https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/8e0ea3f7-e3c7-4187-b0e8-3bf9b409a267.jpg

ComposableSecurity

Security Researcher

Get help at any stage 🛡️ - Threat modeling - Smart contract audits - Security consultations

Contact Me

High

10

Total

Medium

12

Total

$13.55K

Total Earnings

#446 All Time

5x

Payouts

gold

1x

1st Places

regular

4x

Top 10

regular

5x

Top 25

All

Sherlock

Sep '24

Flayer

Flayer

651.61 USDC • 6 total findings • Sherlock • ComposableSecurity

#24

high

Invalid update of checkpointIndex

high

Anyone steals hook fees via spot price manipulation

medium

Listing creator can manipulate the unlock price

medium

Loss of native tokens due to direct transfer to hooks contracy

medium

DoS on swaps from native token to collateral token

medium

The `setTokenURIAndMintFromRiftAbove` function updates the token URI but does not emit the required URI event

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

882.77 USDC • 8 total findings • Sherlock • ComposableSecurity

#5

high

Invalid collection referrer leading to his loss

high

The user can avoid paying fees for minting tokens

medium

Malicious collection referrer can brick edition

medium

Message digest does not include the type of operation

medium

The `mintBatch` function with multiple tokenIds always reverts

medium

The `_refundExcess` function does not work as whole `msg.value` is forwarder to `FeeManager`

medium

Updated strategy is not reflected in royalty

medium

Lack of protection from signature malleability

Mar '24

Mento

Mento

3,571.42 USDC • 1 total finding • Sherlock • ComposableSecurity

gold

medium

[M]

Feb '24

Tapioca

Tapioca

5,728.87 USDC • 4 total findings • Sherlock • ComposableSecurity

#7

high

Unprotected `executeModule` function allows to steal the tokens

high

OFT can be impersonated through `_lzCompose` with multiple compose messages

high

Nesting remote transfer messages to steal tokens

high

Unverified `_srcChainSender` parameter allows to impersonate the sender

Rio Network

Rio Network

2,720.40 USDC • 3 total findings • Sherlock • ComposableSecurity

#7

high

Front-running with a reduced number of validators to deallocate from another operator

high

DoS and locked funds caused by lack of epoch increment during EigenLayer settlement

medium

The current idea of ​​creating reETH and accepting several different assets in it exposes RIO users to losses