https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

BenRai

Security Researcher

Contact Me

High

20

Total

Medium

54

Total

$68.11K

Total Earnings

#134 All Time

25x

Payouts

gold

2x

1st Places

bronze

2x

3rd Places

regular

9x

Top 10

All

Sherlock

Code4rena

Cantina

Hats Finance

Jan '25

silo-contracts-v2

silo-contracts-v2

5,154.84 USDC • 1 total finding • Cantina • BenRai

#14

medium

Finding not yet public.

Dec '24

SecondSwap

SecondSwap

8,836.42 USDC • 12 total findings • Code4rena • BenRai

gold

high

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

medium

maxSellPercent can be buypassed by selling previously bought vestings at a later time

medium

Unlisting a vesting after seller has claimed additional steps locks tokens which should have been claimable already

medium

maxSellPercent will be broken when a vesting is delisted after a seller has claimed additional steps

medium

Listing potential can not be purchased with discounted price

medium

`buyFee` And `sellFee` Should Be Known Before Purchase

medium

Incorrect listing type validation bypasses enforcement of minimum purchase amount

medium

Incorrect referral fee calculations

medium

Missing option to remove tokens from the `isTokenSupport` mapping can result in huge financial loss for users and the protocol

medium

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

medium

Unauthorized increase of maxSellPercent

Lambo.win

Lambo.win

115.74 USDC • 2 total findings • Code4rena • BenRai

#23

high

Calculation for `directionMask` is incorrect

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

sorella-angstrom

sorella-angstrom

3,513.28 USDC • 1 total finding • Cantina • BenRai

#5

medium

Finding not yet public.

Oct '24

Ramses Exchange

Ramses Exchange

4,340.36 USDC • 1 total finding • Code4rena • BenRai

bronze

medium

The fee for the protocol in the function RamsesV3Pool::flash() if not calculated correctly

Sep '24

uniswap-v4

uniswap-v4

8,375.22 USDC • Cantina • BenRai

#19

Jun '24

Size

Size

1,399.13 USDC • 3 total findings • Code4rena • BenRai

#24

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Credit can be sold forcibly as `forSale` setting can be ignored via Compensate

medium

LiquidateWithReplacement does not charge swap fees on the borrower

May '24

Euler-v2

Euler-v2

18,249 USDC • Cantina • BenRai

#11

Apr '24

NOYA

NOYA

6,361.45 USDC + NOYA stars • 30 total findings • Code4rena • BenRai

gold

high

BalancerConnector has incorrect implementation of totalSupply, positionTVL and total TVL will be invalid

high

`SNXConnector.sol` TVL calculation is incorrect.

high

Incomplete TVL Calculation in `AerodromeConnector::_getPositionTVL` Function.

high

Invalid handling of holding positions in `DolomiteConnector::transferBetweenAccounts`

high

`_getPositionTVL` of `UNIv3Connector` wrongly assumes ownership of all liquidity of the provided ticks inside `positionManager`.

high

Numerous errors when calculating the TVL for the MorphoBlue connector

high

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

high

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

medium

`veMav` token in `MaverickConnector` does NOT have an existing oracle, so staking Mav would always lead to DoS for TVL calculation

medium

`PrismaConnector.sol` should also check health factor in `openTrove()` function

medium

CompoundConnector.sol misses unclaimed rewards in getPositionTVL, resulting in undervalued positionTVL/TVL

medium

`_getPositionTVL()` of The StargateConnector doesn't accoount for the total value locked.

medium

LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector

medium

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

medium

In the SNXV3Connector, unclaimed rewards are not included in the calculation of the connectors TVL

medium

Incorrect Return Value in `CompoundConnector.getBorrowBalanceInBase()` Affecting TVL Calculation

medium

` PendleConnector::_getPositionTVL` will revert for in the current implementation because there is no need to stake the LP tokens anymore

medium

In the BalancerConnector, unclaimed rewards are not included in the calculation of the connectors TVL

medium

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

medium

Extra rewards are not updated in curve connector when harvestConvexRewards is called

medium

Contract does not earn any boosted position rewards in Maverick Connector

medium

The check when increasing the `minimumHelthFactor` in the `SiloConnector` is wrong because this variable is used differently in this connector

medium

`SNXV3Connector::_getPositionTVL` only works for collateral with 18 decimals

medium

Burning sUSD in `SNXV3Connector:: mintOrBurnSUSD` will not work because the sUSD to burn are not deposited into the SNXV3 protocol

medium

In the `Gearboxv3` connector the health factor of the account is never considered

medium

In the AerodromeConnector, unclaimed rewards are not included in the calculation of the connectors TVL

medium

Some connectors prevents repayment of a borrow position if it doesn't leave the connector solvent or above minimumHealthFactor

medium

The health factor check in `PrismaConnector::adjustTrove` will always pass because the ICR in the Primsma protocol has 20 decimals

medium

Using the same heartbeat for multiple price feeds

medium

No function to claim the reward in `PancakeswapConnector`.

Feb '24

Tokemak

Tokemak

2,700 USDC • Hats • BenRai

bronze

Jan '24

Blast

Blast

2,630.23 USDC • 1 total finding • Cantina • BenRai

#43

medium

Finding not yet public.

Ion Protocol

Ion Protocol

932.3 USDC • Hats • BenRai

#4

Sep '23

Allo V2

Allo V2

228.71 USDC • 6 total findings • Sherlock • BenRai

#29

high

Allocator in ` QVSimpleStrategy` can vote infinite number of times because the number of already allocated voice credits are not updated

medium

`QVSimpleStrategy` does not work when token is a `fee on transfer token`

medium

`DonationVotingMerkleDistributionVaultStrategy` deos not work if one of the allowed tokens is a fee on transfer token

medium

In `QVSimpleStrategy.reviewRecipients()` the last review that matches or crosses the `reviewThreshold` will determine the final status of the recipient

medium

In `RFPSimpleStrategy` the `poolAmount` must always be bigger or equal to the proposal bid of the recipient even parts of the pool were already distributed

medium

When calling `QVBaseStrategy._qv_allocate`, the variable `_allocator.voiceCreditsCastToRecipient[_recipientId]` is not updated correctly

Ondo Finance

Ondo Finance

778.38 USDC • 1 total finding • Code4rena • BenRai

#13

medium

Admin can't burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer

Aug '23

veRWA

veRWA

15.83 USDC • 1 total finding • Code4rena • BenRai

#51

high

Users may be forced into long lock times to be able to undelegate back to themselves.

Tangible Caviar

Tangible Caviar

1,598.33 USDC • Code4rena • BenRai

#10

Jul '23

Tokensoft

Tokensoft

420.04 USDC • 3 total findings • Sherlock • BenRai

#5

high

Each time `initializeDistributionRecord` in `PriceTierVestingSale_2_0` is called new voting tokens are minted

medium

Changing the `voteFactor` messes up the voting powers of recipients with already initiated `distributionRecords`

medium

In `PriceTierVesting` there is no check if the Sequenzer for L2s is up when calling the oralce

Bond Options

Bond Options

587.17 USDC • 1 total finding • Sherlock • BenRai

#8

medium

`optionTokens` can be expired even though the epoch is not over

Jun '23

Arrakis

Arrakis

815.51 USDC • 2 total findings • Sherlock • BenRai

#11

high

`addLiquidityPermit2` in `ArrakisV2Router.sol` reverts for vaults where token0 is `weth`

medium

`ChainLinkOraclePivot.sol` does not work properly if the update intervals (the heartbeat) of the two used oracles is different

May '23

Iron Bank

Iron Bank

37.27 USDC • 3 total findings • Sherlock • BenRai

#17

medium

Chainlink Oracle will return wrong price if underlying aggregator hits minAnswer

medium

getPriceFromChainlink() doesn't check if sequencer for Arbitum/Optimism is down in Chainlink feeds

medium

Chainlink's latestRoundData return stale or incorrect result for L1

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

2.30 USDC • 2 total findings • Sherlock • BenRai

#76

high

BTC/USD chainlink oracle is used to price WBTC which is problematic for minting if WBTC depegs

medium

BTC/USD chainlink oracle is used to price WBTC which is problematic for rebalancing if WBTC depegs

Footium

Footium

120.87 USDC • 1 total finding • Sherlock • BenRai

#20

high

Bad club owner can set approval for all to himself, sell the club and take all players

Apr '23

JOJO Exchange

JOJO Exchange

634.75 USDC • 1 total finding • Sherlock • BenRai

#19

medium

Changing the borrowFeeRate results in a lower than expectet borrowFeeRate for new borrowed JUSD

Frankencoin

Frankencoin

231.96 USDC • 2 total findings • Code4rena • BenRai

#31

high

CHALLENGER_REWARD can be used to drain reserves and free mint

medium

Owner of Denied Position is not able to withdraw collateral until expiry.

Caviar Private Pools

Caviar Private Pools

31 USDC • Code4rena • BenRai

#61