https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/24cf7a65-e89e-4229-8316-a5ad7f88920a.jpg

J4de

Security Researcher

🦉Blockchain independent security researcher - Life-long learning

Contact Me

High

20

Total

Medium

29

Total

$21.29K

Total Earnings

#355 All Time

24x

Payouts

bronze

1x

3rd Places

regular

10x

Top 10

regular

17x

Top 25

All

Sherlock

Code4rena

Jul '24

MakerDAO Endgame

MakerDAO Endgame

2,010.04 USDC • Sherlock • J4de

#43

Oct '23

zkSync Era

zkSync Era

929.9 USDC • Code4rena • J4de

#29

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

4,329.2 USDC • Code4rena • J4de

#12

Eco Protocol

Eco Protocol

549.93 USDC • 1 total finding • Sherlock • J4de

#5

high

The `inflationMultiplier` of L1 bridge may not be the latest when depositing

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

966.69 USDC • 10 total findings • Sherlock • J4de

bronze

high

`USSD.sol#mintRebalancer` has no access control

high

`USSD.sol#UniV3SwapInput` has no slippage protection

high

`StableOracleDAI.sol#ethOracle` is `0` address causing the `getPriceUSD` function unavailable

high

`StableOracleDAI.sol#getPriceUSD` price calculation error

high

`USSDRebalancer.sol#getOwnValuation` return the price of DAI while expected USSD

high

`USSDRebalancer.sol#SellUSSDBuyCollateral` the check of whether collateral is DAI is wrong

medium

`USSDRebalancer.sol#BuyUSSDSellCollateral` has a loss of precision

medium

chainlink `latestRoundData` is not fully checked

medium

`USSDRebalancer.sol#BuyUSSSellCollateral` does not consider that the collateral is DAI, resulting in revert

medium

`USSDRebalancer.sol#SellUSSDBuyCollateral` will not sell any collateral if the `collateralFactor` is too high

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

1,520.34 USDC • 4 total findings • Code4rena • J4de

#10

medium

Exchange Rate can be manipulated

medium

ShortFall contract might transfer incorrect amount of tokens to the highest bidder.

medium

Borrower can cause a DoS by frontrunning a liquidation and repaying as low as 1 wei of the current debt

medium

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

Ajna Protocol

Ajna Protocol

285.37 USDC • 1 total finding • Code4rena • J4de

#31

high

User can avoid bankrupting by calling PositionManager.moveLiquidity where to index is bankrupted index

Footium

Footium

418.62 USDC • 3 total findings • Sherlock • J4de

#7

high

`FootiumEscrow.sol#setApprovalForXXX` could be used to scam NFT traders

high

`FootiumEscrow.sol` contract `withdraw` and `transferXXX` function could be front-run to scam traders

medium

`FootiumPriceDistributor.sol#claimERC20Price` function is not using `safeTransfer`

Apr '23

Blueberry Update

Blueberry Update

96.00 USDC • 2 total findings • Sherlock • J4de

#11

high

All spell's `closePositionFarm` function can be attacked by sandwich attack

medium

`ChainlinkAdapterOracle.sol#getPrice` function does not check `sequencerUptimeFeed`

GMX Update

GMX Update

1,764.76 USDC • 1 total finding • Sherlock • J4de

#11

medium

Previous audits issue #212 is not effectively fixed

JOJO Exchange

JOJO Exchange

483.66 USDC • 1 total finding • Sherlock • J4de

#23

medium

`JUSDBank.sol#withdraw` can be exploited to bypass `maxColBorrowPerAccount`

Splits

Splits

419.00 USDC • 1 total finding • Sherlock • J4de

#5

medium

`SwapperFactory.sol#isSwapper` function cannot verify the validity of swapper

ENS Contest

ENS Contest

59.79 USDC • Code4rena • J4de

#20

Teller

Teller

1,080.00 USDC • 3 total findings • Sherlock • J4de

#10

high

`commitCollateral` can be called any number of times by anyone

high

`LenderCommitmentForwarder.sol#updateCommitment` function can change the lender to someone else

medium

The calculation time methods of `calculateNextDueDate` and `_canLiquidateLoan` are inconsistent

Frankencoin

Frankencoin

1,036.45 USDC • 4 total findings • Code4rena • J4de

#9

high

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

medium

Can't pause or remove a minter

medium

Challengers and bidders can collude together to restrict the minting of position owner

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Caviar Private Pools

Caviar Private Pools

81.97 USDC • 2 total findings • Code4rena • J4de

#47

medium

Incorrect protocol fee is taken when changing NFTs

medium

Royalty recipients will not get fair share of royalties

Rubicon v2

Rubicon v2

454.6 USDC • 6 total findings • Code4rena • J4de

#33

high

Reward accounting is incorrect in BathBuddy contract

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Zero reward rate calculation impedes low-decimals token distributions

medium

Attack on rounding errors to get risk free profit

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

medium

Incorrect reward duration extension in notifyRewardAmount function

Mar '23

Gitcoin

Gitcoin

197.91 USDC • Sherlock • J4de

#23

Asymmetry contest

Asymmetry contest

107.57 USDC • 2 total findings • Code4rena • J4de

#48

high

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

medium

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

82.51 USDC • 2 total findings • Code4rena • J4de

#21

medium

Users can end up buying and paying for a different Tray than the one they were trying to acquire

medium

Bio Protocol - `tokenURI` JSON injection

Telcoin Update

Telcoin Update

179.12 USDC • 1 total finding • Sherlock • J4de

#4

medium

`addBlackList` function can be frontrunned to transfer assets in advance

Y2K

Y2K

180.30 USDC • 2 total findings • Sherlock • J4de

#47

high

The late deposit in `Carousel` contract can be used to avoid deposit fee

high

Deposits that have already been mint in the `rolloverQueue` can still be delisted, resulting in the deposits of other users not being mint

Neo Tokyo contest

Neo Tokyo contest

2,974.43 USDC • 2 total findings • Code4rena • J4de

#4

high

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

high

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Taurus

Taurus

1,080.46 USDC • 1 total finding • Sherlock • J4de

#5

medium

[High] `registerTrustedNode` should be controlled by `Governance` identity instead of `owner`