https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/8ae3762c-fdc2-4300-b6f7-d3b7f5196483.jpg

Fulum

Security Researcher

Security Researcher | Audits on @code4rena @immunefi | Open

Contact Me

High

9

Total

Medium

3

Total

$1.50K

Total Earnings

#1158 All Time

9x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

6x

Top 50

All

Code4rena

Jul '24

Karak Restaking

Karak Restaking

268.11 USDC • 1 total finding • Code4rena • Fulum

#14

high

The operator can create a `NativeVault` that can be silently unslashable.

Feb '24

AI Arena

AI Arena

111.78 USDC • 3 total findings • Code4rena • Fulum

#57

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

high

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

Oct '23

NextGen

NextGen

133.68 USDC • 2 total findings • Code4rena • Fulum

#53

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

The Wildcat Protocol

The Wildcat Protocol

23.41 USDC • 2 total findings • Code4rena • Fulum

#55

high

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Sep '23

Venus Prime

Venus Prime

4.37 USDC • Code4rena • Fulum

#39

Delegate

Delegate

40.13 USDC • Code4rena • Fulum

#9

Aug '23

Shell Protocol

Shell Protocol

9.16 USDC • Code4rena • Fulum

#19

Good Entry

Good Entry

638.32 USDC • 2 total findings • Code4rena • Fulum

#16

high

V3Proxy swapTokensForExactETH does not send back to the caller the unused input tokens

medium

Return value of low level `call` not checked.

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

268.2 USDC • 2 total findings • Code4rena • Fulum

#49

high

`UlyssesToken` asset ID accounting error

medium

Ulysses omnichain - addbridgeagentfactory in rootPort is not functional