https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/0c2c8136-f9a0-47cc-a285-b5820be8e92f.png

Czar102

Security Researcher

evm auditor love sciences, math and econ ponzi hater; evm maxi dm for solo audit

Contact Me

High

4

Total

Medium

29

Total

$28.03K

Total Earnings

#294 All Time

20x

Payouts

gold

1x

1st Places

silver

2x

2nd Places

regular

5x

Top 10

All

Sherlock

Code4rena

Jul '23

Tokensoft

Tokensoft

223.98 USDC • 3 total findings • Sherlock • Czar102

#11

high

Votes counted multiple times and/or governance takeover upon reinitialization

medium

Vote manipulation and griefing in `AdvancedDistributor`

medium

`xcall` transfer may never succeed because of inability to increase relayer fees

Dec '22

GoGoPool contest

GoGoPool contest

21.71 USDC • 1 total finding • Code4rena • Czar102

#75

medium

Coding logic of the contract upgrading renders upgrading contracts impractical

Sep '22

VTVL contest

VTVL contest

229.38 USDC • 2 total findings • Code4rena • Czar102

#29

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

medium

Reentrancy may allow an admin to steal funds

Aug '22

Sentiment

Sentiment

290.24 USDC • 2 total findings • Sherlock • Czar102

#20

medium

Multiple cross-contract reentrancy vulnerabilities in AccountManager

medium

Liquidation DoS in case of a single collateral token failure

Olympus DAO contest

Olympus DAO contest

1,905.41 USDC • 1 total finding • Code4rena • Czar102

#14

medium

Treasury module is vulnerable to cross-contract reentrancy

Jun '22

Badger-Vested-Aura contest

Badger-Vested-Aura contest

51.26 USDC • Code4rena • Czar102

#35

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

49.01 USDC • Code4rena • Czar102

#68

Connext Amarok contest

Connext Amarok contest

1,424.85 USDC • 2 total findings • Code4rena • Czar102

#14

medium

`LibDiamond.diamondCut()` should check `diamondStorage().acceptanceTimes[keccak256(abi.encode(_diamondCut))] != 0`

medium

Diamond upgrade proposition can be falsified

May '22

OpenSea Seaport contest

OpenSea Seaport contest

516.48 USDC • Code4rena • Czar102

#37

Cally contest

Cally contest

63.1 USDC • 1 total finding • Code4rena • Czar102

#59

medium

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

48.59 USDC • 1 total finding • Code4rena • Czar102

#47

medium

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

Apr '22

AbraNFT contest

AbraNFT contest

542.29 MIM • 1 total finding • Code4rena • Czar102

#19

medium

Reentrancy at _requestLoan allows requesting a loan without supplying collateral

Mar '22

Paladin contest

Paladin contest

4,440.41 USDC • 3 total findings • Code4rena • Czar102

silver

high

`DropPerSecond` is not updated homogeneously, the rewards emission can be much higher than expected in some cases

medium

Past state query results are susceptible to manipulation due to multiple states with same block number

medium

cooldown is set to 0 when the user sends all tokens to himself.

Feb '22

Redacted Cartel contest

Redacted Cartel contest

455.89 USDC • 1 total finding • Code4rena • Czar102

#17

medium

Reentrancy in `depositBribeERC20` function

Badger Citadel contest

Badger Citadel contest

3,122.86 USDC • 3 total findings • Code4rena • Czar102

gold

medium

Owner can steal input tokens

medium

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

medium

[WP-H3] `saleRecipient` can rug buyers

Concur Finance contest

Concur Finance contest

2,189.23 USDC • 7 total findings • Code4rena • Czar102

#10

high

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

medium

`MasterChef.updatePool()` Fails To Update Reward Variables If `block.number >= endBlock`

medium

Owner can lock tokens in `MasterChef`

medium

Owner can steal Concur rewards

medium

Unconstrained fee

medium

During stake or deposit, users would not be rewared the correct Concur token, when MasterChef has under-supply of it.

medium

[ConcurRewardPool] Possible reentrancy when claiming rewards

Jan '22

Trader Joe contest

Trader Joe contest

247.29 USDT • 1 total finding • Code4rena • Czar102

#24

medium

ERC20 return values not checked

XDEFI contest

XDEFI contest

812.02 USDC • Code4rena • Czar102

#7

Dec '21

Amun contest

Amun contest

11,318.08 USDC • 4 total findings • Code4rena • Czar102

silver

high

It might not be possible to withdraw tokens from the basket

medium

It is possible to "uninitialize" `ERC20Facet` contract

medium

Annualized fee APY dependence on the frequency of executing a function

medium

`totalSupply` may exceed `LibBasketStorage.basketStorage().maxCap`

Nov '21

Fei Protocol contest

Fei Protocol contest

78.5 USDC • Code4rena • Czar102

#11