Security Researcher
Web3 Security Researcher at ChainDefenders | 100+ H/Ms Identified | 🇧🇬
High
Total
Medium
Solo
Total
Total Earnings
#351 All Time
Payouts
2nd Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
Apr '25
Mar '25
640.88 USDC • 1 total finding • Cantina • ChainDefenders-Reserve-Solana
#11
medium
Feb '25
high
Public `ServiceNft::updateImpact` call leads to cascading issue
medium
Functions in FERC20 can't be invoked
medium
No slippage protection during adding liquidity to uniswap
medium
[H-1] Missing totalSupply Reduction in burnFrom Allows Supply Manipulation (ERC20 Violation)
medium
Missing Slippage Protection On Buy And Sell
medium
PerpetualVault can be completely bricked
medium
getExecutionGasLimit() reports a lower gas limit due to gasPerSwap miscalculation
medium
Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.
low
Incorrect Token Price Validation in KeeperProxy
low
Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures
high
`BaseGauge` users can claim rewards without staking
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Treasury Balance Tracking Bypass in FeeCollector
high
Gauge rewards are not transferred to gauge when distributeRewards() is called
high
Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System
high
Voting Power Snapshot Missing
high
Stability pool does not consider RToken balance increase when DEToken is withdrawn
high
Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers
medium
[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw
medium
Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.
medium
`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function
medium
Gauge reward period can be extended indefinitely
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry
medium
Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check
medium
Using balanceOf Instead of Voting Power
medium
There is no logic checking for RAACNFT price staleness before minting it
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay
medium
Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals
medium
Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator
medium
User may not be able to increase the amount of locked RAAC tokens
medium
Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management
medium
Permanent boost inflation through delegation removal in Boostcontroller.sol
medium
Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address
medium
Multiple Token Management Lets Withdraw a Token Different than Deposited Token
medium
Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`
medium
Misuse of Raw vs. Normalized Values in Utilization Rate Calculation
medium
Interest Rate Model Uses Prime Rate Instead of Optimal Rate at Optimal Utilization
medium
balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be
medium
Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In
medium
Incorrect Utilization Rate Calculation in `updateInterestRatesAndLiquidity`
medium
The earned yield from the Curve vault can never be utilized when withdrawing or borrowing
low
Canceled vote still get voted on and accumulate voting power in Goverance.sol
low
Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions
low
Impossible to rescue funds from `RToken` contract
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function
low
Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
low
Boost Delegation Allows Invalid Recipients on BoostController
low
Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures
low
Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses
low
Incorrect Comparison Between Scaled and Unscaled Amounts in _repay
Jan '25
high
Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage
high
Multiple instances where Vault's `totalAssets()` is not properly scaled to ZAROS precision
high
Underflow when updating credit delegation will result protocol DoS
high
Vaults weth reward is not distributed correctly
high
Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`
medium
Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit
medium
Refund Underflow in Swap Refund Logic Leading to Locked Funds
medium
Wrong values of newly added `vault`
medium
Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket
medium
`checkFeeDistributionNeeded` Will Not Work With Low Decimal Assets
medium
Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency
medium
No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions
medium
rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc
low
`initiateSwap` allows users to initiate swap even when the vault is paused
low
Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout
low
Total debt used in fulfiling swap actions is wrong because we did not update the vault.
Dec '24
high
high
In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.
medium
MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing
medium
Creator of one vesting plan can affect vesting plans created by other users.
medium
`buyFee` And `sellFee` Should Be Known Before Purchase
medium
Incorrect referral fee calculations
high
Minting zero tokens when underlyingToken is not Ether in cashIn()
high
Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.
medium
Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.
medium
`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool
Nov '24
Oct '24
high
No protection implemented against listing clone NFTs
high
Subtraction in `variance()` will revert due to underflow
high
Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.
medium
Platform fees withdrawal will sweep oracle agents earned fees
medium
Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers
medium
Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.
medium
Update state requests or Purchase requests occurring at the end of the phase will not process
low
Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.
low
Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss
low
Consensus Mechanism Allows Participation Of Voters With Insufficent Stake
Sep '24
medium
Remove splitter will always revert if there are some rewards left on splitter contract
medium
Removed vaults still remain valid in `OperatorVCS`
medium
[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff
high
high
high
high
high
medium
medium
Jul '24
high
AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards
medium
`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`
Jun '24
May '24