https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/02891a70-3af0-41db-bb0e-de8b2e792a15.jpg

HHK

Security Researcher

fr/en - freelance, sometimes @yAuditDAO

Contact Me

High

12

Total

Medium

1

Solo

13

Total

$13.46K

Total Earnings

#446 All Time

9x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

5x

Top 10

All

Sherlock

Code4rena

Aug '24

Sentiment V2

Sentiment V2

1,781.08 USDC • 5 total findings • Sherlock • HHK

#4

high

No greater `timestamps` check in `RedstoneCoreOracle`

medium

Incomplete pool isolation when a position encounters bad debt

medium

`liquidationFee` changes could affect liquidators

medium

Deposits can be broken on first deposit

medium

Users can still deposit in the SuperPool when it's paused

Mar '24

Mento

Mento

4,571.42 USDC • 1 total finding • Sherlock • HHK

gold

medium

Governance voting doesn't take veMento stopped into account

Nov '23

Nouns Builder

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • HHK

#5

high

`rewardsManager.depositBatch()` may revert because of precision loss resulting in DOS of auctions

high

`updateFounders()` doesn't update founders's allocations properly

Oct '23

Real Wagmi #2

Real Wagmi #2

4,098.46 USDC • 6 total findings • Sherlock • HHK

silver

high

`repay()` is prone to sandwich attacks

high

Borrower cannot `repay()` if lender burns its NFT

medium

`computePoolAddress()` will not work on ZkSync Era

medium

Wrong `accLoanRatePerSeconds` in `repay()` can lead to underflow

medium

No deadline and slippage check on `takeOverDebt()` can lead to unexpected results

medium

Wrong check in `repay()` makes borrower loose its `dailyCollateral` if closing position quickly after opening it.

Sep '23

Allo V2

Allo V2

231.66 USDC • 5 total findings • Sherlock • HHK

#28

high

No access control on `setPoolActive()` can result last minute change of proposal bid

high

Allocators can vote infinitely in QVSimpleStrategy

medium

Check in `_distribute()` might revert even tho there is enough funds to pay

medium

Cannot register recipient if `useRegistryAnchor` is set to `true` in RFPSimpleStrategy

medium

Wrong accounting of `voiceCreditsCastToRecipient` in QVBaseStrategy

Aug '23

Dopex

Dopex

791.14 USDC • 4 total findings • Code4rena • HHK

#27

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

high

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

medium

The RdpxV2Core contract allows anyone to call redeem tokens even if the contract is paused.

Tangible Caviar

Tangible Caviar

72.72 USDC • Code4rena • HHK

#55

May '23

Juicebox Buyback Delegate

Juicebox Buyback Delegate

630.46 USDC • Code4rena • HHK

#7

Mar '23

Asymmetry contest

Asymmetry contest

206.07 USDC • 2 total findings • Code4rena • HHK

#34

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

high

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol