3docSec
Security Researcher
Independent security researcher in the web3 domain. Currently active on @immunefi and @code4rena
High
22
Total
Medium
28
Total
$38.92K
Total Earnings
#219 All Time
15x
Payouts
1x
1st Places
2x
3rd Places
11x
Top 10
All
Sherlock
Code4rena
Nov '24
May '24
Apr '24
high
Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral
high
Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine
high
Kerosene collateral is not being moved on liquidation, exposing liquidators to loss
high
User can get their Kerosene stuck because of an invalid check on withdraw
Feb '24
Jan '24
Dec '23
high
The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt
high
Anyone can steal all distributed rewards
medium
`totalBorrowedCredit` can revert, breaking gauges.
medium
ProfitManager's "creditMultiplier" calculation does not count undistributed rewards; this can cause value losses to users
medium
Rounding errors can cause ERC20RebaseDistributor transfers and mints to fail for underflow
medium
Anyone can prolong the time for the rewards to get distributed
Oct '23
high
Single host can unfairly skip veto period for proposal that does not have full host support
medium
ETHCrowdfundBase.sol#processContribution - Impossible to finalize crowdfund because of minContribution check
medium
`PartyGovernanceNFT#rageQuit()` can lead to token loss for users when dealing with zero-balance ERC20 during a `rageQuit()`
medium
PartyGovernanceNFT advertises but does not honor the ERC-4906 standard
medium
PartyGovernanceNFT.sol#mint - User can delegate another user funds to themselves and brick them from changing the delegation
high
Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want
high
Borrower has no way to update `maxTotalSupply` of `market` or close market.
high
Borrower can drain all funds of a sanctioned lender
medium
Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range
Sep '23
high
Redeeming a Settlement won't work for unsigned messages when the communicating dApps have different addresses on the different chains
high
All tokens can be stolen from `VirtualAccount` due to missing access modifier
medium
Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication
medium
Message channels can be blocked resulting in DoS
medium
If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent
Aug '23
high
Incorrect Solidity version in FullMath.sol can cause permanent freezing of assets for arithmetic underflow-induced revert
high
V3Proxy swapTokensForExactETH does not send back to the caller the unused input tokens
high
TokenisableRange's incorrect accounting of non-reinvested fees in "deposit" exposes the fees to a flash-loan attack
medium
User can steal refunded underlying tokens from `initRange` operation inside `RangeManager`
medium
Incorrect boundaries check in GeVault's "getActiveTickIndex" can temporarily freeze assets due to Index out of bounds error
medium
V3 Proxy does not send funds to the recipient, instead it sends to the msg.sender
Jul '23
Jun '23