sparkn

Sparkn

0.38 USDC • 2 total findings • CodeHawks • 0xyPhilic

#90

low

If a winner is blacklisted on any of the tokens they can't receive their funds

low

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

51.64 USDC • 4 total findings • CodeHawks • 0xyPhilic

#68

high

Tokens with less than 18 decimals allow for draining of funds

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Token spending by Uniswap router doesn't get approved

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.56 USDC • 2 total findings • CodeHawks • 0xyPhilic

#123

high

Theft of collateral tokens with fewer than 18 decimals

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Beam

Beam

52.99 USDC • Sherlock • 0xyPhilic

#31

Jun '23

Unstoppable

Unstoppable

583.14 USDC • 2 total findings • Sherlock • 0xyPhilic

#13

high

Attacker could exploit user DCA order for personal gain

high

Leverage limit orders to extract value via margin trading

Unitas Protocol

Unitas Protocol

273.83 USDC • 1 total finding • Sherlock • 0xyPhilic

#13

medium

Withdrawals could be halted temporarily

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

94.80 USDC • 6 total findings • Sherlock • 0xyPhilic

#21

high

Wrong oracle data passed blocks the system

high

Lack of slippage control can affect the overcollateralization

high

`getPriceUSD()` in `StableOracleDAI.sol` returns incorrect price

high

`rebalance()` fails during `SellUSSDBuyCollateral()` execution

high

Attacker can force protocol to dump USSD price on UniV3 Pool

medium

Chainlink price feed requests lack proper checks