https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/53317d54-b27f-49a4-b9eb-eb6842909899.jpg

Chonkov

Security Researcher

Smart Contract Security Researcher

Contact Me

High

Total

Medium

Total

$844.00

Total Earnings

#1520 All Time

15x

Payouts

1x

1st Places

1x

3rd Places

2x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '26

Hotstuff

17.49 USDC • Sherlock • Chonkov

#49

Findings not publicly available for private contests.

Sep '25

Super DCA Liquidity Network

0.02 OP • 2 total findings • Sherlock • Chonkov

#50

high

Malicious user could intentionally deprive users of the protocol from receiving rewards by staking "dust amounts"

medium

When the contracts are initially deployed, excess amount of rewards could be minted

Rezerve Money

275.76 USDC • Sherlock • Chonkov

#33

Findings not publicly available for private contests.

Jul '25

GTE Spot CLOB and Router

19.82 USDC • 2 total findings • Code4rena • Gosho

#18

medium

Removing only the tail order from a limit does not reduce tree size, allowing order book to grow indefinitely

medium

Flawed Zero-Cost Trade Prevention

Apr '25

mighty-contracts

11.86 USDC • 1 total finding • Cantina • chonkov

#73

medium

Finding not yet public.

Mar '25

badger-ebtc-bsm

14.85 USDC • 1 total finding • Cantina • chonkov

#31

high

Finding not yet public.

Feb '25

Core Contracts

0.00 usdc • 1 total finding • CodeHawks • chonkov

#396

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Dec '24

SecondSwap

0.03 USDC • 2 total findings • Code4rena • Gosho

#65

high

Users can claim more that their actual allotment

medium

Incorrect referral fee calculations

Lambo.win

0 USDC • 1 total finding • Code4rena • Gosho

#35

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • Chonkov

high

Front-running of `claim(...)` can lead to stealing rewards from investors

Oct '24

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • Chonkov

high

Users can't claim multiple times when a distribution happens over multiple epochs

stakeup-bloomv2

11.29 USDC • 2 total findings • Cantina • chonkov

#85

high

Finding not yet public.

high

Finding not yet public.

Aug '24

Phi

115.5 USDC • 3 total findings • Code4rena • Gosho

#16

medium

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

medium

Contract `PhiNFT1155` can't be paused

medium

Attacker can DOS user from selling shares of a credId

Jul '24

Munchables

0.39 USDC • 1 total finding • Code4rena • Gosho

#47

high

Single plot can be occupied by multiple renters

Jun '24

Thorchain

151.72 USDC • 2 total findings • Code4rena • Gosho

#15

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

medium

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS