Security Researcher
Ex-Petroleum Engineer | Solidity Developer & Security Researcher šÆ Managed DeFi projects holding millions in TVL š© DM for Partnerships | Security Reviews
High
Total
Medium
Solo
Total
Total Earnings
#285 All Time
Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Code4rena
Apr '24
Feb '24
high
TOFT can be forcefully unwrapped resulting in long-term DoS
high
Pending allowances can be exploited
high
All ETH can be stolen during rebalancing for `mTOFTs` that hold native
medium
`TOFTMarketReceiverModule::marketBorrowReceiver` flow is broken
medium
Pausable is not implemented
medium
Composing approval with other messages is subject to DoS
medium
StargateRouter cannot send payloads and rebalancing of ERC20s is broken
medium
`mTOFT` can be forced to receive the wrong ERC20 leading to token lockup
medium
Stargate Pools conversion rate leads to token accumulation inside the Balancer contract
medium
Gas parameters for Stargate swap are hardcoded leading to stuck messages
medium
`LeverageExecutor` is not working inside `BBLeverage` and `SGLeverage`
Jan '24
Oct '23
Sep '23
Aug '23
Jul '23
high
Refund mechanism for failed cross-chain transactions does not work
high
Attacker can block LayerZero channel due to missing check of minimum gas passed
high
Attacker can block LayerZero channel due to variable gas cost of saving payload
high
TOFT `triggerSendFrom` can be used to steal all the balance
high
TOFT `removeCollateral` can be used to steal all the balance
high
TOFT `exerciseOption` can be used to steal all underlying erc20 tokens
high
TOFT leverageDown always fails if TOFT is a wrapper for native tokens
medium
TOFT `exerciseOption` fails due to not passing `msg.value` properly
medium
Airdropped tokens can be stolen by a bot
Apr '22