https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7ce474a7-76ba-4a1f-9e18-4b9ff843e728.jpg

Ch_301

Security Researcher

EVM

Contact Me

High

40

Total

Medium

7

Solo

61

Total

$75.28K

Total Earnings

#121 All Time

39x

Payouts

silver

2x

2nd Places

bronze

1x

3rd Places

regular

7x

Top 10

All

Sherlock

Code4rena

Cantina

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • Ch_301

#33

high

Update the `marketFunds[ ]` mapping with wrong values

Jul '24

Velocimeter

Velocimeter

248.48 USDC • 2 total findings • Sherlock • Ch_301

#31

high

DOS for removal of delegates

medium

Wrong percentage for team emission

May '24

Arbitrum BoLD

Arbitrum BoLD

35,258.67 USDC • 1 total finding • Code4rena • Ch_301

silver

high

Adversary can make honest parties unable to retrieve their assertion stakes if the required amount is decreased

Feb '24

curvance

curvance

5,784.62 USDC • 4 total findings • Cantina • Ch301

#18

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

opal-contracts

opal-contracts

1,004.63 USDC • 2 total findings • Cantina • Ch301

#16

high

Finding not yet public.

medium

Finding not yet public.

Jan '24

incentive-contracts

incentive-contracts

1,587.34 USDC • 5 total findings • Cantina • Ch301

#13

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '23

Nouns Builder

Nouns Builder

21.94 USDC • 1 total finding • Sherlock • Ch_301

#9

high

The old founder still receiving NFT even after deleting it from the list

Oct '23

Party Protocol

Party Protocol

15.78 USDC • Code4rena • Ch_301

#32

Sep '23

Centrifuge

Centrifuge

533.61 USDC • 1 total finding • Code4rena • Ch_301

#20

medium

The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

2,736.67 USDC • Code4rena • Ch_301

#19

Jul '23

Tokemak

Tokemak

2,368.16 USDC • 7 total findings • Sherlock • Ch_301

#11

high

Receiving the rewarder in LMPVault create opportunity for MEV Bots (sandwich attack)

high

Users will receive more funds than they expect

high

Losing the tracking of the rewards that come from Destination Vault

high

`liquidateVaultsForToken()` is not transferring the funds for the swap in `asyncSwapper`

high

Users/LMPVault could lose their rewards

medium

The `sink` address should not have a `perWalletLimit`

medium

Users are not able to withdraw their funds from `LMPVault`

Jun '23

Symmetrical

Symmetrical

1,522.18 USDC • 6 total findings • Sherlock • Ch_301

#11

high

Missing to change the decimals

high

PartyB funds could get staked forever

medium

User's funds could get staked for a period of time

medium

Users will be able to open a position with leverage lower than one

medium

User funds are locked forever because no one can complete the liquidation

medium

Users will never receive a profit if the position gets liquidated

Apr '23

Blueberry Update

Blueberry Update

3,193.98 USDC • 10 total findings • Sherlock • Ch_301

silver

high

attackers will keep stealing the `rewards` from Convex SPELL

high

missing slippage protection

high

users could be exposed to big penalties from the Curve Pool

high

`ShortLongSpell.openPosition()` should not refund token

high

the core logic of `ShortLongSpell` is breaked

high

Aura SPELL is not compatible with Balancer pools

medium

Attacker could steal all the `borrowBalance` from Aura SPELL

medium

M-03 wrong token address on `ShortLongSpell.sol`

medium

asking for the wrong address for `balanceOf()`

medium

`getPositionRisk()` will return a wrong value of risk

GMX Update

GMX Update

679.45 USDC • 1 total finding • Sherlock • Ch_301

#13

medium

`StopLossDecrease` are broken when there are price gaps

Mar '23

Y2K

Y2K

377.86 USDC • 5 total findings • Sherlock • Ch_301

#35

high

Users could be arbitrarily ejection from the rollover queue

high

The rollover queue system will break

high

Users could avoid the paying `depositFee`

medium

`Emissions` could get locked in the vault forever.

medium

Missing validations for return value of oracle data feed

Feb '23

Derby

Derby

3,258.87 USDC • 16 total findings • Sherlock • Ch_301

#4

high

Precision loss in the state variable `savedTotalUnderlying`

medium

The protocol could not handle multiple vaults correctly

medium

Stuck during the cross-chain rebalancing

medium

Malicious users could break the logic of the rebalancing

medium

`getDecimals()` always call the MainNet

medium

`xChainController` will send funds multiple times to the same vault

medium

Asking for `balanceOf()` in the wrong address

medium

Game players won't be able to ` redeemRewardsGame()`

medium

Vaults push wrong value of `totalUnderlying`

medium

Malicious users could set allocations to a blacklist Protocol and break the rebalancing logic

medium

The vault will send lower values, even if it can provide the required amount from `xChainController`.

medium

the Blacklisted protocols will keep generating rewards

medium

Protocol can't handle rewards of AAVE correctly

medium

The protocol will set wrong allocations to a chain without a protocol (blacklisted)

medium

The vault could leave some funds in protocol X for ever

medium

Vault could `rebalance()` before funds arrive from xChainController

Blueberry

Blueberry

460.39 USDC • 2 total findings • Sherlock • Ch_301

#23

high

Users could leave some of `ICHI Vault LP` on SPELL

high

User could bypass the `MaxLTV`

Jan '23

Popcorn contest

Popcorn contest

1,413.59 USDC • 3 total findings • Code4rena • Ch_301

#16

high

Attacker can deploys vaults with a malicious Staking contract

high

BeefyAdapter() malicious vault owner can use malicious _beefyBooster to steal the adapter's token

medium

cool down time period is not properly respected for the `harvest` method

Dec '22

GoGoPool contest

GoGoPool contest

77.99 USDC • 3 total findings • Code4rena • Ch_301

#63

high

Hijacking of node operators minipool causes loss of staked funds

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

NodeOp funds may be trapped by a invalid state transition

Forgeries contest

Forgeries contest

19.22 USDC • 1 total finding • Code4rena • Ch_301

#25

high

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Escher contest

Escher contest

160.95 USDC • 3 total findings • Code4rena • Ch_301

#23

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

medium

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

medium

NFTs mintable after Auction deadline expires

Nov '22

Buffer Finance

Buffer Finance

2,045.48 USDC • 1 total finding • Sherlock • Ch_301

bronze

medium

The `_fee()` function is wrongly implemented in the code

Debt DAO contest

Debt DAO contest

1,573.54 USDC • 5 total findings • Code4rena • Ch_301

#17

high

Call to declareInsolvent() would revert when contract status reaches liquidation point after repayment of credit position 1

medium

The lender can draw out extra credit token from borrower's account

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oct '22

Inverse Finance contest

Inverse Finance contest

3,554.12 USDC • 2 total findings • Code4rena • Ch_301

#5

medium

Users could get some `DOLA` even if their are on liquidation position

medium

Calling `repay` function sends less DOLA to `Market` contract when `forceReplenish` function is not called while it could be called

Union Finance

Union Finance

1,072.10 USDC • 4 total findings • Sherlock • Ch_301

#11

medium

gas limit DoS via unbounded operations

medium

The `first in First out` system could be manipulated by the users

medium

The public can’t call `debtWriteOff()` in specific case

medium

Users will receive less than they expect from the `borrow()`

Merit Circle

Merit Circle

444.22 USDC • 1 total finding • Sherlock • Ch_301

#5

high

Missing updating of the `unit` value.

Blur Exchange contest

Blur Exchange contest

114.82 USDC • 1 total finding • Code4rena • Ch_301

#20

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Sep '22

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

156.95 USDC • 1 total finding • Code4rena • Ch_301

#21

medium

Rewards delay release could cause yields steal and loss

Art Gobblers contest

Art Gobblers contest

696.9 USDC • Code4rena • Ch_301

#15

Y2k Finance contest

Y2k Finance contest

125.26 USDC • 1 total finding • Code4rena • Ch_301

#39

high

Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits

PartyDAO contest

PartyDAO contest

483.57 USDC • Code4rena • Ch_301

#15

Nouns Builder contest

Nouns Builder contest

2,759 USDC • 6 total findings • Code4rena • Ch_301

#12

high

`_transferFrom()` can be used to indefinitely increase voting power.

high

`ERC721Votes`: Token owners can double voting power through self delegation

high

Use can get unlimited votes

medium

A proposal can be cancelled by anyone if the proposal has exactly proposalThreshold votes

medium

Delegation should not be allowed to address(0)

medium

The quorum votes calculations don't take into account burned tokens

Aug '22

Olympus DAO contest

Olympus DAO contest

54.31 USDC • Code4rena • Ch_301

#85

Nouns DAO contest

Nouns DAO contest

1,094.57 USDC • 1 total finding • Code4rena • Ch_301

#12

medium

Loss of Veto Power can Lead to 51% Attack

Foundation Drop contest

Foundation Drop contest

42.83 USDC • 1 total finding • Code4rena • Ch_301

#54

medium

Possible to bypass saleConfig.limitPerAccount

Rigor Protocol contest

Rigor Protocol contest

49.69 USDC • 1 total finding • Code4rena • Ch_301

#66

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Golom contest

Golom contest

35.32 USDC • Code4rena • Ch_301

#85

ENS contest

ENS contest

125.39 USDC • 1 total finding • Code4rena • Ch_301

#39

medium

transfer() depends on gas consts

Juicebox V2 contest

Juicebox V2 contest

131.86 USDC • 1 total finding • Code4rena • Ch_301

#41

medium

Use a safe transfer helper library for ERC20 transfers