https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_6.png

GreyArt

Security Researcher

Contact Me

High

7

Total

Medium

21

Total

$52.31K

Total Earnings

#195 All Time

8x

Payouts

gold

2x

1st Places

silver

1x

2nd Places

regular

7x

Top 10

All

Code4rena

Jun '22

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

1,067.74 USDC • 5 total findings • Code4rena • GreyArt

#12

high

Overpayment of native ETH is not refunded to buyer

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

high

Calling `unstake()` can cause locked funds

medium

fund lose or griefing in all order matching functions [matchOneToOneOrders(), matchOneToManyOrders(), matchOrders(), takeMultipleOneOrders(), takeOrders()] because condition (seller != buyer ) is not checked in any of them

medium

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Notional x Index Coop

Notional x Index Coop

4,515.73 USDC • 2 total findings • Code4rena • GreyArt

#7

high

Rounding Issues In Certain Functions

medium

Upgraded Q -> M from 104 [1656258768065]

Mar '22

prePO contest

prePO contest

1,384.91 USDC • 2 total findings • Code4rena • GreyArt

#8

high

First depositor can break minting of shares

medium

Market expiry behaviour differs in implementation and documentation

Feb '22

Nested Finance contest

Nested Finance contest

5,879.27 USDC • 6 total findings • Code4rena • GreyArt

silver

medium

FeeSplitter: No sanity check to prevent shareholder from being added twice.

medium

NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH

medium

FeeSplitter: Unbounded number of shareholders can cause DOS

medium

isResolverCached() will always return false after removing operator

medium

Ensure on-chain that cache is synced

medium

NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()

Jan '22

Sherlock contest

Sherlock contest

11,521.89 USDC • 3 total findings • Code4rena • GreyArt

gold

medium

tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake

medium

SherlockClaimManager: Incorrect amounts needed and paid for escalated claims

medium

updateYieldStrategy will freeze some funds with the old Strategy if yieldStrategy fails to withdraw all the funds because of liquidity issues

Dec '21

NFTX contest

NFTX contest

4,334.52 USDC • 2 total findings • Code4rena • GreyArt

#6

high

A vault can be locked from MarketplaceZap and StakingZap

medium

NFTXSimpleFeeDistributor#addReceiver: Failure to check for existing receiver

Nov '21

Nested Finance contest

Nested Finance contest

11,095.85 USDC • 6 total findings • Code4rena • GreyArt

gold

medium

FeeSplitter: No sanity check to prevent shareholder from being added twice.

medium

NestedFactory: Ensure zero msg.value if transferring from user and inputToken is not ETH

medium

FeeSplitter: Unbounded number of shareholders can cause DOS

medium

isResolverCached() will always return false after removing operator

medium

Ensure on-chain that cache is synced

medium

NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()

Sep '21

Sushi Trident contest phase 1

Sushi Trident contest phase 1

12,511.56 USDC • 2 total findings • Code4rena • GreyArt

#5

high

IndexPool: Poor conversion from Balancer V1's corresponding functions

medium

ConstantProductPool & HybridPool: Adding and removing unbalanced liquidity yields slightly more tokens than swap