https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/5e3560a9-ef8f-4812-b3fe-c304ecdeff96.jpg

Honour

Security Researcher

Security Researcher

Contact Me

High

39

Total

Medium

1

Solo

26

Total

$19.10K

Total Earnings

#367 All Time

18x

Payouts

silver

3x

2nd Places

regular

8x

Top 10

regular

11x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '25

Peapods

Peapods

2,562.96 USDC • 7 total findings • Sherlock • Honour

#7

high

`AutoCompoundingPodlLp::_getSwapAmount` assumes tokens are sorted

medium

`FraxLendPairCore::_addInterest` incorrectly calculates utilization rate

medium

Decrease in vaults asset/share ratio will lead to incorrect Asset Metadata calculations in `LendingAssetVault`

medium

Incorrect slippage calculations in `Zapper::_swapV3Single` under certain conditions

medium

Hardcoded V3 pool fee tier in `Zapper::_swapV3Single` can be exploited or lead to DOS under certain conditions

medium

`AutoCompoundingPodlLp` does not support self-lending Pod with podded pair

medium

Unwrap fees is applied twice on pTKN price calculation

Dec '24

QuantAMM

QuantAMM

6,061.80 op • 7 total findings • CodeHawks • honour

silver

high

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

high

GradientBasedRules will not work for >=4 assets with vector lambdas

high

Incorrect uplift fee calculation leads to LPs incurring more fees than expected

medium

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

medium

incorrect length check in `_setGradient` will DOS manual setting of `intermediateGradientState` after pool initialization

medium

incorrect length check in `_setIntermediateVariance` will DOS manual setting of `intermediateVarianceStates` after pool initialization

low

incorrect length check in `_setIntermediateCovariance` will DOS manual setting of `intermediateCovarianceStates` after pool initialization

Nov '24

TermMax

TermMax

4,888.17 USDC • 3 total findings • Cantina • Honour

silver

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Debita Finance V3

Debita Finance V3

22.15 USDC • 3 total findings • Sherlock • Honour

#43

medium

Early return in `DebitaIncentives::updateFunds` will prevent funds update for other whitelisted pairs

medium

Malicious lendOrder can delete all orders

medium

DebitaV3Loan::extendLoan can be DoSed due to underflow arithmetic

Oct '24

stakeup-bloomv2

stakeup-bloomv2

259.05 USDC • 3 total findings • Cantina • Honour

#34

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Sep '24

instadapp-fluid

instadapp-fluid

925 USDC • Cantina • Honour

#6

Aug '24

ZeroLend One

ZeroLend One

465.95 USDC • 7 total findings • Sherlock • Honour

#23

high

PoolLogic::executeMintToTreasury decreases supplyShares which will lead to insolvency issues

high

getSupplyBalance and getDebtBalance calculates wrong balances affecting a bunch of functions

high

`LiquidationLogic::_calculateDebt` returns user's debtShares instead of debt balance

high

Liquidation fee is not taken from user's collateral balance & underlying balance

high

Use of incorrect NextDebtShares during liquidation will result in incorrect interest rate calculations

medium

getAssetPrice uses a fixed heartbeat of 30 min for stale price check, this would DoS priceFeeds of oracles with > 30 min heartbeat

medium

GenericLogic::calculateUserAccountData assumes same price decimals for all price feeds

Tadle

Tadle

976.40 USDC • 10 total findings • CodeHawks • honour

#6

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

high

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

high

Missing abort status check allows bid taker to steal users funds

low

`listOffer` Unsafely References Fungible Identifiers

low

Market Makers via relisting protected offers cannot set their Maker Bonus

Jul '24

Basin

Basin

731.92 USDC • 2 total findings • Code4rena • Honour

#4

high

Incorrectly assigned `decimal1` parameter upon decoding

high

`WellUpgradeable` can be upgraded by anyone

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

200.27 USDC • 8 total findings • Sherlock • Honour

#17

high

Briber has no way to claim unclaimed bribes after bribing period ends as stated by the docs

high

DOS on voting for pools with bribeRewarder due to incorrect check on _modify

high

Voters can loose their rewards due to wrong reward calculation in `_calculateRewards()`

medium

MasterChefV2 doesn't account for fee on transfer tokens on deposits

medium

Anyone can prevent pools from being bribable

medium

require statement in harvestPositionsTo prevents approved sender from harvesting positions

medium

incorrect implementation of onlyOwnerOrOperator allows anyone to call addToPosition on any position

medium

Multiplier updates are not enforced on existing positions

Velocimeter

Velocimeter

747.73 USDC • 1 total finding • Sherlock • Honour

#9

medium

Circulating supply of FLOW is calculated incorrectly

Jun '24

Size

Size

607.37 USDC • 6 total findings • Code4rena • Honour

#33

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool

medium

Multicall does not work as intended

medium

LiquidateWithReplacement does not charge swap fees on the borrower

May '24

Tokensoft Distributor Contracts Update

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • Honour

silver

medium

Incorrect vesting period data DOSes claiming of tokens

Apr '24

DYAD

DYAD

327.2 USDC • 6 total findings • Code4rena • Honour

#35

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

high

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

high

User can get their Kerosene stuck because of an invalid check on withdraw

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Mar '24

Ondo Finance

Ondo Finance

8.28 USDC • Code4rena • Honour

#17

Axis Finance

Axis Finance

5.04 USDC • 1 total finding • Sherlock • Honour

#28

high

Use of unintiliazed `lotId` to store auction routing data

Feb '24

Althea Liquid Infrastructure

Althea Liquid Infrastructure

7.18 USDC • 1 total finding • Code4rena • Honour

#34

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

AI Arena

AI Arena

2.29 USDC • 2 total findings • Code4rena • Honour

#154

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.