https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/e694a4cc-83f5-4b50-971b-7ae5aa7c94e2.jpg

HALITUS

Security Researcher

Web3 Security Researcher 🚧 Electronics Engineer 👨🏻‍💻 METAVERSE 〽️ ANIME ⛵️ CARS 🏎 Always available for discussions

Contact Me

High

5

Total

Medium

5

Total

$445.00

Total Earnings

#1539 All Time

4x

Payouts

regular

1x

Top 25

regular

2x

Top 50

All

Sherlock

Code4rena

CodeHawks

Jan '24

Salty.IO

Salty.IO

2.41 USDC • 2 total findings • Code4rena • HALITUS

#115

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Oct '23

The Wildcat Protocol

The Wildcat Protocol

0.06 USDC • 1 total finding • Code4rena • HALITUS

#75

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

88.79 USDC • 5 total findings • CodeHawks • HALITUS

#48

high

Lender contract can be drained by re-entrancy in `repay`

high

During refinance() new Pool balance debt is subtracted twice

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Lender contract can be drained by re-entrancy in `seizeLoan`

medium

Lender contract can be drained by re-entrancy in `refinance` (collateral)

Jun '23

DODO V3

DODO V3

354.05 USDC • 2 total findings • Sherlock • HALITUS

#15

high

When a D3MM pool repays all of the borrowed funds to vault using `D3Funding.sol repayAll`, an attacker can steal double the amount of those funds from vault

medium

On liquidation, an attacker can get collateral tokens without paying debt tokens to vault, or a user can end up paying debt tokens without getting collateral back in return