https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/1e91a952-626b-4fcc-bba0-d46fa2ff6ba5.jpg

Deivitto

Security Researcher

Engineering & coffee ⚙️☕ Blockchain Security Researcher & bug hunter 🕵️🔎 @SpearbitDAO | @code4rena @AuditorToolbox 🖊️ Request an audit https://t.co/IJYStSwSHF

Contact Me

High

Total

Medium

Total

$13.13K

Total Earnings

#449 All Time

59x

Payouts

3x

Top 10

21x

Top 25

43x

Top 50

All

Sherlock

Code4rena

CodeHawks

Jul '24

MakerDAO Endgame

970.22 USDC • Sherlock • Deivitto

#58

May '24

Munchables

0 USDC • Code4rena • Deivitto

#119

Jul '23

Beedle - Oracle free perpetual lending

26.62 USDC • 4 total findings • CodeHawks • Deivitto

#102

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

medium

Single-step process for critical ownership transfer is risky

gas

Don't use draft versions in production

Feb '23

Surge

118.11 USDC • 1 total finding • Sherlock • Deivitto

#17

medium

`fee`s accrued can be zero on some parameters even if `fee`s are expected to exist

Ethos Reserve contest

370.05 USDC • Code4rena • Deivitto

#36

Jan '23

Popcorn contest

562.23 USDC • 2 total findings • Code4rena • Deivitto

#36

medium

Fee on transfer token not supported

medium

[NAZ-M2] Unchecked return of `execute()`

Numoen contest

578.85 USDC • 1 total finding • Code4rena • Deivitto

#14

medium

Fee on transfer tokens will not behave as expected

Drips Protocol contest

131.98 USDC • Code4rena • Deivitto

#13

RabbitHole Quest Protocol contest

13.92 USDC • 1 total finding • Code4rena • Deivitto

#122

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Cooler

55.05 USDC • 2 total findings • Sherlock • Deivitto

#26

high

ERC20 not checked on transfer

medium

`loan.amount` can be repaid without altering `loan.collateral`

Astaria contest

51.32 USDC • Code4rena • Deivitto

#70

Biconomy - Smart Contract Wallet contest

44.83 USDC • 1 total finding • Code4rena • Deivitto

#67

medium

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Notional Update

144.57 USDC • 1 total finding • Sherlock • Deivitto

medium

`_getOraclePairPrice` doesn't allow some expected tokens to be used

Dec '22

GoGoPool contest

68.09 USDC • 1 total finding • Code4rena • Deivitto

#71

medium

Bypass `whenNotPaused` modifier

Forgeries contest

45.71 USDC • Code4rena • Deivitto

#38

Tigris Trade contest

220.11 USDC • 2 total findings • Code4rena • Deivitto

#41

medium

Must approve 0 first

medium

`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18

Maverick contest

119.07 USDC • Code4rena • Deivitto

#13

Nov '22

ParaSpace contest

1,028.49 USDC • Code4rena • Deivitto

#25

Canto contest

73.58 CANTO • Code4rena • Deivitto

#11

Opyn Crab Netting

390.09 USDC • 1 total finding • Sherlock • Deivitto

#12

medium

Malicious owner can lock funds

Isomorph

282.34 USDC • 1 total finding • Sherlock • Deivitto

#16

medium

Use of a hardcoded assumption of 1 USDC = 1 USD can lead into all protocol to fail and loss of value

Redacted Cartel contest

93.14 USDC • Code4rena • Deivitto

#42

Telcoin

30.30 USDC • 1 total finding • Sherlock • Deivitto

medium

ERC20 transfer / transferFrom with not checked return value

Buffer Finance

71.36 USDC • 2 total findings • Sherlock • Deivitto

medium

Withdraw can reverts and locks funds

medium

ERC20 `approve` can fail for some tokens

LSD Network - Stakehouse contest

543.7 USDC • Code4rena • Deivitto

#26

Blur Exchange contest

22.22 USDC • Code4rena • Deivitto

#49

LooksRare Aggregator contest

36.34 USDC • Code4rena • Deivitto

#46

SIZE contest

65.42 USDC • Code4rena • Deivitto

#38

Debt DAO contest

672.02 USDC • 1 total finding • Code4rena • Deivitto

#28

medium

address.call{value:x}() should be used instead of payable.transfer()

Chainlink Staking contest

139.59 USDC • Code4rena • Deivitto

#22

Oct '22

Inverse Finance contest

55.74 USDC • Code4rena • Deivitto

#51

Holograph contest

577.36 USDC • 1 total finding • Code4rena • Deivitto

#20

medium

Bad source of randomness

The Graph L2 bridge contest

20.79 USDC • Code4rena • Deivitto

#37

Blur Exchange contest

50.48 USDC • Code4rena • Deivitto

#56

Sep '22

QuickSwap and StellaSwap contest

150.82 USDC • Code4rena • Deivitto

#22

Frax Ether Liquid Staking contest

43.64 USDC • Code4rena • Deivitto

#56

VTVL contest

35.17 USDC • Code4rena • Deivitto

#67

Art Gobblers contest

930.57 USDC • Code4rena • Deivitto

#25

Y2k Finance contest

245.01 USDC • 1 total finding • Code4rena • Deivitto

#28

medium

Fee-on-Transfer tokens cause problems in multiple places

PartyDAO contest

161.8 USDC • Code4rena • Deivitto

#27

FEI and TRIBE Redemption contest

33.58 USDC • Code4rena • Deivitto

#42

Canto Dex Oracle contest

146.62 CANTO • 1 total finding • Code4rena • Deivitto

#14

medium

Calculated `token0TVL` may be zero under certain scenarios

Nouns Builder contest

402.55 USDC • Code4rena • Deivitto

#43

Aug '22

Olympus DAO contest

127.02 USDC • Code4rena • Deivitto

#54

Nouns DAO contest

1,197.57 USDC • 1 total finding • Code4rena • Deivitto

#12

medium

Loss of Veto Power can Lead to 51% Attack

FIAT DAO veFDT contest

112.04 USDC • Code4rena • Deivitto

#34

Fraxlend (Frax Finance) contest

183.97 USDC • Code4rena • Deivitto

#25

Foundation Drop contest

117.48 USDC • 1 total finding • Code4rena • Deivitto

#19

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol