https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/e85b95c3-3ce8-45d6-a7eb-851450b32818.jpg

Abhan1041

Security Researcher

Contact Me

High

17

Total

Medium

24

Total

$2.98K

Total Earnings

#955 All Time

21x

Payouts

regular

4x

Top 10

regular

9x

Top 25

regular

15x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Jul '25

DeBank

DeBank

6.12 USDC • Sherlock • Abhan1041

#86

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

15.39 USDC • 5 total findings • Sherlock • Abhan1041

#50

high

Refund Can Be Claimed by Unauthorized User if Wallet Address Is Not Exactly 20 Bytes

medium

Incorrect Fee Deduction in onCall Leads to User incorrect payment

medium

ERC20 Non-Standard Return Value Compatibility (USDT Transfer Failure)

medium

ETH Refund Failure in onRevert() Function

medium

Malicious Revert Can Overwrite Legitimate Refunds via onRevert Function

May '25

primev-validator-registry

primev-validator-registry

0.18 USDC • 1 total finding • Cantina • Abhan

#6

high

Finding not yet public.

LEND

LEND

1.62 USDC • 1 total finding • Sherlock • Abhan1041

#108

high

Redemption Logic Uses Stale Exchange Rate, Causing Under-Crediting of Users

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • Abhan1041

#18

medium

Anyone can delay reward distribution by calling notifyRewardAmount with minimal Deposits

Feb '25

THORWallet

THORWallet

0.35 USDC • 1 total finding • Code4rena • Abhan

#8

high

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Core Contracts

Core Contracts

258.08 usdc • 8 total findings • CodeHawks • abhan

#85

high

Reward manipulation vulnerability in StabilityPool

high

Treasury Balance Tracking Bypass in FeeCollector

medium

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

medium

Emergency Withdrawals in `FeeCollector` will break Fee Distribution Logic

medium

Emission Rate can be Manipulated (Locked, Higher or Lower)

low

pause will lower the rewards for time that the system operated actively

Jan '25

infrared-contracts

infrared-contracts

1,124.38 USDC • 2 total findings • Cantina • Abhan

#26

high

Finding not yet public.

medium

Finding not yet public.

Plaza Finance

Plaza Finance

6.03 USDC • 3 total findings • Sherlock • Abhan1041

#80

high

There is inconsistency in fee taken on reserve in pool contract

medium

Bond holders distribution will be incorrect when auction is failed due to sale pool limit

medium

There will be precision loss in pool contract

Dec '24

Alchemix Transmuter

Alchemix Transmuter

0.00 op • 1 total finding • CodeHawks • abhan

#31

low

Old router retains token allowance after update

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • Abhan

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

SecondSwap

SecondSwap

4.31 USDC • 3 total findings • Code4rena • Abhan

#53

high

Users can claim more that their actual allotment

medium

Incorrect referral fee calculations

medium

Creator of one vesting plan can affect vesting plans created by other users.

Numa

Numa

579.94 USDC • 1 total finding • Sherlock • Abhan1041

#10

high

Attacker can steal funds of depositor due to inflation attack

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

2.51 OP • 3 total findings • Sherlock • Abhan1041

#63

high

Lack of access control in `updateDownsideProtected` function leads to malicious things

high

Attacker can drain funds by passing incorrect price of USDa-USDT in `redeemUSDT` function

medium

`calculateCumulativeRate` updated wrongly in `_withdraw` leads to wrong interest calculation

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

74.96 USDC • 3 total findings • Sherlock • Abhan1041

#23

high

Fees on `buyVotes` are wrongly added in `marketFunds`

high

Fees are also collected on refund amount at the time of buying votes

medium

Lack of slippage protection in `sellVotes` function

Telcoin Update #2

Telcoin Update #2

5.92 USDC • Sherlock • Abhan1041

#48

Sep '24

infinitypools

infinitypools

500 USDC • Cantina • Abhan

#16

Royco Protocol

Royco Protocol

78.6 USDC • 2 total findings • Cantina • Abhan

#43

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

Cork Protocol

Cork Protocol

31.50 USDC • 2 total findings • Sherlock • Abhan1041

#15

high

Lack of slippage protection leads to loss of protocol funds

medium

Wrong check in `LVDepositNotPaused` modifier leads to unintended behaviour

Jul '24

TraitForge

TraitForge

232.52 USDC • 4 total findings • Code4rena • Abhan

#19

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

medium

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

May '24

Predy

Predy

0.17 USDC • 1 total finding • Code4rena • Abhan

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results