https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

Cybrid

Security Researcher

Contact Me

High

13

Total

Medium

17

Total

$1.57K

Total Earnings

#1140 All Time

11x

Payouts

regular

3x

Top 10

regular

6x

Top 25

regular

8x

Top 50

All

Sherlock

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

565.26 USDC • 9 total findings • Sherlock • Cybrid

#7

high

ZRC20 Mismatch in withdrawToNativeChain Enables Arbitrary Token Theft via Crafted Swap Message

high

`decoded.targetZRC20` Trust Issue Enables Unauthorized Token Withdrawal

medium

Incorrect Fee Deduction During Swap in `onCall` Function

medium

ETH Cannot Be Used as `fromToken` Due to `approve` Call

medium

Fee Deduction Does Not Reflect in `msg.value`, Causes Overdraw or Incorrect Swap for ETH

medium

Fake UniswapV2 Pool Detection Allows DoS via Crafted Token Transfers

medium

Unauthorized Withdrawal via Exposed withdraw Function Leads to Token Theft and Denial of Refund

medium

Swap Slippage Not Enforced — Front-Running Enables Excessive Token Consumption

medium

Strict ERC20 Interface Causes Transfer Failures with Non-Compliant Tokens

May '25

LayerEdge - Staking

LayerEdge - Staking

174.82 USDC • 2 total findings • Sherlock • Cybrid

#5

high

Incorrect Tier Boundary Update on Staker Count Change Causes APY Miscalculation

medium

Tier History Griefing: Unbounded Tier Events Cause DoS Risk on calculateUnclaimedInterest

Apr '25

Burve

Burve

247.24 USDC • 2 total findings • Sherlock • Cybrid

#21

high

Incorrect Variable Used for Tax Calculation in removeValueSingle function

high

Double Tax Deduction and Vault Under-withdrawal in Closure.removeValueSingle

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

26.79 USDC • Sherlock • Cybrid

#35

Crestal Network

Crestal Network

24.11 USDC • 3 total findings • Sherlock • Cybrid

#6

high

Unauthorized Token Drain via payWithERC20 Due to Unrestricted External Calls

medium

Unverified Worker Can Lock Deployment Process in BlueprintCore

medium

Signature Replay Attack in updateWorkerDeploymentConfigWithSig Allows Unauthorized Fund Draining

Symmio, Staking and Vesting

Symmio, Staking and Vesting

8.89 USDC • 1 total finding • Sherlock • Cybrid

#17

medium

Unintended Constraint on _resetVestingPlans Leading to DoS

Jan '25

Aave v3.3

Aave v3.3

229.82 USDC • Sherlock • Cybrid

#60

Dec '24

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

278.61 OP • 11 total findings • Sherlock • Cybrid

#11

high

Unauthorized Updates to `downsideProtected` Causing Reverts and Incorrect Calculations

high

Incorrect Deduction of update of total cds deposited Amounts During CDS Withdrawal Process

high

Missing `lastEventTime` Update in Borrowing Liquidation Function Leads to Stale Cumulative Rate Calculations

high

Mismanagement of Treasury Interest in treasury `withdrawInterest` Function

high

Mismanagement of `usdaGainedFromLiquidation` During Liquidation

medium

Exchange Rate Fluctuation Causing Reverts in CDS `Withdraw` for `weETH`and `rsETH`

medium

Underflow Risk in `cdsProfits` Calculation Due to Borrower Debt Growth in the borrowing `liquidate` function

medium

Unused `cdsDepositDetails.lockingPeriod` Variable

medium

Stale `lastCumulativeRate` Used in Borrower Deposit and Borrower Withdrawal Calculations

medium

Incorrect Sequence in `calculateCumulativeRate` Call During borrowing Withdrawal

medium

Mismanagement of `omniChainData.totalVolumeOfBorrowersAmountinWei` Leads to Inaccurate Calculations Across the Protocol

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • Cybrid

#33

high

Inaccurate marketFunds Updates in ReputationMarket Contract

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

2.89 USDC • Sherlock • Cybrid

#64

Debita Finance V3

Debita Finance V3

7.88 USDC • 1 total finding • Sherlock • Cybrid

#54

high

NFT Lock-In Vulnerability in BuyOrder Contract