Inspex

Security Researcher

Contact Me

High

Total

Medium

Total

$5.46K

Total Earnings

#720 All Time

16x

Payouts

1x

3rd Places

3x

Top 10

6x

Top 25

All

Sherlock

Code4rena

Cantina

Jun '24

Size

3.43 USDC • 1 total finding • Code4rena • Inspex

#61

medium

Multicall does not work as intended

Apr '24

NOYA

229.28 USDC + NOYA stars • 10 total findings • Code4rena • Inspex

#35

high

Incomplete TVL Calculation in `AerodromeConnector::_getPositionTVL` Function.

high

Numerous errors when calculating the TVL for the MorphoBlue connector

high

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

medium

Withdrawals in AccountManager are prone to DOS attacks.

medium

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

medium

The total deposit amount limit in `AccountingManager.sol` can be bypassed

medium

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

medium

Incorrect modifier condition

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

medium

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

Feb '24

curvance

328 USDC • 1 total finding • Cantina • inspex

#37

high

Finding not yet public.

Jan '24

Curves

0 USDC • 1 total finding • Code4rena • Inspex

#137

high

Unauthorized Access to setCurves Function

Nov '23

Nouns Builder

828.43 USDC • 1 total finding • Sherlock • Inspex

medium

Arbitralilty Pausing in Auction

Sep '23

Allo V2

0.09 USDC • 1 total finding • Sherlock • Inspex

#74

medium

Possible Denial of Service (DoS) on Fee-on-Transfer Token

Aug '23

Dopex

181.45 USDC • 3 total findings • Code4rena • Inspex

#63

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

Apr '23

JOJO Exchange

961.08 USDC • 2 total findings • Sherlock • Inspex

#16

high

Arbitrary low-level call in `DepositStableCoinToDealer` and `GeneralRepay` contracts allows theft of users' approved tokens.

medium

Unable to liquidate USDC blacklisted user's loan due to transferring leftover collateral back in USDC

Teller

185.22 USDC • 2 total findings • Sherlock • Inspex

#30

high

The commitCollateral() functions can be publicly called causing a permanent lock on user funds and draining approved funds.

high

Lack of Access Control in the `setCollateralEscrowBeacon()` Function

Frankencoin

22.6 USDC • Code4rena • Inspex

#66

Rubicon v2

82.56 USDC • 2 total findings • Code4rena • Inspex

#60

high

RubiconMarket batchOffer and batchRequote make offers as self; complete loss of funds for some types of tokens, for example WETH

high

An attacker can steal all tokens of users that use `FeeWrapper`

Mar '23

Gitcoin

242.65 USDC • Sherlock • Inspex

#15

Kairos Loan

1,776.21 USDC • 1 total finding • Sherlock • Inspex

medium

Denial-of-Service in the liquidation flow results in the collateral NTF will be stuck in the contract.

Telcoin Update

179.12 USDC • 1 total finding • Sherlock • Inspex

medium

`addBlackList()` function can be frontrunned to avoid the remove tokens on them

Y2K

391.28 USDC • 3 total findings • Sherlock • Inspex

#33

high

The deposit fee can be bypassed by using `mintDepositInQueue()` function.

high

User's profit of the previous epoch will be lost during the rollover process

medium

The function that has `epochHasNotStarted` modifier can be called even if epoch is at the start state.

Neo Tokyo contest

48.97 USDC • Code4rena • Inspex

#20