https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/639840ed-8a3f-4566-b47c-399328e173b2.jpg

Bozho

Security Researcher

Web3 Security Researcher

Contact Me

High

9

Total

Medium

7

Total

$710.00

Total Earnings

#1436 All Time

6x

Payouts

regular

2x

Top 10

regular

4x

Top 25

regular

5x

Top 50

All

Sherlock

Code4rena

CodeHawks

Feb '25

Core Contracts

Core Contracts

22.84 usdc • 9 total findings • CodeHawks • notbozho

#239

high

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

high

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Inconsistent Scaling in RToken Transfer Functions

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • Bozho

#33

high

Incorrect fund calculation in `buyVotes()` locks funds in the contract or breaks core functions

Oct '24

Ethos Network Social Contracts

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • Bozho

#6

medium

Compromised addresses can interact with the whole system and grief other users

Jul '24

Munchables

Munchables

457.49 USDC • 4 total findings • Code4rena • Bozho

#7

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Mar '24

Abracadabra Mimswap

Abracadabra Mimswap

184.9 USDC • Code4rena • Bozho

#19

May '23

Iron Bank

Iron Bank

0.00 USDC • 1 total finding • Sherlock • Bozho

#25

medium

The Chainlink price feed's input is not properly validated