https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

14si2o_Flint

Security Researcher

Contact Me

High

10

Total

Medium

8

Total

$4.82K

Total Earnings

#760 All Time

14x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

Apr '24

Renzo

Renzo

18.24 USDC • 3 total findings • Code4rena • 14si2o_Flint

#40

high

Incorrect withdraw queue balance in TVL calculation

medium

Pending withdrawals prevent safe removal of collateral assets

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

TITLES Publishing Protocol

TITLES Publishing Protocol

1,371.52 USDC • 1 total finding • Sherlock • 14si2o_Flint

#4

high

The Edition_Publisher can put himself as collection referrer after creation of the edition and steal the referrers profits.

Zivoe

Zivoe

40.03 USDC • 2 total findings • Sherlock • 14si2o_Flint

#50

high

ITO depositors will lose part of their ZVE allocation, since the calculation is based on TotalSupply, which becomes dynamic the moment ITO ends and migrateDeposits is called.

high

A malicious actor can withold up to 25% of rewards from ZivoeRewards for multiple months for all users at no cost

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

0.02 USDC • Sherlock • 14si2o_Flint

#49

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • 14si2o_Flint

bronze

high

Highest bidder can withdraw his collateral due to a missing check in _cancelAllBids

Revert Lend

Revert Lend

760.12 USDC • 2 total findings • Code4rena • 14si2o_Flint

#16

medium

V3Oracle susceptible to price manipulation

medium

V3Vault is not ERC-4626 compliant

Feb '24

Spectra

Spectra

100.16 USDC • 1 total finding • Code4rena • 14si2o_Flint

#15

medium

PrincipalToken is not ERC-5095 compliant

AI Arena

AI Arena

180.29 USDC • 4 total findings • Code4rena • 14si2o_Flint

#29

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

114.88 USDC • Code4rena • 14si2o_Flint

#63

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

1,426.68 USDC • Code4rena • 14si2o_Flint

#29

veRWA

veRWA

9.82 USDC • Code4rena • 14si2o_Flint

#52

PoolTogether V5: Part Deux

PoolTogether V5: Part Deux

793.38 USDC • 1 total finding • Code4rena • 14si2o_Flint

#10

medium

`VaultBooster`: users tokens will be stuck if they deposited with unsupported boost tokens

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 2 total findings • Sherlock • 14si2o_Flint

#99

high

Multiple missing & wrong hardcoded addresses in Oracles

high

Infinite minting & burning of USSD token due to missing Access Control

Footium

Footium

0.01 USDC • 1 total finding • Sherlock • 14si2o_Flint

#32

medium

[M-01] Did not Approve to zero first