https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

BugBusters

Security Researcher

Contact Me

High

7

Total

Medium

1

Solo

17

Total

$7.06K

Total Earnings

#659 All Time

10x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

Jun '23

Unstoppable

Unstoppable

1,924.18 USDC • 3 total findings • Sherlock • BugBusters

#4

high

Interest Calculation is bricked and interest is never accured in `_update_debt` function

high

Interested calculated is ampliefied by multiple of 1000 in `_debt_interest_since_last_update`

high

_calc_min_amount_out is ieffective in execute_dca_order function and exposes user to unlimited slippage and user funds can be drained,

Lybra Finance

Lybra Finance

1,444.45 USDC • 1 total finding • Code4rena • BugBusters

#12

medium

Rewards for initial period can be lost in all of the synthetix derivative contracts

Hubble Exchange

Hubble Exchange

2,415.61 USDC • 3 total findings • Sherlock • BugBusters

bronze

medium

User will be forced liquidated

medium

`getUnderlyingPrice()` will return the wrong price for asset if underlying aggregator hits minAnswer

medium

`getUnderlyingPrice()` might return stale or incorrect results

RealWagmi

RealWagmi

197.19 USDC • 2 total findings • Sherlock • BugBusters

#13

high

Price calculation in `getSlots` and `_initializeStrategy` is susceptible to flashloan exploits

medium

Possible precision loss in `_checkpositionsRange` function

DODO V3

DODO V3

68.58 USDC • 1 total finding • Sherlock • BugBusters

#27

medium

Potential Precision Loss in `poolBorrow` function

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

24.76 USDC • 2 total findings • Code4rena • BugBusters

#65

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

Lack of slippage protection can lead to significant loss of user funds

Iron Bank

Iron Bank

104.38 USDC • 3 total findings • Sherlock • BugBusters

#11

medium

`getPriceFromChainlink()` doesn't check If Arbitrum sequencer is down in Chainlink feeds

medium

`PriceOrcale` will return the wrong price for asset if underlying aggregator hits minAnswer

medium

`PriceOracle's` `latestRoundData` might return stale or incorrect results

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

28.90 USDC • 6 total findings • Sherlock • BugBusters

#55

high

`USSDRebalancer.sol` is easy is manipulate due to how how it calculates price in `getOwnValuation` function

high

Missing deadline checks allow pending transactions to be maliciously executed

high

Burn and mint functions are public

medium

StableOracleWETH will return the wrong price for asset if underlying aggregator hits minAnswer

medium

Oracle data feed can be outdated yet used anyways

medium

There isn't any redeem function in the code

Index

Index

123.58 USDC • 2 total findings • Sherlock • BugBusters

#20

medium

USE LATESTROUNDDATA INSTEAD OF LATESTANSWER TO RUN MORE VALIDATIONS

medium

Missing checks for whether Arbitrum Sequencer is active

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

732 USDC • 1 total finding • Code4rena • BugBusters

#23

medium

`RiskFund.swapPoolsAsset` does not allow user to supply deadline, which may cause swap revert