https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/34460bce-c107-46de-86fd-914e7adc2c7a.png

Breeje

Security Researcher

Securing Smart Contracts One Bug at a Time

Contact Me

High

24

Total

Medium

45

Total

$26.96K

Total Earnings

#303 All Time

56x

Payouts

silver

1x

2nd Places

bronze

2x

3rd Places

regular

17x

Top 10

All

Sherlock

Code4rena

Immunefi

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • Breeje

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Symmio, Staking and Vesting

Symmio, Staking and Vesting

68.35 USDC • 2 total findings • Sherlock • Breeje

#10

high

Attacker can prevent distribution of rewards to stakers through frequent reward updates

medium

Malicious User can dilute staking Rewards to a longer timeframe

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 1 total finding • Code4rena • Breeje

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Dec '24

SecondSwap

SecondSwap

0 USDC • 1 total finding • Code4rena • Breeje

#67

high

Users can claim more that their actual allotment

Oct '24

Gamma Brevis Rewarder

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • Breeje

bronze

high

Users will be DoSed from claiming if they do multiple partial claims

Aug '24

Chakra

Chakra

33.2 USDT • 3 total findings • Code4rena • Breeje

#46

high

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

medium

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

medium

SettlementSignatureVerifier's required_validators is not updated, resulting in a low or high number of signatures being required

Jul '24

LoopFi

LoopFi

1.37 USDC • 1 total finding • Code4rena • Breeje

#56

medium

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

MakerDAO Endgame

MakerDAO Endgame

1,077.14 USDC • Sherlock • Breeje

#56

Jun '24

Vultisig

Vultisig

632.1 USDC • 1 total finding • Code4rena • Breeje

#7

medium

`claim` function lacks slippage controls for `amount0` and `amount1` returned by `pool.burn` function call

Apr '24

Audit Comp | Alchemix

Audit Comp | Alchemix

61 USDC • 2 total findings • Immunefi • Breeje

#50

medium

Finding not yet public.

medium

Finding not yet public.

Mar '24

Ondo Finance

Ondo Finance

4,541.99 USDC • 2 total findings • Code4rena • Breeje

silver

high

`OUSGInstantManager` will allow Excessive OUSG Token Minting During USDC Depeg Event

medium

Users can lose access to funds due to minimum withdrawal limits.

vVv Vesting & Staking

vVv Vesting & Staking

122.25 USDC • Sherlock • Breeje

#14

Abracadabra Mimswap

Abracadabra Mimswap

2,014.53 USDC • 2 total findings • Code4rena • Breeje

#7

high

Oracle price can be manipulated

medium

Adjusting "_I_" will create a sandwich opportunity because of price changes

Feb '24

UniStaker Infrastructure

UniStaker Infrastructure

5,987.35 USDC • Code4rena • Breeje

bronze
Althea Liquid Infrastructure

Althea Liquid Infrastructure

329.85 USDC • 3 total findings • Code4rena • Breeje

#9

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

medium

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

medium

Withdrawal from NFTs can be temporarily blocked

AI Arena

AI Arena

0 USDC • 1 total finding • Code4rena • Breeje

#186

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

Olympus On-Chain Governance

Olympus On-Chain Governance

139.35 USDC • 1 total finding • Sherlock • Breeje

#7

medium

Voting functionality will always revert

SYMM IO

SYMM IO

192.26 USDC • Sherlock • Breeje

#9

Nov '23

Audit Comp | DeGate

Audit Comp | DeGate

250 USDC • 1 total finding • Immunefi • Breeje

#34

low

Finding not yet public.

Oct '23

Ethena Labs

Ethena Labs

4.52 USDC • Code4rena • Breeje

#40

Sep '23

Venus Prime

Venus Prime

853.09 USDC • 2 total findings • Code4rena • Breeje

#6

high

Incorrect decimal usage in score calculation leads to reduced user reward earnings

medium

DoS and gas griefing of calls to Prime.updateScores()

Ondo Finance

Ondo Finance

25.93 USDC • 2 total findings • Code4rena • Breeje

#28

high

`OUSGInstantManager` will allow Excessive OUSG Token Minting During USDC Depeg Event

medium

Users can lose access to funds due to minimum withdrawal limits.

Aug '23

Cooler Update

Cooler Update

19.86 USDC • 2 total findings • Sherlock • Breeje

#18

medium

Malicious Lender can forcefully roll the loan on it's own terms

medium

Malicious Lender can Frontrun `repay` transaction and potentially steal `debt` through price Slippage

Blueberry Update #3

Blueberry Update #3

43.49 USDC • 1 total finding • Sherlock • Breeje

#10

medium

No Slippage Protection while closing a position from Balancer pool and exiting the Aura farming

Tangible Caviar

Tangible Caviar

0 USDC • Code4rena • Breeje

#88

Jul '23

Tokemak

Tokemak

7.81 USDC • 1 total finding • Sherlock • Breeje

#52

high

User can pay double amount in Vault Router and Excess amount can be stolen

Beam

Beam

170.06 USDC • Sherlock • Breeje

#9

PoolTogether

PoolTogether

165.94 USDC • 1 total finding • Code4rena • Breeje

#47

medium

Attacker can frontrun deployVault to deploy at the same address

Tapioca DAO

Tapioca DAO

163.57 USDC • 4 total findings • Code4rena • Breeje

#69

high

TOFT and USDO Modules Can Be Selfdestructed

medium

BigBang and Singularity should not pause repay() and liquidate()

medium

`ARBTriCryptoOracle` is vulnerable to read-only reentrancy

medium

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

GFX Labs

GFX Labs

193.73 USDC • 1 total finding • Sherlock • Breeje

#11

medium

Missing checks for whether Arbitrum Sequencer is active

Jun '23

Lybra Finance

Lybra Finance

202.5 USDC • 1 total finding • Code4rena • Breeje

#43

medium

Allowing `refreshReward()` to fail during minting or buring esLBR could result in gain or loss previously earned reward

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • Breeje

#30

medium

Oracle data is insufficiently validated

Stader Labs

Stader Labs

31.8 USDC • 1 total finding • Code4rena • Breeje

#34

medium

Chainlink's `latestRoundData` may return stale or incorrect result

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

2,070.23 USDC • 4 total findings • Code4rena • Breeje

#26

high

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

Lack of slippage protection can lead to significant loss of user funds

medium

Many `create` methods are suspicious of the reorg attack

Iron Bank

Iron Bank

1.97 USDC • 2 total findings • Sherlock • Breeje

#19

medium

Oracle Data is insufficiently validated

medium

Missing checks for whether Arbitrum Sequencer is active

Apr '23

Blueberry Update

Blueberry Update

593.13 USDC • 3 total findings • Sherlock • Breeje

#5

high

No Slippage Protection while Swapping tokens through uniswap router

high

No Slippage Protection while removing liquidity from Curve Pool

high

Setting Deadline for `swapExactTokensForTokens` as `type(uint256).max` allows Exploits

Teller

Teller

0.95 USDC • 1 total finding • Sherlock • Breeje

#51

medium

Protocol won't be able to handle Fees on Transfer tokens

Frankencoin

Frankencoin

304.87 USDC • 1 total finding • Code4rena • Breeje

#26

medium

Re-org attack in factory

Rubicon v2

Rubicon v2

39.14 USDC • 1 total finding • Code4rena • Breeje

#86

medium

Low level calls to accounts with no code will succeed in `FeeWrapper`

Mar '23

Asymmetry contest

Asymmetry contest

40.64 USDC • 1 total finding • Code4rena • Breeje

#85

medium

Lack of deadline for uniswap AMM

Sense Update #1

Sense Update #1

228.85 USDC • 1 total finding • Sherlock • Breeje

#7

medium

Use of payable.transfer can lead to DOS and Freezing of funds

Feb '23

Surge

Surge

3.65 USDC • 1 total finding • Sherlock • Breeje

#22

high

First Depositor Attack Vulnerability

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • Breeje

#33

GMX

GMX

2,949.95 USDC • 3 total findings • Sherlock • Breeje

#11

high

No slippage in `createAdlOrder` allows MEV Attacks and Loss of funds

medium

Oracle data feed can be outdated

medium

Multiplication after Division error leading to larger precision loss

Blueberry

Blueberry

86.21 USDC • 1 total finding • Sherlock • Breeje

#32

medium

`doCutDepositFee` and `doCutWithdrawFee` doesn't take `FEES ON TRANSFER TOKENS` in account

OpenQ

OpenQ

22.25 USDC • 1 total finding • Sherlock • Breeje

#45

medium

`TOKEN_ADDRESS_LIMIT` set but limit not implemented to prevent out-of-gas exceptions when looping over funded addresses for payouts

Jan '23

Popcorn contest

Popcorn contest

320.08 USDC • 1 total finding • Code4rena • Breeje

#46

high

First vault depositor can steal other's assets

Numoen contest

Numoen contest

1,829.3 USDC • 1 total finding • Code4rena • Breeje

#6

medium

Division before multiplication incurs unnecessary precision loss

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

50.14 USDC • 1 total finding • Code4rena • Breeje

#43

medium

User may loose rewards if the receipt is minted after quest end time

Timeswap contest

Timeswap contest

65.35 USDC • Code4rena • Breeje

#20

Cooler

Cooler

102.79 USDC • 3 total findings • Sherlock • Breeje

#24

high

Unchecked return values from `transfer` or `transferFrom` could lead to stealing of funds.

high

Borrower can exploit `roll` method with frontrunning

medium

SOME AMOUNT OF COLLATERAL CAN BE STUCK IN ESCROW

Reserve contest

Reserve contest

194.03 USDC • Code4rena • Breeje

#25

Astaria contest

Astaria contest

69.09 USDC • 1 total finding • Code4rena • Breeje

#51

high

ERC4626Cloned deposit and mint logic differ on first deposit

Dec '22

Papr contest

Papr contest

353.85 USDC • Code4rena • Breeje

#21

GoGoPool contest

GoGoPool contest

92.55 USDC • 3 total findings • Code4rena • Breeje

#59

high

Inflation of ggAVAX share price by first depositor

medium

Users may not be able to redeem their shares due to underflow

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

Caviar contest

Caviar contest

14.83 USDC • Code4rena • Breeje

#45