https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

HeckerTrieuTien

Security Researcher

High

20

Total

Medium

9

Total

$3.08K

Total Earnings

#980 All Time

14x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

6x

Top 25

All

Sherlock

Code4rena

Cantina

Jul '25

Allbridge Core Yield

Allbridge Core Yield

150.46 USDC • 1 total finding • Sherlock • HeckerTrieuTien

bronze

medium

Attacker can inflate share price and drain deposits from PortfolioToken users in PortfolioToken. _subDepositRewardsPoolCheck

Mellow Flexible Vaults

Mellow Flexible Vaults

313.13 USDC • 3 total findings • Sherlock • HeckerTrieuTien

#21

medium

SignatureRedeemQueue will revert ETH redemptions for users in SignatureRedeemQueue

medium

Non-whitelisted sender can bypass transfer whitelist, blocking legitimate transfer in ShareManager.updateChecks

medium

Disallowed asset in subvault will revert redeem, denying withdrawals in BasicRedeemHook.callHook

DeBank

DeBank

118.22 USDC • Sherlock • HeckerTrieuTien

#25

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

187.96 USDC • 3 total findings • Sherlock • HeckerTrieuTien

#32

high

Any EVM address can steal cross-chain refunds from legitimate recipients

high

Attacker can drain any ERC-20/ZRC-20 held by GatewayTransferNative, stealing users’ funds

medium

Library mis-read the flag non-zero byte on decompressAccounts

May '25

primev-validator-registry

primev-validator-registry

0.18 USDC • 1 total finding • Cantina • HeckerTrieuTien

#6

high

Finding not yet public.

LEND

LEND

46.92 USDC • 7 total findings • Sherlock • HeckerTrieuTien

#43

high

Incorrect lToken-credit calculation in CoreRouter.supply()

high

Stale-rate payout error in CoreRouter.redeem()

high

Cross-Chain Liquidation Token Address Mismatch Vulnerability

high

Cross-Chain Router _checkLiquidationValid Liquidation Validation Bug

high

LEND Token Double-Claiming Vulnerability

high

_handleValidBorrowRequest in CrossChainRouter - Interest Calculation Bug

medium

Double Interest Calculation in CoreRouter.borrow

stability-contracts

stability-contracts

77.49 USDC • 1 total finding • Cantina • HeckerTrieuTien

#26

high

Finding not yet public.

jigsaw-contracts

jigsaw-contracts

247.62 USDC • 3 total findings • Cantina • HeckerTrieuTien

#29

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

superform-core

superform-core

40.13 USDC • 1 total finding • Cantina • HeckerTrieuTien

#37

high

Finding not yet public.

mystic-monorepo

mystic-monorepo

328.77 USDC • 3 total findings • Cantina • HeckerTrieuTien

#12

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Apr '25

mighty-contracts

mighty-contracts

0.15 USDC • 1 total finding • Cantina • HeckerTrieuTien

#100

high

Finding not yet public.

infinifi-protocol

infinifi-protocol

60.4 USDC • 1 total finding • Cantina • HeckerTrieuTien

#34

high

Finding not yet public.

Mar '25

Forte: Float128 Solidity Library

Forte: Float128 Solidity Library

1,274.07 USDC • 1 total finding • Code4rena • hecker_trieu_tien

#7

high

Precision loss in `toPackedFloat` function when mantissa is in range - (`MAX_M_DIGIT_NUMBER`, `MIN_L_DIGIT_NUMBER`)

Feb '25

Virtuals Protocol

Virtuals Protocol

230.73 USDC • 3 total findings • Code4rena • hecker_trieu_tien

#33

high

Lack of Access Control in `AgentNftV2::addValidator()` Enables Unauthorized Validator Injection and Causes Reward Accounting Inconsistencies

high

Public `ServiceNft::updateImpact` call leads to cascading issue

medium

Precision loss in priceALast, priceBLass