https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

Delvir0

Security Researcher

Contact Me

High

8

Total

Medium

13

Total

$1.85K

Total Earnings

#1052 All Time

15x

Payouts

regular

7x

Top 25

regular

9x

Top 50

All

Sherlock

Code4rena

Oct '23

NextGen

NextGen

0.47 USDC • 2 total findings • Code4rena • Delvir0

#111

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Sep '23

Ondo Finance

Ondo Finance

771.3 USDC • 1 total finding • Code4rena • Delvir0

#14

medium

Admin can't burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer

Aug '23

Cooler Update

Cooler Update

26.24 USDC • 2 total findings • Sherlock • Delvir0

#16

high

repayLoan can be DOSSed

medium

Anyone can roll a loan

Jul '23

Beam

Beam

0.20 USDC • Sherlock • Delvir0

#43

Bond Options

Bond Options

128.41 USDC • 1 total finding • Sherlock • Delvir0

#14

medium

Not setting an init value of lastEpochClaimed[msg.sender] could lead to OOG

Dinari

Dinari

64.98 USDC • 1 total finding • Sherlock • Delvir0

#11

medium

Incorrect function flow when using DirectBuyIssuer to fill order.

Jun '23

Hubble Exchange

Hubble Exchange

625.13 USDC • 2 total findings • Sherlock • Delvir0

#14

high

User won't receive vusd when withdrawing if balance vusd of InsuranceFund == 0

medium

Transferring supported pool tokens while totalsupply == 0 will break `despositFor` for the next user

May '23

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • Delvir0

#23

medium

Missing stale price check from Chainlink oracle

medium

Missing sequencer check for ARB network in `PriceOracle.sol`

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 4 total findings • Sherlock • Delvir0

#94

high

_mint and _burn are open to the public

high

`UniV3SwapInput` doesn't implement a deadline

high

ethOracle address set to 0

medium

Chainlink returned price not checked

Apr '23

Teller

Teller

0.02 USDC • 1 total finding • Sherlock • Delvir0

#54

medium

Fee on transfer tokens will break withdrawal of collateral

Rubicon v2

Rubicon v2

29.78 USDC • 2 total findings • Code4rena • Delvir0

#89

high

Reward accounting is incorrect in BathBuddy contract

high

Some offers can't be cancelled

Mar '23

Y2K

Y2K

41.79 USDC • 1 total finding • Sherlock • Delvir0

#57

medium

Insufficient Chainlink feed validation

Feb '23

Surge

Surge

6.94 USDC • 1 total finding • Sherlock • Delvir0

#21

medium

Frontrun attack possible with Pool.approve

Derby

Derby

100.59 USDC • 1 total finding • Sherlock • Delvir0

#30

medium

Due to incorrect way of tracking rewards by LP's an attacker can receive an unfair share of yield accumulated in MainVault.sol

Jan '23

Astaria contest

Astaria contest

51.32 USDC • Code4rena • Delvir0

#52