https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/62642106-ab0d-42ee-8b62-d164cd42e71a.jpg

BiasedMerc

Security Researcher

Smart Contract Auditor - Prev. CEX On-Chain Security and Crypto AML investigations

Contact Me

High

Total

Medium

Solo

Total

$4.14K

Total Earnings

#790 All Time

12x

Payouts

1x

2nd Places

3x

Top 10

4x

Top 25

All

Sherlock

Code4rena

Aug '24

ZeroLend One

112.13 USDC • 3 total findings • Sherlock • BiasedMerc

#35

high

PositionBalanceConfiguration::getSupplyBalance() incorrectly calculates shares value

high

LiquidationLogic::_repayDebtTokens() incorrectly assigns vars.debtReserveCache.nextDebtShares

medium

CuratedVaults are prone to inflation attacks due to not utilising virtual shares

Jul '24

LoopFi

0.06 USDC • 1 total finding • Code4rena • BiasedMerc

#57

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Velocimeter

40.43 USDC • 2 total findings • Sherlock • BiasedMerc

#49

high

VotingEscrow MAX_DELEGATES value can lead to DOS on certain EVM-compatible chains

medium

First liquidity provider of a newly created stable pair can cause DOS and loss of funds

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

620.53 USDC • 3 total findings • Sherlock • BiasedMerc

high

PendlePTKelpVault allows anyone to finalize a withdraw for any account, which can lead to less rewards received for users

high

PendlePrincipleToken::_redeemPT is prone to fees and slippage, but contains no limiting parameters

medium

VaultRewarderLib::_claimRewardToken transfer wrapped in try catch can lead to loss of rewards

May '24

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • BiasedMerc

medium

PerAddressContinuousVestingMerkle::claim will revert due to bytes(0) data being passed to _executeClaim

Napier Finance - LST/LRT Integrations

158.24 USDC • 1 total finding • Sherlock • BiasedMerc

#13

medium

RsETHAdapter::_stake() does not have any checks on the amount of RSETH minted during depositETH call

Apr '24

Renzo

0.04 USDC • 2 total findings • Code4rena • BiasedMerc

#57

high

Incorrect withdraw queue balance in TVL calculation

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

NOYA

0.02 USDC + NOYA stars • 1 total finding • Code4rena • BiasedMerc

#122

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

TITLES Publishing Protocol

34.98 USDC • 4 total findings • Sherlock • BiasedMerc

#32

high

Edition:mintBatch() collects minted fees once, but it should collect fees per mint

high

FeeManager::_splitProtocolFee sends collectionReferrerShare to wrong address

medium

Edition::mintBatch() Uses msg.value on each itteration, meaning after 1st itteration there will not be enough ETH to continue

medium

Edition doesn't update Nodes when Work attributes are changed

DYAD

7.37 USDC • 2 total findings • Code4rena • BiasedMerc

#100

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

medium

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Zivoe

2,512.23 USDC • 3 total findings • Sherlock • BiasedMerc

medium

ZivoeYDL::distributeYield() will revert if protocolRecipients recipients length is smaller than residualRecipients

medium

OCL_ZVE::pushToLockerMulti() will revert due to incorrect assert() statements when interacting with UniswapV2

medium

OCY_Convex_C use of PYUSD can lead to DAO and User funds being DOS

Jan '24

Salty.IO

347.67 USDC • 2 total findings • Code4rena • BiasedMerc

#40

medium

Absence of autonomous mechanism for `selling collateral assets in the external market in exchange for USDS` will cause undercollateralization during market crashes and will cause USDS to depeg.

medium

Creation of token whitelisting proposals can be DOS'd