Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/24ccb24f-19d0-499a-a237-b6384f934450.png

Ironsidesec

Security Researcher

Ironside security

Contact Me

High

19

Total

Medium

1

Solo

31

Total

$33.52K

Total Earnings

#258 All Time

20x

Payouts

silver

4x

2nd Places

regular

11x

Top 10

regular

18x

Top 25

All

Sherlock

Code4rena

Cantina

Immunefi

Hats Finance

Jan '25

infrared-contracts

infrared-contracts

2,147.97 USDC • 3 total findings • Cantina • IronsideSec

#22

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Aave v3.3

Aave v3.3

4,354.93 USDC • Sherlock • Ironsidesec

#13

farcasterattestation-monorepo

farcasterattestation-monorepo

2,755.5 OP • 5 total findings • Cantina • IronsideSec

#10

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '24

Euro Dollar

Euro Dollar

2,500 USDC • Hats • IronsideSec

silver

Oct '24

Avantis v1.5: Cross-Asset Leverage

Avantis v1.5: Cross-Asset Leverage

4,012.80 OP • Sherlock • Ironsidesec

#7

Findings not publicly available for private contests.

predict.fun lending market

predict.fun lending market

421.53 USDC • 1 total finding • Sherlock • Ironsidesec

#5

medium

hashProposal uses wrong typeshash when hashing the encoded Proposal struct data

Sep '24

Flayer

Flayer

2,471.26 USDC • 11 total findings • Sherlock • Ironsidesec

#7

high

DOS to `withdrawProtectedListing`

high

Users can manipulate the `unlock price` and their `ProtectedListingHealth`

high

Manipulating collection token's total supply to manipulate `utilizationRate`

high

Native ETH royalty can never be claimed by anyone

high

All the royalties can be looted by anyone

high

Donation fees are sandwichable in one transaction

medium

poolFee can never be set

medium

`removeFeeExemption` will always revert due to wrong validation

medium

Fees are burnt instead of deposited to uniswap implementation during unlocks

medium

Refunding unused native tokens to user is wrong

medium

Double fee charged on price modification of a liquid listing

Aug '24

Midas - Instant Minter/Redeemer

Midas - Instant Minter/Redeemer

1,005.46 USDC • 2 total findings • Sherlock • Ironsidesec

#6

medium

Code doesn't implement what the spec from readme says regarding BUIDL redemption threshold

medium

`RedemptionVaultWithBUIDL.redeemInstant` will always revert

Jul '24

Audit Comp | Folks Finance

Audit Comp | Folks Finance

446 USDC • 2 total findings • Immunefi • Ironside_Sec

#25

medium

Finding not yet public.

medium

Finding not yet public.

Audit Comp | Folks Finance

Audit Comp | Folks Finance

688 USDC • 1 total finding • Immunefi • IronsideSec

#21

medium

Finding not yet public.

Velocimeter

Velocimeter

363.39 USDC • 1 total finding • Sherlock • Ironsidesec

#26

medium

Swap will revert if `fee0` or `fee1` is zero

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

159.16 USDC • 2 total findings • Sherlock • Ironsidesec

#11

high

`_redeemPT` uses 0 slippage

high

`_sellStakedUSDe` is prone to slippage and MEV

Mellow Modular LRTs

Mellow Modular LRTs

6,901.63 USDC • 2 total findings • Sherlock • Ironsidesec

silver

medium

Withdrawal fee is charged but not collected, prone to MEV extraction

medium

Wrong way of rounding when `expectedAmounts` calculation on withdrawal processing

Inverter Network

Inverter Network

514.6 UMA • Hats • IronsideSec

#13

May '24

Tokensoft Distributor Contracts Update

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • Ironsidesec

silver

medium

PerAddressContinuousVestingMerkle.claim will always revert

Napier Finance - LST/LRT Integrations

Napier Finance - LST/LRT Integrations

1,734.19 USDC • 5 total findings • Sherlock • Ironsidesec

silver

medium

Depositing `stETH` to puffer finance will revert due to wrong implementation of `PufETHAdapter._stake` call

medium

Missing stake limit validation on `RenzoAdapter._stake`

medium

Less rsETH minted than intended in volatile conditions. due to zero slippage when staking ETH to mint rsETH

medium

Slippage on `MetapoolRouter.addLiquidityOneETHKeepYt`

medium

`swapETHForYt` will revert even if contract has enough ETH to repay flashloan and refund remaining to user

Apr '24

NOYA

NOYA

16.02 USDC + NOYA stars • 4 total findings • Code4rena • ironsidesec

#88

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

First depositor can make subsequent depositor lose all of her or his deposit

medium

Incorrect modifier condition

medium

Lack of Slippage Controls in retrieveTokensForWithdraw Function

Zivoe

Zivoe

1,909.90 USDC • 9 total findings • Sherlock • Ironsidesec

#5

high

Vestable ZVE amounts can be inflated or deflated to any victim despositor

high

`ZivoeRewards` lacks reward rate and balance check on `depositReward()`

high

A revoked vesting recipient can still vote with checkpoints worth `vestingAmount

high

wrong `_totalSupply` accounting causing DOS on `ZivoeRewardsVesting.withdraw` and `ZivoeRewardsVesting.revokeVestingSchedule`

high

`OCY_Convex_C.claimRewards` will revert if extra rewards > 0

medium

ZivoeRewards.sol does Inefficient reward distribution

medium

Interest payments can be skipped for at least one interval.

medium

`pushToLockerMulti` which adds liquidity to pool will fail 90% of the time due to strict allowance check

medium

Yield calculations are accounted by reading the stale ema supply amounts

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

92.90 USDC • Sherlock • Ironsidesec

#16

WOOFi Swap

WOOFi Swap

719.63 USDC • 1 total finding • Sherlock • Ironsidesec

#7

medium

Price of a base token can be inflated by swapping same base tokens, leading to slippage reverts causing DOS to Woo system