https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_3.png

8olidity

Security Researcher

Contact Me

High

21

Total

Medium

42

Total

$14.30K

Total Earnings

#474 All Time

67x

Payouts

regular

8x

Top 10

regular

25x

Top 25

regular

49x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Jul '25

Mellow Flexible Vaults

Mellow Flexible Vaults

7.06 USDC • 2 total findings • Sherlock • 8olidity

#38

high

Signature Re-use Bypasses Multi-signature Threshold in Consensus Module

medium

Incorrect Index Usage in `DepositQueue.cancelDepositRequest` Leads to Accounting Corruption and Permanent Denial-of-Service

USDaf-v2

USDaf-v2

250 USDC • Cantina • 8olidity

#4

Dec '24

QuantAMM

QuantAMM

45.07 op • 1 total finding • CodeHawks • 8olidity

#63

low

Critical Precision Loss in MultiHopOracle Price Calculations

Sep '24

Liquid Staking

Liquid Staking

155.71 USDC • 2 total findings • CodeHawks • 8olidity

#29

low

Cross-function Merkle Proof Usage Vulnerability

low

Potential Deposit Reverts Due to Removed Operator Vaults

Feb '24

opal-contracts

opal-contracts

525.29 USDC • 3 total findings • Cantina • 8olidity

#18

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '24

incentive-contracts

incentive-contracts

30.12 USDC • 1 total finding • Cantina • 8olidity

#33

medium

Finding not yet public.

Nov '23

core-and-erc1155a

core-and-erc1155a

852.1 USDC • 1 total finding • Cantina • 8olidity

#15

medium

Finding not yet public.

Oct '23

NextGen

NextGen

0 USDC • 1 total finding • Code4rena • 8olidity

#115

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Open Dollar

Open Dollar

8.3 USDC • Code4rena • 8olidity

#55

Aug '23

Tangible Caviar

Tangible Caviar

18.37 USDC • Code4rena • 8olidity

#74

Good Entry

Good Entry

15.35 USDC • Code4rena • 8olidity

#33

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

49.82 USDC • 3 total findings • CodeHawks • 8olidity

#69

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Forcing a borrower to pay a huge debt via the giveLoan()

medium

Malicious lender can increment the loan interest using the auction process

Amphora Protocol

Amphora Protocol

9.43 USDC • Code4rena • 8olidity

#23

Basin

Basin

17.52 USDC • Code4rena • 8olidity

#26

Jun '23

Lybra Finance

Lybra Finance

9.93 USDC • Code4rena • 8olidity

#83

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

5.2 USDC • 1 total finding • Code4rena • 8olidity

#70

medium

Lack of slippage protection can lead to significant loss of user funds

Footium

Footium

0.01 USDC • 1 total finding • Sherlock • 8olidity

#32

medium

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Apr '23

EigenLayer Contest

EigenLayer Contest

267.39 USDC • 1 total finding • Code4rena • 8olidity

#22

medium

A malicious strategy can permanently DoS all currently pending withdrawals that contain it

Teller

Teller

196.24 USDC • 3 total findings • Sherlock • 8olidity

#26

high

`setCollateralEscrowBeacon()` can be called by anyone

high

`commitCollateral()` can be called by anyone

medium

fee-on-transfer tokens are not supported

Frankencoin

Frankencoin

22.6 USDC • Code4rena • 8olidity

#66

Mar '23

Gitcoin

Gitcoin

80.82 USDC • Sherlock • 8olidity

#38

Taurus

Taurus

30.89 USDC • 1 total finding • Sherlock • 8olidity

#12

medium

Logic Error in _decreaseCurrentMinted

Feb '23

Syndr

Syndr

798.15 USDC • Sherlock • 8olidity

#6

Findings not publicly available for private contests.

Blueberry

Blueberry

557.46 USDC • 3 total findings • Sherlock • 8olidity

#18

high

The attacker can bypass the original logic of `reduceposition()`

medium

No check sequencer is down in Chainlink feeds

medium

`latestRoundData()` has no check for round completeness

OpenQ

OpenQ

236.36 USDC • 2 total findings • Sherlock • 8olidity

#26

high

DepositManagerV1::refundDeposit() does not judge bounty status

high

claimManager will cause BountyCore::refundDeposit() to fail

Jan '23

Cooler

Cooler

0.30 USDC • 1 total finding • Sherlock • 8olidity

#30

high

use safetransfer and safetransferFrom

Dec '22

Papr contest

Papr contest

287.37 USDC • 1 total finding • Code4rena • 8olidity

#22

medium

Disabled NFT collateral should not be used to mint debt

Caviar contest

Caviar contest

234.49 USDC • 1 total finding • Code4rena • 8olidity

#25

medium

Price will not always be 18 decimals, as expected and outlined in the comments

Tigris Trade contest

Tigris Trade contest

372.19 USDC • 5 total findings • Code4rena • 8olidity

#29

high

Incorrect Assumption of Stablecoin Market Stability

medium

Trading will not work on ethereum if USDT is used

medium

`safeTransferMany()` doesn't actually use safe transfer

medium

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

medium

Chainlink price feed is not sufficiently validated and can return stale price

prePO contest

prePO contest

52.84 USDC • 1 total finding • Code4rena • 8olidity

#30

medium

Manager can get around min reserves check, draining all funds from Collateral.sol

Escher contest

Escher contest

0.84 USDC • 1 total finding • Code4rena • 8olidity

#70

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Nov '22

Isomorph

Isomorph

135.21 USDC • 1 total finding • Sherlock • 8olidity

#21

medium

Price oracle could get a stale price

Redacted Cartel contest

Redacted Cartel contest

448.44 USDC • 4 total findings • Code4rena • 8olidity

#23

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

Deposit Feature Of The Vault Will Break If Update To A New Platform

medium

_calculateRewards() in PirexGmx don't handle reward calculation properly, and it would revert when totalSupply() is zero which will cause claimRewards() to revert if one of 4 rewardTracker's totalSupply was zero

DODO

DODO

62.49 USDC • 1 total finding • Sherlock • 8olidity

#6

medium

`address.call{value:x}()` should be used instead of `payable.transfer()`

LooksRare Aggregator contest

LooksRare Aggregator contest

36.34 USDC • Code4rena • 8olidity

#24

Bond Protocol

Bond Protocol

1,604.26 USDC • 2 total findings • Sherlock • 8olidity

#5

medium

Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss

medium

The value of `createFeeDiscount` can never be updated

SIZE contest

SIZE contest

176.56 USDC • 2 total findings • Code4rena • 8olidity

#21

high

Attacker can steal any funds in the contract by state confusion (no preconditions)

medium

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack

Debt DAO contest

Debt DAO contest

6.71 USDC • 2 total findings • Code4rena • 8olidity

#58

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Sense

Sense

99.23 USDC • 1 total finding • Sherlock • 8olidity

#7

medium

rollerPeriphery::approve() has no permission control and can steal contract tokens

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

19.64 USDC • Code4rena • 8olidity

#33

Inverse Finance contest

Inverse Finance contest

24.6 USDC • 2 total findings • Code4rena • 8olidity

#46

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Astaria

Astaria

65.78 USDC • 1 total finding • Sherlock • 8olidity

#27

high

As long as the set `Feeto` address, will make `VaultImplementation.sol::commitToLien()` to stop working

NFTPort

NFTPort

176.00 USDC • 1 total finding • Sherlock • 8olidity

#9

medium

Nonces not used in signed data

Holograph contest

Holograph contest

55.67 USDC • Code4rena • 8olidity

#37

3xcalibur contest

3xcalibur contest

11.31 USDC • Code4rena • 8olidity

#35

Union Finance

Union Finance

317.74 USDC • 1 total finding • Sherlock • 8olidity

#16

medium

use safecast

Trader Joe v2 contest

Trader Joe v2 contest

1.3 USDC • 1 total finding • Code4rena • 8olidity

#26

high

Transfering funds to yourself increases your balance

Blur Exchange contest

Blur Exchange contest

114.82 USDC • 1 total finding • Code4rena • 8olidity

#20

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Mycelium

Mycelium

209.05 USDC • 2 total findings • Sherlock • 8olidity

#7

high

Steal their money

medium

ConvertToShares () uses the LINK of the contract to calculate and may result in a loss of user assets

Sep '22

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

593.27 USDC • 1 total finding • Code4rena • 8olidity

#12

medium

Vault set to the zero-address will break swaps and flash loans in all deployed pools

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

60.49 USDC • 2 total findings • Code4rena • 8olidity

#42

medium

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

medium

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Art Gobblers contest

Art Gobblers contest

525.56 USDC • 1 total finding • Code4rena • 8olidity

#17

medium

The reveal process could brick if `randProvider` stops working

PartyDAO contest

PartyDAO contest

2,899.28 USDC • 1 total finding • Code4rena • 8olidity

#6

high

Possibility to burn all ETH in Crowdfund under some circumstances

Nouns Builder contest

Nouns Builder contest

60.78 USDC • Code4rena • 8olidity

#96

Aug '22

Olympus DAO contest

Olympus DAO contest

54.31 USDC • Code4rena • 8olidity

#85

Nouns DAO contest

Nouns DAO contest

35.44 USDC • Code4rena • 8olidity

#41

Mimo August 2022 contest

Mimo August 2022 contest

683.42 USDC • 1 total finding • Code4rena • 8olidity

#15

medium

[H3] Persisted msg.value in a loop of delegate calls can be used to drain ETH from your proxy

Rigor Protocol contest

Rigor Protocol contest

112.03 USDC • 1 total finding • Code4rena • 8olidity

#43

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

87.35 USDC • Code4rena • 8olidity

#37

Golom contest

Golom contest

35.32 USDC • Code4rena • 8olidity

#85

Swivel v3 contest

Swivel v3 contest

92.85 USDC • 1 total finding • Code4rena • 8olidity

#33

medium

Error in allowance logic

ENS contest

ENS contest

118.8 USDC • Code4rena • 8olidity

#56

Fractional v2 contest

Fractional v2 contest

99.42 USDC • Code4rena • 8olidity

#77

Jun '22

Nibbl contest

Nibbl contest

17.26 USDC • Code4rena • 8olidity

#63

Yieldy contest

Yieldy contest

26.57 USDC • Code4rena • 8olidity

#69

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

48.98 USDC • Code4rena • 8olidity

#70

Notional x Index Coop

Notional x Index Coop

49.06 USDC • Code4rena • 8olidity

#41