https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

Diavolo

Security Researcher

Contact Me

High

9

Total

Medium

15

Total

$4.03K

Total Earnings

#991 All Time

12x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

Immunefi

Apr '26

Monetrix

Monetrix

515.16 USDC • 1 total finding • Code4rena • Diavolo

bronze

medium

PM borrow liabilities are omitted from backing, allowing phantom surplus settlement

Audit Comp | Base Azul

Audit Comp | Base Azul

414 USDC • 2 total findings • Immunefi • Diavol0

#47

medium

Finding not yet public.

medium

Finding not yet public.

XRP Ledger - April 2026

XRP Ledger - April 2026

2,617.11 USDC • 3 total findings • Sherlock • Diavolo

#27

medium

MPT pseudo-account setup transactions can break under `spfSponsorReserve` because reserve sponsorship is applied to pseudo-accounts

medium

Sponsored-reserve `PaymentChannelCreate` can bypass source post-funding reserve enforcement and leave source under-reserved

medium

Sponsored XRP `AMMDeposit` can mis-validate depositor solvency, enabling reserve-floor bypass and sponsor-liquidity false rejection

Mar '26

Current Finance

Current Finance

184.48 USDC • 3 total findings • Sherlock • Diavolo

#16

high

Liquidation can seize disproportionate collateral when spot and EMA diverge because seize sizing uses spot without enforcing EMA/spot tolerance

medium

Administrators will reclaim liquidity-mining rewards owed to passive users

medium

Public depositors can exceed configured market deposit caps and small redeposits can revert after LP exit

Feb '26

Injective Peggy Bridge

Injective Peggy Bridge

0 USDC • 1 total finding • Code4rena • Diavolo

#22

medium

Finding not yet public.

Jan '26

Olas

Olas

15.54 USDC • 2 total findings • Code4rena • Diavolo

#51

high

Insolvency via Cross-Service Reentrancy in StakingBase._withdraw

medium

Arbitrum Retryable-Ticket Refund/Value Not Verified Enables Timelock ETH Exfiltration

Fluid DEX v2

Fluid DEX v2

160.51 USDC • 1 total finding • Sherlock • Diavolo

#11

medium

DexV2 will permanently lock owed token payouts for EOA recipients when the Liquidity layer reverts

Dec '25

Panoptic: Next Core

Panoptic: Next Core

51.76 USDC • 3 total findings • Code4rena • Diavolo

#27

high

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

medium

`RiskEngine::_getRequiredCollateralAtTickSinglePosition()` Fails to Accumulate Credits Across Multiple Legs, Leading to Potential Erroneous Liquidations

medium

Division-by-zero in long-leg collateral requirement can block solvency checks and `dispatchFrom` (liquidation/force-exercise) for tickSpacing==1 pools

Nov '25

SukukFi

SukukFi

0 USDC • 1 total finding • Code4rena • Diavolo

#8

high

Missing access control in `WERC7575Vault` allows unauthorized withdrawals

Audit Comp | Vechain | Stargate Hayabusa

Audit Comp | Vechain | Stargate Hayabusa

45 USDT • 2 total findings • Immunefi • Diavol0

#30

high

Finding not yet public.

high

Finding not yet public.

Audit Comp | Firelight

Audit Comp | Firelight

16 USDC • 1 total finding • Immunefi • Diavol0

#27

medium

Finding not yet public.

Oct '25

Audit Comp | Alchemix V3

Audit Comp | Alchemix V3

6 USDC • 4 total findings • Immunefi • Diavol0

#133

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.