https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_3.png

BugHunter101

Security Researcher

Contact Me

High

7

Total

Medium

14

Total

$802.00

Total Earnings

#1294 All Time

16x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

9x

Top 50

All

Sherlock

Code4rena

CodeHawks

Oct '23

Ethena Labs

Ethena Labs

4.52 USDC • Code4rena • Bughunter101

#40

Open Dollar

Open Dollar

45.44 USDC • 1 total finding • Code4rena • Bughunter101

#44

medium

Approved address can approve other addresses for an owner's safe

Sep '23

Centrifuge

Centrifuge

12.79 USDC • Code4rena • Bughunter101

#34

DittoETH

DittoETH

306.23 USDC • 1 total finding • CodeHawks • Bughunter101

#24

medium

```MarginCallPrimaryFacet.flagShort()``` can be frontrun

Aug '23

Cooler Update

Cooler Update

26.24 USDC • 2 total findings • Sherlock • BugHunter101

#16

high

Malicious lenders can prevent borrowers from repaying through callback functions

medium

The lender can call the `rollLoan()` to increase the amount of repayments required, resulting in the inability of the borrower to repay the debt

Sparkn

Sparkn

11.64 USDC • 3 total findings • CodeHawks • Bughunter101

#52

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Signature missing nonce & expiration deadline

low

Centralization Risk for trusted organizers

veRWA

veRWA

9.82 USDC • Code4rena • Bughunter101

#52

Good Entry

Good Entry

12.88 USDC • 1 total finding • Code4rena • Bughunter101

#34

medium

Return value of low level `call` not checked.

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

29.60 USDC • 5 total findings • CodeHawks • Bughunter101

#93

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

high

Using forged/fake lending pools to steal any loan opening for auction

low

Zero address leads to transaction reverts

gas

`setPool()` should check if `p.minLoanSize` < p.poolBalance

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

14.99 USDC • 1 total finding • CodeHawks • Bughunter101

#75

medium

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

6.59 USDC • 2 total findings • CodeHawks • Bughunter101

#77

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

gas

`tokenContract`is always an unsafe input, for fairness, it is recommended to add a whitelist for token

Lens Protocol V2

Lens Protocol V2

31.38 USDC • Code4rena • Bughunter101

#9

Jun '23

Lybra Finance

Lybra Finance

84.36 USDC • 1 total finding • Code4rena • Bughunter101

#59

medium

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • BugHunter101

#30

medium

`latestRoundData()` problem

DODO V3

DODO V3

204.56 USDC • 4 total findings • Sherlock • BugHunter101

#20

medium

`D3VaultFunding.userWithdraw()` doen not have mindTokenAmount

medium

`poolBorrow()` multiplicate after division may lead to inaccurate data

medium

`D3Callee()` should use `safeTransfer` instead of `transfer`

medium

`D3Oracle.getPrice()` use `latestRoundData()` return stale or incorrect result

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

1.32 USDC • 4 total findings • Sherlock • BugHunter101

#79

high

StableOracleDAI contract ethOracle setting zero, it will cause the contract useless

high

UniV3SwapInput() function setting amountOutMinimum is zero, it will cause the user to lose funds by large slippage

high

mintRebalancer() and burnRebalancer() do not use auth modifier. It will cause attacker manipulates the total price

medium

removeCollateral() function does not check if the index parameter > collateral.length