https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

IllIllI

Security Researcher

Contact Me

High

9

Solo

59

Total

Medium

37

Solo

182

Total

$724.67K

Total Earnings

#9 All Time

130x

Payouts

gold

19x

1st Places

silver

5x

2nd Places

bronze

4x

3rd Places

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

8,543.67 USDC • Sherlock • IllIllI

gold

Jul '24

MakerDAO Endgame

MakerDAO Endgame

40,563.84 USDC • Sherlock • IllIllI

silver

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

1.04 USDC • 1 total finding • Sherlock • IllIllI

#55

medium

Future integrations requiring `mintBatch()` will be broken

xKeeper

xKeeper

6,331.96 USDC • 1 total finding • Sherlock • IllIllI

silver

medium

L1 data fees are not reimbursed

Panoptic

Panoptic

32.96 USDC • Code4rena • IllIllI

#18

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

8,811.70 USDC • Sherlock • IllIllI

gold
Taiko

Taiko

187.87 USDC • Code4rena • IllIllI

#29

Feb '24

Perpetual

Perpetual

78,687.04 USDC • 10 total findings • Sherlock • IllIllI

gold

high

Two Pyth prices can be used in the same transaction to attack the LP pools

high

Whale LPs can make the admin's risk control parameters ineffective

medium

SpotHedgeBaseMaker uses the wrong oracle for non-evm/non-erc20 markets

medium

Attackers can create positions that have no incentive to be liquidated

medium

Price band caps apply to decreasing orders, but not to liquidations

medium

Withdrawal caps can be bypassed by opening positions against the SpotHedgeBaseMaker

medium

Attackers can sandwich their own trades up to the price bands

medium

No slippage control on maker LP `deposit()`/`withdraw()`

medium

Reservation price does not take into account the size of the order

medium

Borrow fees can be arbitrarily increased without the maker providing any value

Jan '24

Olympus On-Chain Governance

Olympus On-Chain Governance

9,393.72 USDC • 3 total findings • Sherlock • IllIllI

gold

medium

High risk checks can be bypassed with extra `calldata` padding

medium

Post-proposal vote quorum/threshold checks use a stale total supply value

medium

High-risk actions aren't all covered by the existing checks

Rio Vesting Escrow

Rio Vesting Escrow

8,125 USDC • 1 total finding • Sherlock • IllIllI

gold

high

Vaults can be bricked by `selfdestruct()`ing implementations, using forged immutable args

Truflation

Truflation

7,067.11 USDC • 1 total finding • Sherlock • IllIllI

#10

medium

User migration does not migrate unclaimed rewards

Dec '23

Olas

Olas

793.49 USDC • Code4rena • IllIllI

#7

Revolution Protocol

Revolution Protocol

28.2 USDC • Code4rena • IllIllI

#63

Nov '23

Shell Protocol

Shell Protocol

887.35 USDC • Code4rena • IllIllI

#4

ZetaChain

ZetaChain

292.32 USDC • Code4rena • IllIllI

#17

Jul '23

Beam

Beam

7,920.01 USDC • Sherlock • IllIllI

gold
Tapioca DAO

Tapioca DAO

76.55 USDC • 1 total finding • Code4rena • IllIllI

#79

medium

`ARBTriCryptoOracle` is vulnerable to read-only reentrancy

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

1,600.94 USDC • 2 total findings • Code4rena • IllIllI

#29

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

Protocol fees can become trapped indefinitely inside Talos vault contracts

Apr '23

GMX Update

GMX Update

102,008.81 USDC • 8 total findings • Sherlock • IllIllI

gold

high

Pool amount adjustments for collateral decreases aren't undone if swaps are successful

high

Swaps associated with position orders will use the wrong price

high

Limit swap orders can be used to get a free look into the future

high

`initialCollateralDeltaAmount` is incorrectly interpreted as a USD value when calculating estimated remaining collateral

medium

Stop-loss orders do not become marketable orders

medium

Users can get impact pool discounts while also increasing the virtual impact pool skew

medium

Virtual swap balances don't take into account token prices

medium

Virtual swap impacts can be bypassed by swapping through markets where only one of the collateral tokens has virtual inventory

Feb '23

GMX

GMX

121,547.01 USDC • 43 total findings • Sherlock • IllIllI

gold

high

Limit orders can be used to get a free look into the future

high

Pool value calculation uses wrong portion of the borrowing fees

high

Accounting breaks if end market appears multiple times in swap path

high

Fee receiver is given twice the amount of borrow fees it's owed

high

Collateral cannot be claimed due to inverted comparison condition

high

Collateral cannot be claimed because there is no mechanism for the config keeper to change the claimable factor

high

User-supplied slippage for decrease orders is ignored

high

Malicious revert reasons with faked lengths can disrupt order execution

high

Limit orders are broken when there are price gaps

high

Keepers can be forced to waste gas with long revert messages

high

ADL operations do not have any slippage protection

high

Tracking of the latest ADL block use the wrong block number on Arbitrum

medium

Users that have to claim collateral more than once for a time slot, may get the wrong total amount

medium

Collateral tokens that cannot be automatically swapped to the PnL token, cannot have slippage applied to them

medium

Virtual impacts can be trivially bypassed via structuring

medium

Fee receiver does not get paid when collateral is enough to cover the funding fee, during liquidation

medium

Market orders lose submitted prices if markets are temporarily disabled

medium

Missing checks for whether Arbitrum Sequencer is active

medium

Oracles are vulnerable to cross-chain replay attacks

medium

Missing checks for whether a position is still an ADL candidate

medium

PnL is incorrectly counted as collateral when determining whether to close positions automatically

medium

Trades in blocks where the bid or ask drops to zero will be priced using the previous block's price

medium

Positions cannot be liquidated once the oracle prices are zero

medium

Position fees are still assessed even if the ability to decrease positions is disabled

medium

Global position-fee-related state not updated until _after_ liquidation checks are done

medium

Slippage is not respected if PnL swap associated with a decrease order fails

medium

Limit orders are unnecessarily delayed by a block

medium

Malicious order keepers can trigger the cancellation of any order, with old blocks

medium

Single-sided deposits that are auto-adjusted may have their collateral value cut in half

medium

Orders with single-sided deposits that are auto-adjusted, always revert

medium

Orders with single-sided deposits that are auto-adjusted, always revert part 2

medium

When underlying collateral tokens are paused, orders can't be canceled

medium

Positions can still be liquidated even if orders to prevent it can't execute

medium

Insufficient funding fee rounding protection

medium

Unnecessary loss of precision

medium

Gas spikes after outages may prevent order execution

medium

Insufficient oracle validation

medium

`EmptyFeedPrice` will cause orders to be canceled

medium

Delayed orders won't use correct prices

medium

Negative prices will cause old orders to be canceled

medium

Liquidation shouldn't be used to close positions that were fully-collateralized prior to collateral requirement changes

medium

A single precision value may not work for both the min and max prices

medium

Order creation does not ensure the market is enabled

Jan '23

Popcorn contest

Popcorn contest

467.36 USDC • Code4rena • IllIllI

#38

Numoen contest

Numoen contest

1,548.21 USDC • Code4rena • IllIllI

#8

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

283.81 USDC • 2 total findings • Code4rena • IllIllI

#18

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

medium

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Drips Protocol contest

Drips Protocol contest

1,183.36 USDC • Code4rena • IllIllI

#8

Timeswap contest

Timeswap contest

886.34 USDC • 2 total findings • Code4rena • IllIllI

#12

high

[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt

medium

The `pay()` function can still be DOSed

Cooler

Cooler

5,872.58 USDC • 5 total findings • Sherlock • IllIllI

gold

high

Blocklisted addresses can be used to trigger defaults

high

Loans can be rolled an unlimited number of times

high

BNB collateral will be locked in the contract

medium

DAI/gOHM exchange rate may be stale

medium

Dust amounts can cause payments to fail, leading to default

OpenSea Seaport 1.2 contest

OpenSea Seaport 1.2 contest

2,757.95 USDC • Code4rena • IllIllI

silver
Ondo Finance contest

Ondo Finance contest

336.94 USDC • Code4rena • IllIllI

#12

Illuminate Round 2

Illuminate Round 2

13,176.66 USDC • 3 total findings • Sherlock • IllIllI

gold

high

The Notional version of `lend()` can be used to lock iPTs

high

Illuminate's PT doesn't respect users' slippage specifications for underlyings

medium

Protocol fees not taken on premium

Reserve contest

Reserve contest

2,311.19 USDC • Code4rena • IllIllI

#12

Astaria contest

Astaria contest

290.13 USDC • Code4rena • IllIllI

#38

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

444.6 USDC • 1 total finding • Code4rena • IllIllI

#27

medium

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Dec '22

Papr contest

Papr contest

866.64 USDC • Code4rena • IllIllI

#12

GoGoPool contest

GoGoPool contest

2,375.27 USDC • 4 total findings • Code4rena • IllIllI

#8

high

Inflation of ggAVAX share price by first depositor

high

Hijacking of node operators minipool causes loss of staked funds

medium

Users may not be able to redeem their shares due to underflow

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

Forgeries contest

Forgeries contest

813.6 USDC • Code4rena • IllIllI

#4

Caviar contest

Caviar contest

229.39 USDC • Code4rena • IllIllI

#26

Rain

Rain

9,105.01 USDC • Sherlock • IllIllI

gold

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

2,083.78 USDC • Code4rena • IllIllI

#10

Maverick contest

Maverick contest

1,359.35 USDC • Code4rena • IllIllI

#6

Nov '22

ParaSpace contest

ParaSpace contest

6,691.89 USDC • 4 total findings • Code4rena • IllIllI

#5

high

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

medium

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

medium

Interactions with AMMs do not use deadlines for operations

medium

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

1,550.2 USDC • Code4rena • IllIllI

#15

Blur Exchange contest

Blur Exchange contest

920.83 USDC • Code4rena • IllIllI

#6

LooksRare Aggregator contest

LooksRare Aggregator contest

1,286.35 USDC • Code4rena • IllIllI

#6

Debt DAO contest

Debt DAO contest

2,022.15 USDC • 1 total finding • Code4rena • IllIllI

#12

medium

address.call{value:x}() should be used instead of payable.transfer()

Chainlink Staking contest

Chainlink Staking contest

2,072.17 USDC • Code4rena • IllIllI

#10

Oct '22

zkSync v2 contest

zkSync v2 contest

1,785.36 USDC • Code4rena • IllIllI

#6

Illuminate

Illuminate

35,993.58 USDC • 16 total findings • Sherlock • IllIllI

gold

high

Illuminate PTs can be used to mint other Illuminate PTs

high

APWine PT redemptions can be blocked forever

high

Illuminate redemptions don't account for protocol pauses/temporary blocklistings

high

Illuminate's PT doesn't respect users' slippage specifications

high

Sense PTs can never be redeemed

high

Users can mint free Illuminate PTs if underlying decimals don't match external PTs

high

`IAPWineRouter` can be used to lock all protocol fees

medium

ERC777 transfer hooks can be used to bypass fees for markets that support Swivel

medium

The Pendle version of `lend()` uses the wrong function for swapping fee-on-transfer tokens

medium

Notional PT redemptions do not use flash-resistant prices

medium

Sense PT redemptions do not allow for known loss scenarios

medium

Fee-on-transfer underlyings can be used to mint Illuminate PTs without fees

medium

Wrong Illuminate PT allowance checks lead to loss of principal

medium

Holders of worthless external PTs can stick other Illuminate PT holders with bad debts

medium

Tempus lending only works with unlimited slippage

medium

There can only ever be one market with USDT as the underlying

Trader Joe v2 contest

Trader Joe v2 contest

2,426.18 USDC • Code4rena • IllIllI

#9

The Graph L2 bridge contest

The Graph L2 bridge contest

954.97 USDC • Code4rena • IllIllI

#9

Blur Exchange contest

Blur Exchange contest

1,239.39 USDC • Code4rena • IllIllI

#12

Mycelium

Mycelium

552.11 USDC • 2 total findings • Sherlock • IllIllI

#4

high

`Vault` early user attack prevention can be circumvented

medium

Funds may become locked if a plugin is blocklisted, or LINK is paused

Sep '22

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

442.91 USDC • Code4rena • IllIllI

#15

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

147.47 USDC • 2 total findings • Code4rena • IllIllI

#23

medium

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

medium

frxETHMinter: Non-conforming ERC20 tokens not recoverable

VTVL contest

VTVL contest

280.93 USDC • 1 total finding • Code4rena • IllIllI

#21

medium

Variable balance token causing fund lock and loss

Art Gobblers contest

Art Gobblers contest

9,175.91 USDC • 2 total findings • Code4rena • IllIllI

gold

medium

The reveal process could brick if `randProvider` stops working

medium

Possible centralization issue around RandProvider

Harpie

Harpie

2,353.09 USDC • 7 total findings • Sherlock • IllIllI

gold

medium

Token amounts over `type(uint128).max` are lost forever

medium

No support for fee-on-transfer tokens

medium

`payable().transfer()` is used to transfer Eth

medium

Signature malleability not protected against

medium

Nonces not used in signed data

medium

Cross-chain replay attacks are possible with `changeRecipientAddress()`

medium

NFTs may be lost due to non-safe transfers

Aug '22

Sentiment

Sentiment

2,240.13 USDC • 4 total findings • Sherlock • IllIllI

#8

high

Prices using wrong decimals returned for some Chainlink oracles

high

First depositor can break minting of LPToken shares

medium

Balances of rebasing tokens aren't properly tracked

medium

Prices for ERC4626 tokens are not flash-loan-resistant

Olympus DAO contest

Olympus DAO contest

2,358.52 USDC • 3 total findings • Code4rena • IllIllI

#8

medium

"TWAP" used is an observation-weighted-average-price, not a time-weighted one

medium

No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

509.93 USDC • Code4rena • IllIllI

#14

FIAT DAO veFDT contest

FIAT DAO veFDT contest

211.14 USDC • Code4rena • IllIllI

#21

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

1,668.25 USDC • 2 total findings • Code4rena • IllIllI

#9

medium

FraxlendPair#setTimeLock: Allows the owner to reset TIME_LOCK_ADDRESS

medium

Fraxlend pair deployment can be front-run by a custom pair deployment

Foundation Drop contest

Foundation Drop contest

171.72 USDC • 1 total finding • Code4rena • IllIllI

#14

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

Mimo August 2022 contest

Mimo August 2022 contest

889.68 USDC • Code4rena • IllIllI

#12

Rigor Protocol contest

Rigor Protocol contest

88.1 USDC • Code4rena • IllIllI

#46

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

529.69 USDC • Code4rena • IllIllI

#10

Golom contest

Golom contest

1,582.32 USDC • Code4rena • IllIllI

#10

Yield Witch v2 contest

Yield Witch v2 contest

320.94 USDC • Code4rena • IllIllI

#5

ENS contest

ENS contest

936.66 USDC • 1 total finding • Code4rena • IllIllI

#16

medium

transfer() depends on gas consts

Fractional v2 contest

Fractional v2 contest

585.2 USDC • 1 total finding • Code4rena • IllIllI

#25

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

Juicebox V2 contest

5,370.84 USDC • 6 total findings • Code4rena • IllIllI

#4

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

Juicebox project owner can create a honeypot to cause grief

medium

Lack of check on `mustStartAtOrAfter`

medium

Use a safe transfer helper library for ERC20 transfers

medium

Code credits fee-on-transfer tokens for amount stated, not amount transferred

medium

processFees() may fail due to exceed gas limit

Jun '22

Putty contest

Putty contest

1,773.63 USDC • 6 total findings • Code4rena • IllIllI

#8

medium

An attacker can create a short put option order on an NFT that does not support ERC721(like cryptopunk), and the user can fulfill the order, but cannot exercise the option

medium

Put option sellers can prevent exercise by specifying zero amounts, or non-existant tokens

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

medium

Unbounded loops may cause `exercise()`s and `withdraw()`s to fail

medium

Options with a small strike price will round down to 0 and can prevent assets to be withdrawn

medium

Putty position tokens may be minted to non ERC721 receivers

Nibbl contest

Nibbl contest

1,077.01 USDC • 1 total finding • Code4rena • IllIllI

#13

medium

`Twav.sol#_getTwav()` will revert when timestamp > 4294967296

Yieldy contest

Yieldy contest

2,433.19 USDC • 2 total findings • Code4rena • IllIllI

#7

medium

Removal of liquidity from the reserve can be griefed

medium

Withdrawals initiated after cycle withdrawal request won't be withdrawn in the correct cycle

Illuminate contest

Illuminate contest

1,431.17 USDC • 1 total finding • Code4rena • IllIllI

#12

high

Lender: no check for paused market on mint

Nested Finance contest

Nested Finance contest

533.24 USDC • 1 total finding • Code4rena • IllIllI

#4

medium

`NestedFactory` does not track operators properly

Badger-Vested-Aura contest

Badger-Vested-Aura contest

689.83 USDC • 1 total finding • Code4rena • IllIllI

#9

medium

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

604.27 USDC • 1 total finding • Code4rena • IllIllI

#19

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

Connext Amarok contest

Connext Amarok contest

989.95 USDC • Code4rena • IllIllI

#16

Notional x Index Coop

Notional x Index Coop

981.79 USDC • Code4rena • IllIllI

#12

May '22

Backd Tokenomics contest

Backd Tokenomics contest

2,904.42 USDC • 1 total finding • Code4rena • IllIllI

#10

medium

There are multiple ways for admins/governance to rug users

veToken Finance contest

veToken Finance contest

4,587.38 USDT • 3 total findings • Code4rena • IllIllI

#5

medium

Admin Privilege in minting to arbitrary address allows operator to dilute tokens

medium

`VE3DRewardPool` and `VE3DLocker` adds to an unbounded array which may potentially lock all rewards in the contract

medium

Missing sane bounds on asset weights

Velodrome Finance contest

Velodrome Finance contest

5,064.4 USDC • 3 total findings • Code4rena • IllIllI

#5

high

Users can get unlimited votes

medium

Voting tokens may be lost when given to non-EOA accounts

medium

Bribe.sol is not meant to handle fee-on-transfer tokens

Rubicon contest

Rubicon contest

2,507.33 USDC • 11 total findings • Code4rena • IllIllI

#5

high

RubiconRouter _swap does not pass whole amount to RubiconMarket

high

RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone

high

RubiconRouter.swapEntireBalance() doesn't handle the slippage check properly

medium

USDT is not supported because of approval mechanism

medium

Inconsistent Order Book Accounting When Working With Transfer-On-Fee or Deflationary Tokens

medium

RubiconRouter: Excess ether did not return to the user

medium

Admin rug vectors

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

medium

RubiconRouter maxSellAllAmount does not trasnfer user's fund into its address, causing calls to always revert

medium

Wrong DOMAIN_SEPARATOR

medium

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

OpenSea Seaport contest

OpenSea Seaport contest

6,888.62 USDC • Code4rena • IllIllI

#11

Sturdy contest

Sturdy contest

2,915.34 USDC • 3 total findings • Code4rena • IllIllI

#5

high

hard-coded slippage may freeze user funds during market turbulence

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

medium

`processYield()` and `distributeYield()` may run out of gas and revert due to long list of extra rewards/yields

Aura Finance contest

Aura Finance contest

10,751.19 USDC • 3 total findings • Code4rena • IllIllI

bronze

medium

Users may lose rewards to other users if rewards are given as fee-on-transfer tokens

medium

`AuraBalRewardPool` charges a penalty to all users in the pool if the `AuraLocker` has been shut down

medium

Users can grief reward distribution

Cally contest

Cally contest

3,575.63 USDC • 6 total findings • Code4rena • IllIllI

#4

high

[WP-H0] Fake balances can be created for not-yet-existing ERC20 tokens, which allows attackers to set traps to steal funds from future users

medium

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

medium

Owner can set the feeRate to be greater than 100% and cause all future calls to `exercise` to revert

medium

Vaults steal rebasing tokens' rewards

medium

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

medium

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Enso Finance contest

Enso Finance contest

3,427.58 USDT • Code4rena • IllIllI

#9

Alchemix contest

Alchemix contest

2,618.57 DAI • Code4rena • IllIllI

#9

FactoryDAO contest

FactoryDAO contest

13,220.46 DAI • 10 total findings • Code4rena • IllIllI

gold

high

MerkleVesting withdrawal does not verify that tokens were transferred successfully

high

SpeedBumpPriceGate: Excess ether did not return to the user

medium

Rebasing tokens go to the pool owner, or remain locked in the various contracts

medium

Unbounded loop in `withdraw()` may cause rewards to be locked in the contract

medium

Pool owners can prevent the payment of taxes

medium

Pool owners can prevent withdrawals of specific receipts

medium

Merkle-tree-related contracts vulnerable to cross-chain-replay attacks

medium

amount requires to be updated to contract balance increase (1)

medium

ERC20 tokens with different decimals than 18 leads to loss of funds

medium

Owner of a pool may prevent any taxes being withdrawn

Cudos contest

Cudos contest

5,500.94 USDC • 2 total findings • Code4rena • IllIllI

#5

medium

Admin drains all ERC based user funds using withdrawERC20()

medium

Validators can cause transactions where they are not the one being paid the fees, to revert

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

1,878.54 USDC • 3 total findings • Code4rena • IllIllI

bronze

medium

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

medium

Critical variables shouldn't be changed after they are set

medium

IERC20.transfer does not support all ERC20 token

bunker.finance contest

bunker.finance contest

1,029.73 USDC • 1 total finding • Code4rena • IllIllI

#5

medium

Chainlink pricer is using a deprecated API

Apr '22

PoolTogether Aave v3 contest

PoolTogether Aave v3 contest

5,204.03 USDC • 3 total findings • Code4rena • IllIllI

gold

medium

_depositAmount requires to be updated to contract balance increase

medium

Yield source does not correctly calculate share conversions

medium

Owner or Managers can rug Aave rewards

AbraNFT contest

AbraNFT contest

2,418.07 MIM • 2 total findings • Code4rena • IllIllI

#6

high

The return value `success` of the get function of the INFTOracle interface is not checked

high

Lender is able to seize the collateral by changing the loan parameters

Backd contest

Backd contest

15,927.75 USDC • 4 total findings • Code4rena • IllIllI

silver

high

Customers cannot be `topUp()`ed a second time

medium

Chainlink's latestRoundData might return stale or incorrect results

medium

Lack of `safeApprove(0)` prevents some registrations, and the changing of stakers and LP tokens

medium

`call()` should be used instead of `transfer()` on an `address payable`

xTRIBE contest

xTRIBE contest

11,075 USDC • 1 total finding • Code4rena • IllIllI

gold

medium

`FlywheelCore.setBooster()` can be used to steal unclaimed rewards

Phuture Finance contest

Phuture Finance contest

3,835.9 USDC • 3 total findings • Code4rena • IllIllI

#4

medium

Chainlink's latestRoundData might return stale or incorrect results

medium

Inactive skipped assets can be drained from the index

medium

Index managers can rug user funds

Badger Citadel contest

Badger Citadel contest

9,864.86 USDC • 2 total findings • Code4rena • IllIllI

gold

medium

Funding.deposit() doesn't work if there is no discount set

medium

Stale price used when `citadelPriceFlag` is cleared

JPEG'd contest

JPEG'd contest

1,361.64 USDC • Code4rena • IllIllI

#12

Axelar Network contest

Axelar Network contest

2,136 USDC • Code4rena • IllIllI

#6

Duality Focus contest

Duality Focus contest

1,861.76 USDC • 1 total finding • Code4rena • IllIllI

bronze

medium

Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

Backed Protocol contest

Backed Protocol contest

1,126.72 USDC • 2 total findings • Code4rena • IllIllI

#6

high

Can force borrower to pay huge interest

medium

Protocol doesn't handle fee on transfer tokens

Mar '22

Volt Protocol contest

Volt Protocol contest

2,790.92 USDC • 1 total finding • Code4rena • IllIllI

#4

medium

Div by 0

Joyn contest

Joyn contest

431.3 USDC • Code4rena • IllIllI

#18

Paladin contest

Paladin contest

2,322.3 USDC • 2 total findings • Code4rena • IllIllI

#7

medium

Past state query results are susceptible to manipulation due to multiple states with same block number

medium

Users with large `cooldown`s can grief other users

Sublime contest

Sublime contest

762.33 USDC • Code4rena • IllIllI

#7

LI.FI contest

LI.FI contest

203.26 USDC • Code4rena • IllIllI

#38

prePO contest

prePO contest

1,976.43 USDC • 1 total finding • Code4rena • IllIllI

#7

high

Withdrawal delay can be circumvented

Rolla contest

Rolla contest

3,255.15 USDC • 1 total finding • Code4rena • IllIllI

#4

medium

QTokens with the same symbol will lead to mistakes

Maple Finance contest

Maple Finance contest

1,754.86 USDC • Code4rena • IllIllI

bronze
Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

730.31 USDT • 2 total findings • Code4rena • IllIllI

#19

medium

Owners have absolute control over protocol

medium

Incompatibility With Rebasing/Deflationary/Inflationary token

Timeswap contest

Timeswap contest

10,874.06 USDC • 2 total findings • Code4rena • IllIllI

gold

high

[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt

medium

The `pay()` function can still be DOSed

Feb '22

Anchor contest

Anchor contest

853.53 UST • Code4rena • IllIllI

#13

Foundation contest

Foundation contest

10,801.7 USDC • 2 total findings • Code4rena • IllIllI

silver

high

Creators can steal sale revenue from owners' sales

medium

Exchange does not split royalty revenue correctly

JPYC contest

JPYC contest

1,001.22 USDC • Code4rena • IllIllI

#9

PoolTogether TWAB Delegator contest

PoolTogether TWAB Delegator contest

98.17 USDC • Code4rena • IllIllI

#13

SKALE contest

SKALE contest

5,476.18 USDC • 3 total findings • Code4rena • IllIllI

#7

medium

Not compatible with Rebasing/Deflationary/Inflationary tokens

medium

Schain owners can rug pull users' funds

medium

TokenManagerERC20.sol uses transferFrom() instead of safeTransferFrom()

Hubble contest

Hubble contest

439.99 USDC • Code4rena • IllIllI

#20

Tribe Turbo contest

Tribe Turbo contest

1,103.85 USDC • Code4rena • IllIllI

#12

Ooki contest

Ooki contest

126.5 USDC • Code4rena • IllIllI

#9

Redacted Cartel contest

Redacted Cartel contest

251.92 USDC • 2 total findings • Code4rena • IllIllI

#23

medium

SafeERC20.sol is imported but not used in the transferBribes() function

medium

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

Aave Lens contest

Aave Lens contest

7,570.87 USDC • 1 total finding • Code4rena • IllIllI

#5

medium

Reentrancy allows commenter to overwrite own comments

Nested Finance contest

Nested Finance contest

1,255 USDC • 1 total finding • Code4rena • IllIllI

#8

medium

`NestedFactory` does not track operators properly

Badger Citadel contest

Badger Citadel contest

401.09 USDC • 2 total findings • Code4rena • IllIllI

#19

medium

Funding.deposit() doesn't work if there is no discount set

medium

Stale price used when `citadelPriceFlag` is cleared

Concur Finance contest

Concur Finance contest

1,275.51 USDC • 3 total findings • Code4rena • IllIllI

#16

high

USDMPegRecovery Risk of fund locked, due to discrepancy between curveLP token value against internal contract math

medium

Fee-on-transfer token donations in `Shelter` break withdrawals

medium

[ConcurRewardPool] Possible reentrancy when claiming rewards

Jan '22

Yield-Convex contest

Yield-Convex contest

30.21 USDC • Code4rena • IllIllI

#16

Notional contest

Notional contest

23.04 USDC • Code4rena • IllIllI

#22

OpenLeverage contest

OpenLeverage contest

6.26 USDT • Code4rena • IllIllI

#23

Behodler contest

Behodler contest

8.37 USDC • Code4rena • IllIllI

#31