Security Researcher
High
Total
Medium
Solo
Total Earnings
#527 All Time
Payouts
1st Places
Top 10
Top 25
All
Sherlock
Code4rena
Dec '24
32.25 USDC • Sherlock • Avci
#31
Nov '24
19.17 USDC • Sherlock • Avci
#51
Jul '24
79.87 USDC • 2 total findings • Sherlock • Avci
#45
high
`addLiquidity()` function is called with lack of working deadline and slippage protection
Claimable gauge distributions are lost when `killGaugeTotally` is called
Mar '24
66.36 USDC • 1 total finding • Sherlock • Avci
#26
medium
curator can lead to DOS `purchase()` function
262.30 USDC • 1 total finding • Sherlock • Avci
#8
the `woPrice_` bound check will ignored if Chainlink returns zero price
Feb '24
0.23 USDC • 1 total finding • Code4rena • Avci
#179
DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.
Jan '24
0 USDC • 1 total finding • Code4rena • Avci
#137
Unauthorized Access to setCurves Function
Oct '23
4.52 USDC • Code4rena • Avci
#40
Aug '23
0 USDC • Code4rena • Avci
#88
Jul '23
274.65 USDC • 1 total finding • Sherlock • Avci
#9
getVestedFraction missed to check If Arbitrum sequencer is down
134.48 USDC • Sherlock • Avci
#38
209.52 USDC • 1 total finding • Sherlock • Avci
getGasPrice() doesn't check Arbitrum l2 chainlink feed is active
Jun '23
142.24 USDC • 1 total finding • Sherlock • Avci
#15
The deposit - withdraw - trade transaction lack of expiration timestamp check (DeadLine check)
247.33 USDC • 3 total findings • Sherlock • Avci
#18
Using unsafe ERC20 methods can revert the transaction for some tokens.
getPrice() function doesn't check If Arbitrum sequencer is down in Chainlink feeds.
There is no slippage control for trading functions at all
Mar '23
231.51 USDC • Sherlock • Avci
#20
8,620.68 USDC • 1 total finding • Sherlock • Avci
_validateAndGetPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds
Feb '23
100.83 USDC • 2 total findings • Sherlock • Avci
Oracle data feed has no check for round fullness
wrong calculation in logic of the Lend function
Jan '23
274.09 USDC • 2 total findings • Sherlock • Avci
#12
in cooler.sol.rescind there is risk of funds to be lost
if transfer fails in repaying loan will be deleted
Dec '22
13.76 USDC • 1 total finding • Code4rena • Avci
#61
`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18
Aug '22
3.50 USDC • 1 total finding • Sherlock • Avci
contract should check the responses from chainlink aggregator
Jul '22
69.98 USDC • Code4rena • Avci
#49
38.87 USDC • 1 total finding • Code4rena • Avci
#96
Use of `payable.transfer()` may lock user funds