https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/2ac71357-923c-49c9-970e-67f402f64ec5.jpg

EgisSecurity

Security Researcher

Smart Contract Security Team led by @nmirchev8 and @dethSCA

Contact Me

High

Solo

Total

Medium

Total

$45.25K

Total Earnings

#193 All Time

7x

Payouts

3x

1st Places

1x

3rd Places

5x

Top 10

All

Sherlock

Feb '25

Stealth

37,000 USDC • Sherlock • EgisSecurity

Findings not publicly available for private contests.

Dec '24

Autonomint Colored Dollar V1

95.75 OP • 4 total findings • Sherlock • EgisSecurity

#23

high

borrowing::liquidate - `lastEventTime` isn't updated after `calculateCumulativeRate` is called

high

`GlobalVariables` may be compromised, if there are concurrent in-flight messages

medium

borrowing::depositTokens - `calculateCumulativeRate` is called after borrower has been added

medium

borrowing::_withdraw - `lastEventTime` is updated before calling `calculateCumulativeRate`

Aug '24

ZeroLend One

12.11 USDC • 1 total finding • Sherlock • EgisSecurity

#43

medium

Positions, which are using assets with large heartbeat may accrue bad debt

Sentiment V2

1,153.21 USDC • 9 total findings • Sherlock • EgisSecurity

#10

high

Exploiter can always bypass `LIQUIDATION_DISCOUNT` and always seize all collateral

medium

Exploiter can force user into unhealthy condition and liquidate him

medium

SuperPoolFactory

medium

Under certain circumstances bad debt will cause first depositor to lose funds

medium

Pool::liquidate()

medium

`SuperPool` has a `togglePause` function, but lack `whenNotPaused` modifier

medium

Liquidators won't have incentive to repay positions under some conditions

medium

`SuperPool#convertToShares` violates ERC4626

medium

Use can grief `SuperPool#reallocate` for USDT because it doesn't use `forceApprove`

May '24

Sophon Farming Contracts

2,985.94 USDC • 3 total findings • Sherlock • EgisSecurity

high

Many cases `stEth::transferFrom` will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance

high

Loss of funds when deposit flow uses `_ethTOeEth`, because deposit amount is not handled correctly

medium

SophonFarming.sol

Gamma - Locked Staking Contract

133.81 USDC • 1 total finding • Sherlock • EgisSecurity

medium

Malicious actor can use block stuffing to force staker into another cycle

Apr '24

Teller Finance

3,871.54 USDC • 16 total findings • Sherlock • EgisSecurity

high

`LenderCommitmentGroup_Smart.sol::burnSharesToWithdrawEarnings` steal previous depositors funds

high

TellerV2.sol

high

LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()

high

LenderCommitmentGroup_Smart.sol

high

LenderCommitmentGroup_Smart.sol

high

LenderCommitmentGroup_Smart.sol#getCollateralRequiredForPrincipalAmount()

high

If `repayLoanCallback` address doesn't implement `repayLoanCallback` try/catch won't go into the catch and will revert the tx

high

Unchecked `transferFrom` value may lead to borrower falsy repaying loan

high

`LendderCommitmentGroup::_calculateCollateralTokensAmountEq` may be manipulated

high

LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()

medium

User can easily DoS `FlashRolloverLoan_G5` for USDT loans

medium

__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2

medium

TellerV2.sol#lenderAcceptBid()

medium

`FlashRolloverLoan_G5::_acceptCommitment` with `smartCommitmentAddress` uses wrong signature

medium

LenderCommitmentGroup_Smart.sol#_generateTokenNameAndSymbol()

medium

LenderCommitmentGroup_Smart.sol#__valueOfUnderlying()

Nov '23

Wasabi-Solana

Collaborative Audit • Sherlock • EgisSecurity