Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/405ff47a-038b-419a-9ecc-1cf5d4308a89.png

GalloDaSballo

Security Researcher

iykyk Build things, make mistakes, learn.

Contact Me

High

23

Total

Medium

5

Solo

70

Total

$206.11K

Total Earnings

#42 All Time

49x

Payouts

gold

2x

1st Places

silver

5x

2nd Places

bronze

3x

3rd Places

All

Sherlock

Code4rena

Cantina

Feb '25

Nerite

Nerite

Collaborative Audit • Sherlock • GalloDaSballo

Jul '24

Velocimeter

Velocimeter

643.45 USDC • 3 total findings • Sherlock • GalloDaSballo

#14

high

`OptionTokenV4.exerciseLP`'s `addLiquidity` lack of slippage can be abused to make victims exercise for a lower liquidity than intended

high

`DepositWithLock` done via `OptionToken` can be abused to permanently lock a user position

medium

`Pool` changes cause reverts on Small Swaps and on Fee set to 0

May '24

Euler-v2

Euler-v2

6,914 USDC • Cantina • GalloDaSballo

#18

Apr '24

Renzo

Renzo

467.94 USDC • 3 total findings • Code4rena • GalloDaSballo

#22

high

The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1

high

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

medium

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage

DYAD

DYAD

22.18 USDC • 3 total findings • Code4rena • GalloDaSballo

#80

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

medium

Value of kerosene can be manipulated to force liquidate users

medium

No incentive to liquidate when CR <= 1 as asset received < dyad burned

Mar '24

Optimism Fault Proofs

Optimism Fault Proofs

35,478.23 USDC • 2 total findings • Sherlock • GalloDaSballo

silver

medium

l2BlockNumber()` can be used to prevent creating new Games

medium

`tx.origin` breaks ability to have someone else broadcast TXs and may cause loss of bonds

Jan '24

Blast

Blast

40,646.95 USDC • 3 total findings • Cantina • GalloDaSballo

#11

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '23

Beraborrow

Beraborrow

Collaborative Audit • Sherlock • GalloDaSballo

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

3,696.67 USDC • Code4rena • GalloDaSballo

#17

Jul '23

PoolTogether

PoolTogether

1,659.9 USDC • 1 total finding • Code4rena • GalloDaSballo

#16

medium

Exchange Rate Change in Case of Lossy Strategy will cause the Vault to Undercollateralized for generic ERC4626 Yield Vaults

Tapioca DAO

Tapioca DAO

21,082.74 USDC • 25 total findings • Code4rena • GalloDaSballo

gold

high

Liquidation transactions can potentially fail for all markets

high

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

high

`TricryptoLPStrategy.compoundAmount` always returns 0 because it's using staticall vs call

high

`LidoEthStrategy._currentBalance` is subject to price manipulation, allows overborrowing and liquidations

high

Usage of `BalancerStrategy.updateCache` will cause single sided Loss, discount to Depositor and to OverBorrow from Singularity

high

BalancerStrategy `_withdraw` uses `BPT_IN_FOR_EXACT_TOKENS_OUT` which can be attack to cause loss to all depositors

medium

Seer.get uses a view fetcher, breaking the intended use

medium

`emitForWeek` will lose `emissionForWeek` if one week is skipped

medium

`TapiocaOptionLiquidityProvision` causes Loss of Yield when depositing and withdrawing from Singularity - should use shares to track balances

medium

`TapiocaOptionLiquidityProvision` stores amount which cause Socialization of Loss when unlocking

medium

Burning FlashFee breaks a core protocol invariant

medium

Using `setBigBangEthMarketDebtRate` or `setBigBangConfig` cause incorrect interest calculation due to retroactively applying the interest rate

medium

MEV Attack on `stkAAVE` causes the AaveStrategy to give away all of the Yield

medium

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

medium

a4185aaf2a0a953dd8ea2e7f62a58087c4cd5680bfbe8c3a749efef847af3c3b - Sent Privately

medium

Convex `BaseRewardPool` allows Claim on Behalf which causes delta to break - Loss of all Rewards

medium

Curve Strategy Yield can be Lost by Griefing due to Delta Balance Check

medium

LidEthStrategys Hardcoded 2.5% slippage allows stealing all tokens above $2MLN

medium

LidoETHStrategy buys stETH at 1-1 instead of buying it from the Pool at Discount

medium

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

medium

`YearnStrategy` is ignoring the `lockedProfits`, giving away all of the Yield to laggard depositors

medium

Single UniswapV3Swapper using a single fee makes it highly likely to be suboptimal

medium

`getDebtRate()` is view and reads `ethMarket.getTotalDebt` allowing for manipulations

medium

A portion of stargate token rewards earned by StargateStrategy are permanently locked in the contract

medium

`_getDiscountedPaymentAmount` doesn't work for tokens with more than 18 decimals

May '23

BASE

BASE

8,029.15 USDC • Code4rena • GalloDaSballo

silver
Footium

Footium

395.52 USDC • 3 total findings • Sherlock • GalloDaSballo

#9

medium

`safeMint` is not `safeMint` - broken EIP-721 spec

medium

Will not work for Non Standard ERC-20 such as USDT

medium

`changeMaxGenerationId` allows to mint tokens from older generations retroactively

Apr '23

JOJO Exchange

JOJO Exchange

3,453.70 USDC • 4 total findings • Sherlock • GalloDaSballo

bronze

high

DepositStableCoinToDealer and GeneralRepay approval farming allows to steal all approved tokens

medium

You can liquidate the insurance, burning all bad debt

medium

Max Deposits per account can be sidestepped

medium

`uniswapPriceAdaptor` may check quotes on low liquidity pairs as not all tokens are directly liquid

Mar '23

Polynomial Protocol contest

Polynomial Protocol contest

3,039.76 USDC • Code4rena • GalloDaSballo

#7

Feb '23

Ethos Reserve contest

Ethos Reserve contest

11,609.81 USDC • 4 total findings • Code4rena • GalloDaSballo

bronze

medium

Last Trove may be prevented from redeeming

medium

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

medium

Denial of liquidations and Redemptions by borrowing all reserves from AAVE

medium

`upgradeProtocol` can create Peg Risk via Oracle Price Arbitrage

GMX

GMX

1,739.15 USDC • 2 total findings • Sherlock • GalloDaSballo

#15

high

`setLatestAdlBlock` may set the wrong block number

medium

Oracle is not checking for sequencer uptime

Jan '23

Optimism

Optimism

24,714.87 USDC • 1 total finding • Sherlock • GalloDaSballo

#6

medium

Optimism Portal can run out of gas due to incorrect overhead estimation

Sentiment Update #3

Sentiment Update #3

2,857.14 USDC • 2 total findings • Sherlock • GalloDaSballo

silver

medium

`PreviewRedeem` may under-price the value of the asset

medium

Risk with Liquidation - Because of partnership requirement, caller may be unable to redeem during liquidation making it less likely for them to be willing to perform the liquidation

Reserve contest

Reserve contest

2,197.55 USDC • 1 total finding • Code4rena • GalloDaSballo

#13

medium

Should Accrue Before Change, Loss of Rewards in case of change of settings

Dec '22

Lyra

Lyra

304.44 USDC • Sherlock • GalloDaSballo

#7

Findings not publicly available for private contests.

Nov '22

Sentiment Update #2

Sentiment Update #2

4,090.90 USDC • 1 total finding • Sherlock • GalloDaSballo

gold

high

H-01 wstETH-ETH Curve LP Token Price can be manipulated to Cause Unexpected Liquidations

Oct '22

3xcalibur contest

3xcalibur contest

3,707.35 USDC • Code4rena • GalloDaSballo

silver
Mover

Mover

2,594.88 USDC • 1 total finding • Sherlock • GalloDaSballo

silver

high

H-01 - All Fees can be stolen by using them as input amounts - (Works on any exchange)

Sep '22

Knox Finance

Knox Finance

20.77 USDC • 1 total finding • Sherlock • GalloDaSballo

#12

medium

M-01 Feed latest answer not validated (may be old, may be down)

Notional

Notional

167.14 USDC • 1 total finding • Sherlock • GalloDaSballo

#12

medium

M-02 wstETH Feed Doesn't check for Freshness

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

328.66 USDC • Code4rena • GalloDaSballo

bronze

Aug '22

Sentiment

Sentiment

4,684.49 USDC • 4 total findings • Sherlock • GalloDaSballo

#5

medium

M-03 YTokenOracle doesn't account for losses when pricing the yToken

medium

M-04 Chainlink Feed Price is not validated

medium

M-05 Yearn `withdraw(uint)` selector may backfire

medium

M-01 Account may not be able to sell a token if using UniV3

Olympus DAO contest

Olympus DAO contest

872.66 USDC • 3 total findings • Code4rena • GalloDaSballo

#26

medium

Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting

medium

Heart will stop if all rewards are swept

medium

No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

Nouns DAO contest

Nouns DAO contest

55.52 USDC • Code4rena • GalloDaSballo

#26

FIAT DAO veFDT contest

FIAT DAO veFDT contest

49.89 USDC • Code4rena • GalloDaSballo

#45

Rigor Protocol contest

Rigor Protocol contest

1,979.53 USDC • 2 total findings • Code4rena • GalloDaSballo

#7

high

Builder can call `Community.escrow` again to reduce debt further using same signatures

medium

Task Functionality completely sidestepped via `autoWithdraw`

Jul '22

Golom contest

Golom contest

1,190.39 USDC • Code4rena • GalloDaSballo

#13

Juicebox V2 contest

Juicebox V2 contest

577.55 USDC • 2 total findings • Code4rena • GalloDaSballo

#20

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

Unhandled chainlink revert would lock all price oracle access

Jun '22

Putty contest

Putty contest

365.59 USDC • 2 total findings • Code4rena • GalloDaSballo

#32

medium

`fee` can change without the consent of users

medium

Malicious Token Contracts May Lead To Locking Orders

Nibbl contest

Nibbl contest

28.28 USDC • Code4rena • GalloDaSballo

#62

Yieldy contest

Yieldy contest

1,332.45 USDC • 1 total finding • Code4rena • GalloDaSballo

#12

medium

Staking `preSign` could use some basic validations

Illuminate contest

Illuminate contest

1,748.7 USDC • 5 total findings • Code4rena • GalloDaSballo

#9

high

Able to mint any amount of PT

medium

Swivel lend method doesn't pull protocol fee from user

medium

Leak of Value in `yield` function, slippage check is not effective

medium

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

medium

Centralisation Risk: Admin Can Change Important Variables To Steal Funds

May '22

veToken Finance contest

veToken Finance contest

990.3 USDT • 1 total finding • Code4rena • GalloDaSballo

#20

medium

Admin Privilege in minting to arbitrary address allows operator to dilute tokens

Apr '22

Mimo DeFi contest

Mimo DeFi contest

89.04 USDC • Code4rena • GalloDaSballo

#24

Feb '22

Redacted Cartel contest

Redacted Cartel contest

970.15 USDC • 3 total findings • Code4rena • GalloDaSballo

#10

medium

Wrong slippage check

medium

Admin Privilege - Owner can rug via `ThecosomataETH.withdraw`

medium

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

Concur Finance contest

Concur Finance contest

1,286.89 USDC • 4 total findings • Code4rena • GalloDaSballo

#15

high

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

high

USDMPegRecovery Risk of fund locked, due to discrepancy between curveLP token value against internal contract math

medium

StakingRewards.recoverERC20 allows owner to rug the `rewardsToken`

medium

[ConcurRewardPool] Possible reentrancy when claiming rewards

Sep '21

Swivel contest

Swivel contest

1,229.67 ETH • 1 total finding • Code4rena • GalloDaSballo

#14

high

Unsafe handling of underlying tokens

Wild Credit contest

Wild Credit contest

356.84 USDC • Code4rena • GalloDaSballo

#8

Sushi Trident contest phase 1

Sushi Trident contest phase 1

2,647.44 USDC • Code4rena • GalloDaSballo

#10

Jul '21

PoolTogether micro contest #1

PoolTogether micro contest #1

1,344.95 USDC • 2 total findings • Code4rena • GalloDaSballo

#6

high

onlyOwnerOrAssetManager can swap Yield Source in SwappableYieldSource at any time, immediately rugging all funds from old yield source

medium

Old yield source still has infinite approval

Spartan Protocol contest

Spartan Protocol contest

1,576.8 USDC • 1 total finding • Code4rena • GalloDaSballo

#9

medium

_deposit resetting user rewards can be used to grief them and make them loose rewards via `depositForMember `

Connext contest

Connext contest

29.52 USDC • Code4rena • GalloDaSballo

#9

Gro Protocol contest

Gro Protocol contest

249.11 USDC • Code4rena • GalloDaSballo

#7

Jun '21

PoolTogether contest

PoolTogether contest

582.7 USDC • Code4rena • GalloDaSballo

#7

Apr '21

LarvaLabs Meebits Contest

LarvaLabs Meebits Contest

2,005.35 USDC • 1 total finding • Code4rena • GalloDaSballo

#4

medium

randomIndex is not truly random - possibility of predictably minting a specific token Id