Security Researcher
Independent security researcher | JSR @SpearbitDAO | Watson @SherlockDefi | SC & ZK alumni @yAcademyDAO
High
Solo
Total
Medium
Solo
Total
Total Earnings
#111 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Hats Finance
Feb '24
Oct '23
Sep '23
Jul '23
Jun '23
May '23
high
Incorrect `DAIEthOracle` in `StableOracleDAI` and `StableOracleWBGL`
high
Incorrect check on collateral being `DAI` in `USSDRebalancer.SellUSSDBuyCollateral()`
high
Incorrect rebalancing due to unrelated Uni V3 pool reserves
high
`price` is DAI/ETH instead of ETH/DAI in `StableOracleDAI.getPriceUSD()`
high
Incorrect decimals for `price` in `StableOracleDAI.getPriceUSD()`
high
Incorrect `amountToSellUnits` decimals in `USSDRebalance.BuyUSSDSellCollateral()`
high
Unprotected `mintRebalancer` and `burnRebalancer` functions
high
Incorrect `ExactInputParams` struct in `USSD`
medium
Funds can be stolen if WBTC depegs
Mar '23
high
An attacker can manipulate the preDepositvePrice to steal from other users.
high
Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )
high
`WstEth` derivative assumes a ~1=1 peg of stETH to ETH
medium
In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors
Feb '23
Findings not publicly available for private contests.
Jan '23
high
Missing check on `account` in `PerpDepository.rebalance()`
medium
`PerpDepository` not compatible with `assetToken` with decimals different from 18
medium
Missing approval of `assetToken` to `spotSwapper` in `PerpDepository._rebalanceNegativePnlWithSwap()`
medium
Missing approval of `quoteToken` to `vault` in `PerpDepository._rebalanceNegativePnlWithSwap()`
Dec '22
Findings not publicly available for private contests.
Nov '22
Oct '22
Sep '22
Aug '22
Jul '22
May '22