https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/e1ecf963-fd8d-4aab-b984-75f65e79a699.jpg

A2-security

Security Researcher

Reach out to us -> a2sec.io

Contact Me

High

12

Total

Medium

20

Total

$29.34K

Total Earnings

#280 All Time

4x

Payouts

gold

2x

1st Places

regular

4x

Top 10

regular

4x

Top 25

All

Sherlock

Jan '25

Aave v3.3

Aave v3.3

9,634.57 USDC • Sherlock • A2-security

#5

Nov '24

Extra Finance

Extra Finance

11,397.63 OP • Sherlock • A2-security

gold

Findings not publicly available for private contests.

Aug '24

ZeroLend One

ZeroLend One

6,946.14 USDC • 22 total findings • Sherlock • A2-security

gold

high

Incorrect Balance Calculation in getSupplyBalance() Function Leads to User Fund Loss

high

Incorrect Accounting of Treasury Shares Leads to Loss of Funds and Protocol Insolvency

high

Incorrect Fee Accrual in `CuratedVault` Contract Lead to Incorrect Shares Accounting

high

Liquidation will be blocked if there is not enough collateral in the pools

high

Incorrect Debt Share Update in `_repayDebtTokens` Leads to Significant Low Interest Rate

high

Incorrect Calculation of Collateral During Liquidation in `LiquidationLogic` leads to bad debts

high

Pool admins are able to cause loss of funds for vaults by setting malicious interestRateModels

high

userbalance not reduced by `liquidationProtocolFeeAmount`

high

Liquidated Positions Keep Receiving Rewards Forever in NFTPositionManager

high

Protocol exposed to risk of insolvancy, due to not handling bad debt

high

Incorrect Interest Rate Update Leads to Inflated Rates and Potential Protocol Insolvency

medium

Potential Denial of Service in `withdraw` Function Due to Insufficient checks on Treasury Minting

medium

Inaccurate Interest Rate Calculation in Liquidation Process

medium

Repay Function often Fails Due to Incorrect Debt Balance Calculation in Position Manager

medium

Incorrect Implementation in Reallocate Function Prevents Full Withdrawal from Pools

medium

NFTRewardsDistributor tracks user's balance in terms of assets instead of shares leading to a loss of yield

medium

Inconsistent Handling of Price Feed Decimals Leads to Incorrect Price Calculations

medium

Fixed Heartbeat Interval for Price Validation leads to potential issues

medium

Position Risk Management Functionality Missing in Position Manager and dos in certain conditions

medium

Inconsistent Application of Reserve Factor Changes Leads to Protocol Insolvency Risk

medium

`executeMintToTreasury()` doesn't update state causing a loss of yield

medium

Inflation Attack is possible on CuratedVault

Sentiment V2

Sentiment V2

1,361.50 USDC • 10 total findings • Sherlock • A2-security

#7

high

Liquidators can manipulate RepaidDebt calculation to seize excess collateral from users being liquidated

medium

Incorrect Calculation of `_minRequestedValue` Exposes Healthy Positions to Liquidation and Prevents Full Borrowing/Withdrawal

medium

Pausing on SuperPool doesn't work

medium

Incorrect Fee Calculation Leads to Potential Liquidator Losses and Protocol Instability

medium

Pool Functionality Can Be Permanently Blocked Due to Rounding in Share Calculations

medium

Inablity to perform partial liquidations allows huge positions to accrue bad debt

medium

SuperPool's `Reallocate` Function Is Broken for USDT Pools

medium

New Depositors at Risk of Significant Value Loss in Certain Pools

medium

`maxWithdraw` and `maxRedeem` are not ERC4626 compliant

medium

`SuperPoolFactory.deploySuperPool()` could be dossed