Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0369b9e6-08ff-4edf-a36e-566c817d5bf4.jpg

1337web3

Security Researcher

Web3 Security Researcher at ChainDefenders | 100+ H/Ms Identified | 🇧🇬

Contact Me

High

45

Total

Medium

2

Solo

74

Total

$22.57K

Total Earnings

#351 All Time

31x

Payouts

silver

2x

2nd Places

regular

12x

Top 10

regular

26x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

May '25

LEND

LEND

21.05 USDC • 3 total findings • Sherlock • 1337web3

#68

high

Potentially Undercollateralized Loans Can Be Accepted

high

Wrong Redeem Amount Transferred

medium

USDT Transfers Will Fail Due To No Boolean Returned On Mainnet

Apr '25

Staking Part 2

Staking Part 2

47.59 usdc • CodeHawks • ChainDefenders

#18

Mar '25

StarkWare Perps

StarkWare Perps

31.09 USDC • Code4rena • EPSec

#22

reserve-index-dtfs-solana

reserve-index-dtfs-solana

640.88 USDC • 1 total finding • Cantina • ChainDefenders-Reserve-Solana

#11

medium

Finding not yet public.

Feb '25

THORWallet

THORWallet

0 USDC • 1 total finding • Code4rena • EPSec

#10

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Virtuals Protocol

Virtuals Protocol

386.06 USDC • 5 total findings • Code4rena • EPSec

#20

high

Public `ServiceNft::updateImpact` call leads to cascading issue

medium

Functions in FERC20 can't be invoked

medium

No slippage protection during adding liquidity to uniswap

medium

[H-1] Missing totalSupply Reduction in burnFrom Allows Supply Manipulation (ERC20 Violation)

medium

Missing Slippage Protection On Buy And Sell

Liquidity Management

Liquidity Management

400.87 usdc • 5 total findings • CodeHawks • ChainDefenders

#17

medium

PerpetualVault can be completely bricked

medium

getExecutionGasLimit() reports a lower gas limit due to gasPerSwap miscalculation

medium

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

low

Incorrect Token Price Validation in KeeperProxy

low

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

Core Contracts

Core Contracts

672.88 usdc • 55 total findings • CodeHawks • ChainDefenders

#30

high

`BaseGauge` users can claim rewards without staking

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

high

Treasury Balance Tracking Bypass in FeeCollector

high

Gauge rewards are not transferred to gauge when distributeRewards() is called

high

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

high

Voting Power Snapshot Missing

high

Stability pool does not consider RToken balance increase when DEToken is withdrawn

high

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

medium

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

medium

Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.

medium

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

medium

Gauge reward period can be extended indefinitely

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

Using balanceOf Instead of Voting Power

medium

There is no logic checking for RAACNFT price staleness before minting it

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

medium

Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

User may not be able to increase the amount of locked RAAC tokens

medium

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

medium

Permanent boost inflation through delegation removal in Boostcontroller.sol

medium

Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address

medium

Multiple Token Management Lets Withdraw a Token Different than Deposited Token

medium

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

medium

Misuse of Raw vs. Normalized Values in Utilization Rate Calculation

medium

Interest Rate Model Uses Prime Rate Instead of Optimal Rate at Optimal Utilization

medium

balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be

medium

Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In

medium

Incorrect Utilization Rate Calculation in `updateInterestRatesAndLiquidity`

medium

The earned yield from the Curve vault can never be utilized when withdrawing or borrowing

low

Canceled vote still get voted on and accumulate voting power in Goverance.sol

low

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

low

Impossible to rescue funds from `RToken` contract

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

low

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

Boost Delegation Allows Invalid Recipients on BoostController

low

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

low

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

low

Incorrect Comparison Between Scaled and Unscaled Amounts in _repay

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • EPSec

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

551.36 USDC • 1 total finding • Code4rena • EPSec

#10

medium

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Part 2

Part 2

3,317.52 usdc • 16 total findings • CodeHawks • ChainDefenders

#6

high

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

high

Multiple instances where Vault's `totalAssets()` is not properly scaled to ZAROS precision

high

Underflow when updating credit delegation will result protocol DoS

high

Vaults weth reward is not distributed correctly

high

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

medium

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

medium

Refund Underflow in Swap Refund Logic Leading to Locked Funds

medium

Wrong values of newly added `vault`

medium

Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket

medium

`checkFeeDistributionNeeded` Will Not Work With Low Decimal Assets

medium

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

medium

No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions

medium

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

low

`initiateSwap` allows users to initiate swap even when the vault is paused

low

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

low

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Ignite

Ignite

346.63 usdc • CodeHawks • ChainDefenders

#11

Dec '24

Soon

Soon

5,412.13 USDC • 1 total finding • Cantina • ChainDefenders-4034

#5

high

Finding not yet public.

QuantAMM

QuantAMM

503.46 op • 3 total findings • CodeHawks • ChainDefenders

#21

high

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

medium

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

medium

`setUpdateWeightRunnerAddress` could break the protocol

Alchemix Transmuter

Alchemix Transmuter

14.98 op • 3 total findings • CodeHawks • ChainDefenders

#24

medium

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

low

Missing Router Update Mechanism in StrategyMainnet Contract

low

Old router retains token allowance after update

SecondSwap

SecondSwap

763.43 USDC • 5 total findings • Code4rena • EPSec

#8

high

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

medium

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

medium

Creator of one vesting plan can affect vesting plans created by other users.

medium

`buyFee` And `sellFee` Should Be Known Before Purchase

medium

Incorrect referral fee calculations

Lambo.win

Lambo.win

1,314.64 USDC • 4 total findings • Code4rena • EPSec

#4

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

high

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.

medium

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

medium

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

2.47 USDC • 1 total finding • Sherlock • 1337web3

#32

medium

Missing Slippage Protection Will Lose Funds Of Users When Selling Votes

Concrete

Concrete

1,203.93 USDC • Code4rena • EPSec

#14

Oct '24

Dria

Dria

3,289.32 USDC • 10 total findings • CodeHawks • ChainDefenders

silver

high

No protection implemented against listing clone NFTs

high

Subtraction in `variance()` will revert due to underflow

high

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

medium

Platform fees withdrawal will sweep oracle agents earned fees

medium

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

medium

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

medium

Update state requests or Purchase requests occurring at the end of the phase will not process

low

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

low

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

low

Consensus Mechanism Allows Participation Of Voters With Insufficent Stake

Flow

Flow

172.56 USDC • 1 total finding • CodeHawks • ChainDefenders

#8

low

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Sep '24

Liquid Staking

Liquid Staking

1,205.88 USDC • 3 total findings • CodeHawks • ChainDefenders

#9

medium

Remove splitter will always revert if there are some rewards left on splitter contract

medium

Removed vaults still remain valid in `OperatorVCS`

medium

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

Royco Protocol

Royco Protocol

379.12 USDC • 6 total findings • Cantina • ChainDefenders-7976

#22

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

symbioticfi-core

symbioticfi-core

211.51 USDC • 1 total finding • Cantina • ChainDefenders-7876

#22

medium

Finding not yet public.

Jul '24

LoopFi

LoopFi

70.87 USDC • 2 total findings • Code4rena • EPSec

#41

high

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Munchables

Munchables

0.39 USDC • 3 total findings • Code4rena • EPSec

#48

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

TempleGold

TempleGold

255.71 USDC • 2 total findings • CodeHawks • 1337web3

#14

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

medium

Changes to vesting period is not handled inside `_getVestingRate`

Jun '24

Vultisig

Vultisig

776.21 USDC • 2 total findings • Code4rena • EPSec

#5

high

Vultisig whitelisting can be bypassed by anyone

medium

Vultisig should be burnable

Thorchain

Thorchain

271.5 USDC • 1 total finding • Code4rena • EPSec

#15

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

May '24

Tokensoft Distributor Contracts Update

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • 1337web3

silver

medium

High 01 DoS In Claiming

Munchables

Munchables

0.01 USDC • 3 total findings • Code4rena • EPSec

#16

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal