https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

JMukesh

Security Researcher

Contact Me

High

7

Total

Medium

24

Total

$45.71K

Total Earnings

#212 All Time

38x

Payouts

regular

23x

Top 10

regular

31x

Top 25

regular

36x

Top 50

All

Code4rena

Oct '22

Trader Joe v2 contest

Trader Joe v2 contest

0.33 USDC • 1 total finding • Code4rena • JMukesh

#31

high

Transfering funds to yourself increases your balance

Jun '22

Nibbl contest

Nibbl contest

28.29 USDC • Code4rena • JMukesh

#61

Canto contest

Canto contest

436.19 USDC • 1 total finding • Code4rena • JMukesh

#35

high

Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed

Connext Amarok contest

Connext Amarok contest

163.33 USDC • Code4rena • JMukesh

#47

May '22

Rubicon contest

Rubicon contest

60.41 USDC • 2 total findings • Code4rena • JMukesh

#74

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

medium

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

Enso Finance contest

Enso Finance contest

1,355.15 USDT • Code4rena • JMukesh

#21

Apr '22

JPEG'd contest

JPEG'd contest

259.27 USDC • 1 total finding • Code4rena • JMukesh

#28

medium

Chainlink pricer is using a deprecated API

Mar '22

LI.FI contest

LI.FI contest

1,082.75 USDC • 2 total findings • Code4rena • JMukesh

#20

medium

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

medium

LibSwap: Excess funds from swaps are not returned

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

378.21 USDT • 1 total finding • Code4rena • JMukesh

#27

medium

A `pauser` can brick the contracts

Dec '21

Amun contest

Amun contest

2,862.52 USDC • 2 total findings • Code4rena • JMukesh

#9

medium

ERC20 return values not checked

medium

Unchecked return value from low-level call()

Nov '21

FairSide contest

FairSide contest

81.35 ETH • 1 total finding • Code4rena • JMukesh

#12

medium

Eth may get stuck in contract

Boot Finance contest

Boot Finance contest

707.6 USDC • Code4rena • JMukesh

#13

Oct '21

BadgerDAO ibBTC Wrapper contest

BadgerDAO ibBTC Wrapper contest

1,274.33 ETH • Code4rena • JMukesh

#9

Tally contest

Tally contest

461.32 ETH • 1 total finding • Code4rena • JMukesh

#7

medium

Swap.sol implements potentially dangerous transfer

Ambire contest

Ambire contest

27.68 USDC • Code4rena • JMukesh

#8

Sep '21

Swivel contest

Swivel contest

1,505.93 ETH • 1 total finding • Code4rena • JMukesh

#12

high

Unsafe handling of underlying tokens

Kuiper contest

Kuiper contest

1,043.18 USDC • 2 total findings • Code4rena • JMukesh

#13

medium

Use safeTransfer instead of transfer

medium

`burn` and `mintTo` in `Basket.sol` vulnerable to reentrancy

Sushi Trident contest phase 1

Sushi Trident contest phase 1

998.28 USDC • Code4rena • JMukesh

#12

Sushi Miso contest

Sushi Miso contest

5,314.71 USDC • 1 total finding • Code4rena • JMukesh

#5

medium

use of transfer() instead of call() to send eth

bveCVX by BadgerDAO contest

bveCVX by BadgerDAO contest

2,894.58 tokens) • Code4rena • JMukesh

#5

Aug '21

Notional contest

Notional contest

5,666.24 USDC • 2 total findings • Code4rena • JMukesh

#6

medium

Use of transfer() instead of call() to send eth

medium

Missing validation on latestRoundData

Gravity Bridge contest

Gravity Bridge contest

381.01 USDC • Code4rena • JMukesh

#9

Reality Cards contest

Reality Cards contest

2,217.98 tokens) • 2 total findings • Code4rena • JMukesh

#4

high

Unchecked ERC20 transfers can cause lock up

medium

Uninitialized Variable `marketWhitelist` in `RCTreasury.sol`

Yield micro contest #1

Yield micro contest #1

707.33 USDC • 1 total finding • Code4rena • JMukesh

#7

medium

No ERC20 safe* versions called

Float Capital contest

Float Capital contest

922.45 USDC • Code4rena • JMukesh

#9

Jul '21

PoolTogether micro contest #1

PoolTogether micro contest #1

310.48 USDC • Code4rena • JMukesh

#10

Spartan Protocol contest

Spartan Protocol contest

516.79 USDC • 1 total finding • Code4rena • JMukesh

#12

high

Result of transfer / transferFrom not checked

Wild Credit contest

Wild Credit contest

1,470.21 USDC • 1 total finding • Code4rena • JMukesh

#6

medium

safeTransferFrom in TransferHelper is not safeTransferFrom

Jun '21

Tracer contest

Tracer contest

2,191.84 USDC • 1 total finding • Code4rena • JMukesh

#7

medium

No check transferFrom() return value

PoolTogether contest

PoolTogether contest

1,552.12 USDC • 1 total finding • Code4rena • JMukesh

#6

medium

Return values of ERC20 `transfer` and `transferFrom` are unchecked

Reality Cards contest

Reality Cards contest

395.58 USDC • 2 total findings • Code4rena • JMukesh

#10

high

Unchecked ERC20 transfers can cause lock up

medium

Uninitialized Variable `marketWhitelist` in `RCTreasury.sol`

May '21

FairSide contest

FairSide contest

1,441.12 USDC • 1 total finding • Code4rena • JMukesh

#7

medium

Eth may get stuck in contract

Visor contest

Visor contest

1,086.18 USDC • Code4rena • JMukesh

#7

88mph contest

88mph contest

0 USDC • Code4rena • JMukesh

#5

NFTX contest

NFTX contest

891.75 USDC • 1 total finding • Code4rena • JMukesh

#10

medium

Randomization of NFTs returned in redeem/swap operations can be brute-forced

Apr '21

LarvaLabs Meebits Contest

LarvaLabs Meebits Contest

2,005.35 USDC • 1 total finding • Code4rena • JMukesh

#4

medium

instead of call() , transfer() is used to withdraw the ether

Vader Protocol contest

Vader Protocol contest

2,247.13 USDC • 1 total finding • Code4rena • JMukesh

#9

high

Anyone Can Avoid All Vether Transfer Fees By Adding Their Address to the Vether ExcludedAddresses List.

Maple Finance contest

Maple Finance contest

775.86 USDC • Code4rena • JMukesh

#8