Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/aa31064f-33fb-4f07-85be-c0931e9c2e08.png

4gontuk

Security Researcher

Contact Me

High

16

Total

Medium

20

Total

$9.09K

Total Earnings

#618 All Time

23x

Payouts

regular

5x

Top 10

regular

15x

Top 25

regular

20x

Top 50

All

Sherlock

Code4rena

Cantina

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • Agontuk

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Pump Science

Pump Science

417.31 USDC • 1 total finding • Code4rena • Agontuk

#6

medium

Last buy might charge the wrong fee

Dec '24

SecondSwap

SecondSwap

6.98 USDC • 3 total findings • Code4rena • Agontuk

#46

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

medium

Incorrect referral fee calculations

medium

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.01 OP • 1 total finding • Sherlock • 4gontuk

#65

medium

`PythOracle` is providing Stale Prices due to incorrect staleness check in `currentValue()`

Lambo.win

Lambo.win

196.51 USDC • 3 total findings • Code4rena • Agontuk

#17

high

Calculation for `directionMask` is incorrect

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

medium

LP for v3 pool of underlying tokens with decimals != 18 would have incorrect NFT metadata

Nov '24

Concrete

Concrete

141.88 USDC • Code4rena • Agontuk

#57

hyperlend

hyperlend

2,708.38 USDC • 1 total finding • Cantina • 4gontuk

#8

medium

Finding not yet public.

Sep '24

symbioticfi-core

symbioticfi-core

211.51 USDC • 1 total finding • Cantina • 4gontuk

#22

medium

Finding not yet public.

Aug '24

Velar Artha PerpDEX

Velar Artha PerpDEX

873.14 USDC • 1 total finding • Sherlock • 4gontuk

#6

medium

LPs will withdraw more value than deposited during pegged token de-peg events

Chakra

Chakra

2.03 USDT • 2 total findings • Code4rena • Agontuk

#56

high

Anyone can manipulate user nonce (nonce_manager) in settlement contract

high

In Starknet already processed messages can be re-submitted and by anyone

Cork Protocol

Cork Protocol

31.50 USDC • 2 total findings • Sherlock • 4gontuk

#15

high

Lack of Slippage Protection in `repurchase` Function Can Cause Financial Loss for Users

medium

Incorrect Modifier Check will Cause Unexpected Reverts for Users

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

88.38 USDC • Sherlock • 4gontuk

#14

Superposition

Superposition

1.26 USDC • 1 total finding • Code4rena • Agontuk

#32

medium

_onTransferReceived() does not work as intended

Phi

Phi

9.15 USDC • 1 total finding • Code4rena • Agontuk

#48

high

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

zetachain-protocol

zetachain-protocol

2,162.62 USDC • 2 total findings • Cantina • 4gontuk

#16

high

Finding not yet public.

high

Finding not yet public.

Winnables Raffles

Winnables Raffles

1.80 USDC • 1 total finding • Sherlock • 4gontuk

#37

high

Incorrect ETH Locking Mechanism Will Lead to Permanent Fund Lockup (`WinnablesTicketManager::refundPlayers`)

Sentiment V2

Sentiment V2

12.96 USDC • 2 total findings • Sherlock • 4gontuk

#42

medium

Lack of `whenNotPaused` Modifier Allows Critical Operations During Paused State

medium

`SuperPool.sol` is not ERC4626 compliant.

Axelar Network

Axelar Network

0 USDC • Code4rena • Agontuk

#9

Jul '24

Basin

Basin

8.44 USDC • 1 total finding • Code4rena • Agontuk

#11

high

Incorrectly assigned `decimal1` parameter upon decoding

Reserve Core

Reserve Core

0 USDC • Code4rena • Agontuk

#7

TraitForge

TraitForge

284.23 USDC • 3 total findings • Code4rena • Agontuk

#16

high

The maximum number of generations is infinite

medium

Forger Entities can forge more times than intended

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

LoopFi

LoopFi

1,493.94 USDC • 4 total findings • Code4rena • Agontuk

#13

high

`AuraVault::claim` reward calculation does not deduct fees from reward amount, causing DoS or extra rewards lost

medium

`PoolV3#repayCreditAccount()` use incorrect share converting function to calculate profit and loss

medium

Lack of Slippage Control in `AuraVault::deposit` and `AuraVault::mint` Functions Can Lead to Unexpected Financial Losses for Users

medium

Unclaimed Rewards Handling Issue in `AuraVault` Contract Functions (`AuraVault::deposit`, `AuraVault::mint`, `AuraVault::withdraw`, `AuraVault::redeem`)

Velocimeter

Velocimeter

439.87 USDC • 5 total findings • Sherlock • 4gontuk

#20

high

Attacker can DoS users by delegating tokens at `MAX_DELEGATES` limit in `VotingEscrow::_moveTokenDelegates()`

high

Emergency Council will permanently lock user rewards when killing gauges via `Voter::killGaugeTotally`

high

Users will receive incorrect rewards due to outdated total supply caching in `RewardsDistributorV2::_checkpoint_total_supply()`

medium

Users can exploit vote persistence to earn unearned rewards via `Voter::poke`

medium

First Liquidity Provider can DOS the Pool in `Pair::mint()`