Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/66177e58-ab76-4ad1-83e4-262db7c117f3.jpg

DenTonylifer

Security Researcher

Contact Me

High

15

Total

Medium

16

Total

$10.13K

Total Earnings

#548 All Time

23x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

7x

Top 10

All

Sherlock

Code4rena

CodeHawks

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • DenTonylifer

#18

medium

Permissionless `notifyRewardAmount()` function can disrupt rewards distribution

Feb '25

Usual Labs

Usual Labs

39.42 USDC • Sherlock • DenTonylifer

#43

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • DenTonylifer

bronze

medium

Allocation per user is incorrectly calculated in "updateParticipation()"

Jan '25

Plaza Finance

Plaza Finance

1.11 USDC • 2 total findings • Sherlock • DenTonylifer

#94

medium

Users can force auctions to fail by redeeming large amounts right before auction ends

medium

Blocklisted bidder can force auction to fail

Aave v3.3

Aave v3.3

90.69 USDC • Sherlock • DenTonylifer

#84

Dec '24

QuantAMM

QuantAMM

47.33 op • 1 total finding • CodeHawks • dentonylifer

#61

low

Incorrect event emitted in `setUpdateWeightRunnerAddress()` function

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

2.02 OP • 3 total findings • Sherlock • DenTonylifer

#47

high

User can withdraw part of order funds after order was executed

high

Pseudo-random `orderId` allows to drain protocol

high

Malicious order executor can completely dran protocol

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

19.41 OP • 4 total findings • Sherlock • DenTonylifer

#46

high

ETH will be sent to wrong address during liquidation

medium

Lack of access control in `executeSetterFunction()`

medium

Excess ETH sent during liquidation will be stuck forever

medium

User's funds are not transfered during liquidation

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

74.96 USDC • 3 total findings • Sherlock • DenTonylifer

#23

high

Wrong calculation of entry fees leads to overpayment of fees

high

Wrong calculation of marketFunds leads to losses for other markets.

medium

Lack of slippage protection fot ETH spend/received in ReputationMarket.sol

Debita Finance V3

Debita Finance V3

85.96 USDC • 3 total findings • Sherlock • DenTonylifer

#32

high

NFT will be locked in buyOrder

medium

Incentives will not be updated in updateFunds() function

medium

Previous owner can steal unclaimed bribes from new owner of veNFTVault

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

9.11 USDC • 1 total finding • Sherlock • DenTonylifer

#23

medium

Protocol does not work with fee-on-transfer tokens

Aug '24

ZeroLend One

ZeroLend One

10.48 USDC • 1 total finding • Sherlock • DenTonylifer

#44

high

Repayment will revert due to wrong balance mismatch check

Jul '24

MakerDAO Endgame

MakerDAO Endgame

237.63 USDC • Sherlock • DenTonylifer

#87

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

827.34 USDC • 1 total finding • Sherlock • DenTonylifer

#6

high

Anyone can break accounting of rewards from Convex

May '24

Beefy Cowcentrated Liquidity Manager

Beefy Cowcentrated Liquidity Manager

5,375 USDC • 1 total finding • Sherlock • DenTonylifer

gold

medium

StrategyPassiveManagerVelodrome does not take into account unharvested fees

Apr '24

NOYA

NOYA

24.58 USDC + NOYA stars • 2 total findings • Code4rena • d_tony7470

#75

medium

`Keepers` does not implement EIP712 correctly on multiple occasions

medium

`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should

Teller Finance

Teller Finance

4.74 USDC • 1 total finding • Sherlock • DenTonylifer

#35

high

Anyone can steal pool shares from lender group if no-revert-on-failure tokens are used

DYAD

DYAD

7.37 USDC • 2 total findings • Code4rena • d_tony7470

#100

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

medium

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Mar '24

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • DenTonylifer

bronze

high

Highest bidder can cancel his bid

Feb '24

Napier

Napier

1,370.03 USDC • 1 total finding • Sherlock • DenTonylifer

#4

high

Missing zero amount check may lead to loss of funds

Jan '24

MorpheusAI

MorpheusAI

1,903.49 USDC • 1 total finding • CodeHawks • dentonylifer

#6

high

All claimed rewards will be lost for the users using the account abstraction wallet

Telcoin Platform Audit

Telcoin Platform Audit

2.64 USDC • 1 total finding • Sherlock • DenTonylifer

#9

high

Incorrect removal of a council member

Dec '23

The Standard

The Standard

0.15 USDC • 1 total finding • CodeHawks • dentonylifer

#97

medium

Missing deadline check allow pending transactions to be maliciously executed