https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_2.png

Cryptor

Security Researcher

Contact Me

High

8

Total

Medium

22

Total

$44.10K

Total Earnings

#198 All Time

26x

Payouts

bronze

1x

3rd Places

regular

4x

Top 10

regular

9x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Sep '24

uniswap-v4

uniswap-v4

15,821.99 USDC • 2 total findings • Cantina • Cryptor

#8

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

zetachain-protocol

zetachain-protocol

432.54 USDC • 1 total finding • Cantina • Cryptor

#31

medium

Finding not yet public.

Jul '24

Zaros Part 1

Zaros Part 1

155.71 USDC • 2 total findings • CodeHawks • Cryptor

#36

high

`SettlementBranch._fillOrder` does not guarantee the collateral of a position is enough to pay the future liquidation fee.

medium

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

May '24

Euler-v2

Euler-v2

2,012 USDC • Cantina • Cryptor

#24

Apr '24

NOYA

NOYA

57.23 USDC + NOYA stars • 3 total findings • Code4rena • Cryptor

#56

medium

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

medium

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

medium

Using the same heartbeat for multiple price feeds

DYAD

DYAD

4.89 USDC • 2 total findings • Code4rena • Cryptor

#103

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

medium

No incentive to liquidate small positions could result in protocol going underwater

Mar '24

Acala

Acala

41.91 USDC • Code4rena • Cryptor

#16

Phat Contract Runtime

Phat Contract Runtime

994.09 USDC • Code4rena • Cryptor

#5

Feb '24

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

240 USDC • 1 total finding • Immunefi • Cryptor

#30

low

Finding not yet public.

AI Arena

AI Arena

0.23 USDC • 1 total finding • Code4rena • Cryptor

#179

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Dec '23

The Standard

The Standard

3.39 USDC • 4 total findings • CodeHawks • Cryptor

#77

medium

Missing deadline check allow pending transactions to be maliciously executed

medium

Fees are hardcoded to 3000 in ExactInputSingleParams

low

`costInEuros` calculation will incur precision loss due to division before multiplication

low

Anyone with TST tokens can monitor the mempool and frontrun mint/burn functions to get EUROs rewards without even staking.

Nov '23

Panoptic

Panoptic

142.73 USDC • Code4rena • Cryptor

#21

Kelp DAO | rsETH

Kelp DAO | rsETH

2.76 USDC • Code4rena • Cryptor

#54

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

16,199.43 USDC • Code4rena • BitMinds

bronze

Jun '23

Lybra Finance

Lybra Finance

1.32 USDC • 1 total finding • Code4rena • Cryptor

#85

medium

Incorrect function call in LybraRETHVault's getAssetPrice

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

4,581.46 USDC • 4 total findings • Code4rena • ByteBandits

#15

medium

Branch Strategies lose yield due to wrong implementation of time limit in BranchPort.sol

medium

Wrong consideration of blockformation period causes incorrect votingPeriod and votingDelay calculations

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

RestakeToken function is not permissionless

Index

Index

2,973.69 USDC • 2 total findings • Sherlock • Cryptor

#6

high

_calculateMaxBorrowCollateral will return the wrong ltv if eMode is enabled

medium

Chainlink latestanswer is deprecated

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

51.68 USDC • 1 total finding • Code4rena • Cryptor

#43

medium

Exchange Rate can be manipulated

Footium

Footium

0.00 USDC • 1 total finding • Sherlock • Cryptor

#35

medium

weird erc20 tokens will not work properly with erc20 prizes

Apr '23

Caviar Private Pools

Caviar Private Pools

23.08 USDC • 1 total finding • Code4rena • Cryptor

#65

high

Risk of silent overflow in reserves update

Mar '23

Asymmetry contest

Asymmetry contest

222.85 USDC • 3 total findings • Code4rena • Cryptor

#29

high

An attacker can manipulate the preDepositvePrice to steal from other users.

high

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

medium

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Feb '23

Surge

Surge

10.60 USDC • 2 total findings • Sherlock • Cryptor

#20

high

A user can manipulate Loantoken balance to manipulate shares in a grieving attack

medium

A malicious User can steal the funds of others with TransferFrom

OlympusDAO

OlympusDAO

36.49 USDC • 1 total finding • Sherlock • Cryptor

#32

medium

Admin removing rewardtoken issues no warning to users

Jan '23

Popcorn contest

Popcorn contest

35.48 USDC • Code4rena • Cryptor

#84

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

2.59 USDC • 1 total finding • Code4rena • Cryptor

#84

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Astaria contest

Astaria contest

51.32 USDC • Code4rena • Cryptor

#52