Boy2000

Security Researcher

High

Total

Medium

Total

$5.30K

Total Earnings

#712 All Time

6x

Payouts

1x

2nd Places

1x

3rd Places

3x

Top 10

All

Sherlock

Mar '25

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • Boy2000

#18

medium

Rewards rate can be diluted by attacker

Feb '25

Rova

1,178.25 USDC • 1 total finding • Sherlock • Boy2000

medium

updateParticipation confuses CurrencyAmount with TokenAmount

Jan '25

Plaza Finance

29.93 USDC • 3 total findings • Sherlock • Boy2000

#59

medium

Auction can be intentionally failed by bidding above poolSaleLimit ratio

medium

Protocol loses portion of accumulated fees after each Auction

medium

Bidders may halt bidding by getting themselves blacklisted

Aave v3.3

587.66 USDC • Sherlock • Boy2000

#40

Allora v0.8.0 Update

2,325.49 USDC • Sherlock • Boy2000

Findings not publicly available for private contests.

Dec '24

Oku's New Order Types Contract Contest

161.84 OP • 6 total findings • Sherlock • Boy2000

#15

high

execute : target can be any address, including Token. stealing funds

high

Orders created in same block will override each other

high

OracleLess.createOrder passes wrong owner to procureTokens

medium

cancelOrder and adminCancelOrder can be blocked by using blacklisted recipient address. permanent dos

medium

PythOracle.currentValue will return only if price is stale

medium

OracleLess missing maxPendingOrders check, leading to OOG in fillOrder, cancelOrder

Oct '24

Usual V1

1,013.20 USDC • 1 total finding • Sherlock • Boy2000

high

UsualX.withdraw subtracts from totalDeposits incorrect fee amount