https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/c6f1ed8d-1dc8-4241-a7dc-cc488cf45ce5.png

BADROBINX

Security Researcher

Contact Me

High

Total

Medium

Total

$2.67K

Total Earnings

#1104 All Time

10x

Payouts

2x

Top 10

4x

Top 25

7x

Top 50

All

Sherlock

Immunefi

Jan '26

Hotstuff

74.83 USDC • Sherlock • BADROBINX

#28

Findings not publicly available for private contests.

Sep '25

Super DCA Liquidity Network

268.00 OP • 4 total findings • Sherlock • BADROBINX

high

An Attacker deploying a Pool with different `tickSpacing` can steal Rewards by another pool.

high

When someones calls `stake` the `otherToken` rewardIndex resets, causing a loss of Rewards.

high

`collectFees` will revert for Pools with token0/1 as native ETH.

medium

The `SuperDCACashback` assumes the USDx has 6 decimals.

Rezerve Money

56.04 USDC • Sherlock • BADROBINX

#64

Findings not publicly available for private contests.

Aug '25

USG - Tangent

663.66 USDC • 7 total findings • Sherlock • BADROBINX

#13

high

`migrateFrom` and `migrateTo` can be called by anyone.

medium

If `totalSupplyVsTan` goes to 0, it might result in a loss as `userRewardPerTokenPaid` is not updated.

medium

There is no way for the `admin` to sweep `rewards` lost due to precision

medium

No Slippage in `liquidation` causing loss of funds.

medium

The `siezeCollateral` compares collateral value in USD with USG.

medium

`oracle.getPtToSyRate` may return bigger values for some markets

medium

The collateral value for PT may be overstated as `getPtToSyRate` returns 1:1

Jul '25

Malda

10.64 USDC • 2 total findings • Sherlock • BADROBINX

#44

medium

The `wrapAndSupplyOnExtensionMarket` does not account for the `GasFee` required by the host contract

medium

`sendMsg` uses the old `transferInfo` if the deadline has reached to calculate the `_maxTransferSize`, causing DoS

Mar '25

Audit Comp | Yeet

1,150 USDC • 2 total findings • Immunefi • robin_bl4z3

medium

Finding not yet public.

low

Finding not yet public.

Jan '25

Plaza Finance

40.44 USDC • 3 total findings • Sherlock • BADROBINX

#56

high

The `transferReserveToAuction` Function uses the wrong `currentPeriod`, Leading to DoS

high

New `BondAuction` Holders are Inappropriately Eligible for Full Period Distributions

medium

The `endAuction` Function Does Not Exclude Fees When Calculating the Pool's Value, Leaving the beneficiary with less fees

Aave v3.3

91.89 USDC • Sherlock • BADROBINX

#83

Dec '24

Tally ARB Staker

60.67 USDC • Sherlock • BADROBINX

#25

Sep '24

Flayer

258.62 USDC • 6 total findings • Sherlock • BADROBINX

#39

high

The `redeem` function does not check if the requested NFT is not a `canWithdrawAsset` NFT of someone else

high

The `collectionShutdown` Contract Allows Normal Voting After Execution, Preventing Users from Receiving Compensation for Burned Tokens and NFTs sold

high

The `collectionShutdown` contract fails to return tokens to users who voted when `cancel` is called due to an increase in token supply causing the tokens to be stuck inside the contract

high

The `relist` function does not check whether the listing is a liquidation listing causing users to pay taxes and refunds being paid to the listing owner who did not pay taxes

high

The `reserve` Function Fails to Delete `_isLiquidation` Mapping, Causing Refund not being paid for that Token Future Listings

medium

The `initializeCollection` is using a wrong Refund Logic causing the function to send zero Refunds