https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

Jeiwan

Security Researcher

Contact Me

High

6

Solo

74

Total

Medium

6

Solo

103

Total

$182.47K

Total Earnings

#52 All Time

53x

Payouts

gold

2x

1st Places

silver

7x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

May '24

safe-extensions

safe-extensions

87.5 USDC • 1 total finding • Cantina • jeiwan

#26

medium

Finding not yet public.

Oct '23

zkSync Era

zkSync Era

656.33 USDC • Code4rena • Jeiwan

#33

Aug '23

Good Entry

Good Entry

1,175.28 USDC • 2 total findings • Code4rena • Jeiwan

#7

high

Unused funds are not returned and not counted in `GeVault`

medium

User can steal refunded underlying tokens from `initRange` operation inside `RangeManager`

Jul '23

Axelar Network

Axelar Network

9,509.32 USDC • 4 total findings • Code4rena • Jeiwan

bronze

high

ERC777 and similar token implementations allow stealing of funds when transferring tokens

medium

Gas fees are refunded to a wrong address when transferring tokens via `InterchainToken.interchainTransferFrom`

medium

Proposal requiring native coin transfers cannot be executed

medium

`RemoteAddressValidator` can incorrectly convert addresses to lower case

PoolTogether

PoolTogether

1,488.31 USDC • 6 total findings • Code4rena • Jeiwan

#19

high

Increasing reserves breaks PrizePool accounting

high

Resetting delegation will result in user funds being lost forever

high

Delegated amounts can be forcefully removed from anyone in the TwabController

high

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

medium

`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`

medium

Unintended or Malicious Use of Prize Winners' Hooks

Jun '23

Arrakis

Arrakis

1,217.81 USDC • 3 total findings • Sherlock • Jeiwan

#7

high

ETH is never refunded in `ArrakisV2Router.addLiquidityPermit2`

medium

Changing manager fee BPS affects past shares conversion rates, making users lose a portion of rewards or getting extra rewards

medium

Chainlink oracles staleness check can cause regular lengthy denials of service

Mar '23

Optimism Update

Optimism Update

35,356.14 USDC • 2 total findings • Sherlock • Jeiwan

gold

high

Legacy withdrawals can be relayed twice, causing double spending of bridged assets

medium

Gas usage of cross-chain messages is undercounted, causing discrepancy between L1 and L2 and impacting intrinsic gas calculation

zkSync Era System Contracts contest

zkSync Era System Contracts contest

8,774.78 USDC • 1 total finding • Code4rena • Jeiwan

#4

medium

User transactions can call system contracts directly

Neo Tokyo contest

Neo Tokyo contest

184.41 USDC • 1 total finding • Code4rena • Jeiwan

#15

high

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Feb '23

Derby

Derby

7,827.67 USDC • 16 total findings • Sherlock • Jeiwan

silver

high

Cross-chain message authentication can be bypassed, allowing an attacker to disrupt the state of vaults

high

On-chain slippage calculation can be manipulated, causing stealing of rewards in sandwich attacks

high

Gamers and depositors lose rewards in Idle and Beta protocols

high

Rebalancing can stuck due to the inability to increase slippage and relayer fee

high

Incorrect underlying balance calculation disrupts accounting of funds deposited to Compound

medium

Rebalancing can be indefinitely blocked due to ever-increasing `totalWithdrawalRequests`, causing locking of funds in vaults

medium

Gamer rewards are reduced due to fund pulls before accrual of rewards

medium

Gamers will not receive rewards for allocating to Aave and Beta vaults, while the vaults do generate yield

medium

Vaults may become insolvent due to a missing conversion between protocol underlying tokens and vault underlying tokens

medium

Delayed Compound and Beta interest accrual reduces gamer rewards and affects funds distribution to vaults

medium

Deposited funds are locked in inactive vaults

medium

The guardian may not be able to blacklist a protocol

medium

Missing transaction expiration check result in reward tokens selling at a lower price

medium

`XProvider` forces increased relayer fees when transferring tokens cross-chain

medium

An inactive vault can disrupt rebalancing of active vaults

medium

Rebalancing can be blocked when pulling funds from a TrueFi or a Idle vault

Carapace

Carapace

2,718.60 USDC • 3 total findings • Sherlock • Jeiwan

#8

high

Withdrawals locking can be bypassed, potentially disrupting the supply and demand balance

high

`GoldfinchAdapter` fails to detect late payments at or after pool's term has ended

medium

Protection can be bought in late pools, allowing buyers to pay minimal premium and increase the chance of a compensation

Blueberry

Blueberry

2,626.49 USDC • 5 total findings • Sherlock • Jeiwan

#5

high

Earned interest is not accounted in position's risk value, causing increased debt accumulation

high

Earned interest is lost when withdrawing tokens lent to a bank

high

Users may borrow more than the `MaxLTV` value of a strategy

high

Wrong amount of LP tokens is removed from ICHI vaults when closing a position

medium

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

OpenQ

OpenQ

330.66 USDC • 7 total findings • Sherlock • Jeiwan

#21

high

Claiming of rewards can be indefinitely blocked by a malicious ERC20 token

high

Refunded NFT can indefinitely block bounty rewards claiming

high

Griefing attack may cause indefinite DoS on refunding

medium

Disproportional distribution of deposited funds causes some depositors to lose funds

medium

Bounty contract funding can be blocked by an attack filling the limit of token addresses

medium

The NFT deposit limit may be not enough for tiered bounties

medium

Payout schedule cannot be shrunk due to a revert

Jan '23

Ajna

Ajna

13,266.85 USDC • 5 total findings • Sherlock • Jeiwan

silver

high

CryptoPunks NFTs may be stolen via deposit frontrunning

high

Missing bankruptcy detection when removing NFT collateral lets bad debt accumulate

high

Anyone who approved quote tokens to a pool can be forced to take

medium

Incorrect MOMP calculation in neutral price calculation

medium

Anyone can transfer approved LP tokens

Astaria contest

Astaria contest

2,166.13 USDC • 7 total findings • Code4rena • Jeiwan

#12

high

When Public Vault A buys out Public Vault B's lien tokens, it does not increase Public Vault A's liensOpenForEpoch, which would result in the lien tokens not being repaid

high

Buying out corrupts the slope of a vault, reducing rewards of LPs

high

Vault may be drained after a liquidated NFT was claimed by the liquidator

high

Strategist can fail to withdraw asset token from a private vault

high

Improper validations in Clearinghouse. possible to lock collateral NFT in contract.

high

Deadlock in valuts with underlying token with less then 18 decimals

medium

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

Notional Update

Notional Update

1,435.08 USDC • 2 total findings • Sherlock • Jeiwan

silver

high

Wrong `wrappedScaleFactor` calculation disrupts spot price calculation

medium

`MetaStable2TokenAuraVault` doesn't support new Balancer pools

UXD Protocol

UXD Protocol

151.54 USDC • 2 total findings • Sherlock • Jeiwan

#23

medium

Wrong fee calculation when opening a short position on Perpetual Protocol

medium

`Uniswapper` cannot be used in rebalancing due to missed approval

Dec '22

Papr contest

Papr contest

11,616.7 USDC • 3 total findings • Code4rena • Jeiwan

gold

high

Collateral NFT deposited to a wrong address, when transferred directly to `PaprController`

high

Users may be liquidated right after taking maximal debt

medium

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

GoGoPool contest

GoGoPool contest

1,826.17 USDC • 5 total findings • Code4rena • Jeiwan

#16

high

Hijacking of node operators minipool causes loss of staked funds

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount

medium

Rialto may not be able to cancel minipools created by contracts that cannot receive AVAX

medium

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

Caviar contest

Caviar contest

557.24 USDC • 4 total findings • Code4rena • Jeiwan

#17

high

Liquidity providers may lose funds when adding liquidity

high

First depositor can break minting of shares

medium

Rounding error in buyQuote might result in free tokens

medium

Pair price may be manipulated by direct transfers

Rain

Rain

1,217.01 USDC • Sherlock • Jeiwan

silver

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

442.95 USDC • 3 total findings • Code4rena • Jeiwan

#27

high

Not enough margin pulled or burned from user when adding to a position

medium

`executeLimitOrder()` modifies open-interest with a wrong position value

medium

Chainlink price feed is not sufficiently validated and can return stale price

Lyra

Lyra

304.44 USDC • Sherlock • Jeiwan

#7

Findings not publicly available for private contests.

Maverick contest

Maverick contest

5,402.3 USDC • 2 total findings • Code4rena • Jeiwan

#4

medium

`exactInput` allows stealing of funds via a malicious pool contract

medium

A finding that cannot be disclosed at the moment

Nov '22

ParaSpace contest

ParaSpace contest

6,908.91 USDC • 6 total findings • Code4rena • Jeiwan

#4

high

NFTFloorOracle's asset and feeder structures can be corrupted

high

Data corruption in NFTFloorOracle; Denial of Service

medium

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

medium

Users can be locked out of providing Uniswap V3 NFTs as collateral

medium

LooksRare orders using WETH as currency cannot be paid with WETH

medium

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Canto contest

Canto contest

4,285.93 CANTO • 2 total findings • Code4rena • Jeiwan

silver

high

A registered contract won't earn fees if `_recipient` is a fresh address

medium

`PostTxProcessing` can revert user transactions not interacting with Turnstile

Opyn Crab Netting

Opyn Crab Netting

939.99 USDC • 3 total findings • Sherlock • Jeiwan

#5

high

Gas griefing vulnerability in `netAtPrice`, `depositAuction`, and `withdrawAuction`

medium

Missing tokens spending approval from a trader can impair the auction

medium

Contract owner can lock user funds indefinitely

Isomorph

Isomorph

917.43 USDC • 5 total findings • Sherlock • Jeiwan

#10

high

Debt miscalculation applies an increased interest rate to debts in the Synth vault

high

AMM tokens can be stolen from Depositor

medium

Collateral virtual price growth can be slowed down due to rounding in virtual price calculation

medium

Dangerous assumption on the peg of USDC can lead to manipulations

medium

Wrong `CHANGE_COLLATERAL_DELAY` value

Redacted Cartel contest

Redacted Cartel contest

1,601.99 USDC • 4 total findings • Code4rena • Jeiwan

#12

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

broken logic in configureGmxState() of PirexGmx contract because it doesn't properly call safeApprove() for stakedGmx address

medium

Reward tokens mismanagement can cause users losing rewards

medium

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

500.09 USDC • 7 total findings • Code4rena • Jeiwan

#28

high

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

high

Giant pools can be drained due to weak vault authenticity check

high

Old stakers can steal deposits of new stakers in `StakingFundsVault`

medium

Calling `updateNodeRunnerWhitelistStatus` function always reverts

medium

Freezing of funds - Hacker can prevent users withdraws in giant pools

medium

GiantPool should not check ETH amount on withdrawal

medium

Adding non EOA representative

Debt DAO contest

Debt DAO contest

2,743.33 USDC • 5 total findings • Code4rena • Jeiwan

#9

high

Borrower can close a credit without repaying debt

medium

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

medium

Mutual consent cannot be revoked and stays valid forever

medium

Variable balance ERC20 support

medium

Lender can reject closing a position

Chainlink Staking contest

Chainlink Staking contest

6,535.1 USDC • Code4rena • Jeiwan

#7

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

1,192.69 USDC • 3 total findings • Code4rena • Jeiwan

#8

medium

Reward can be over- or undercounted in `extendPledge` and `increasePledgeRewardPerVote`

medium

Owner can transfer all ERC20 reward token out using function recoverERC20

medium

Pledge may be out of reward due to the decay in veCRV balance. targetVotes is never reached.

Inverse Finance contest

Inverse Finance contest

3,554.5 USDC • 3 total findings • Code4rena • Jeiwan

#4

medium

`viewPrice` doesn't always report dampened price

medium

Calling `repay` function sends less DOLA to `Market` contract when `forceReplenish` function is not called while it could be called

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Illuminate

Illuminate

4,855.58 USDC • 7 total findings • Sherlock • Jeiwan

bronze

high

Users can receive less tokens during redeeming due to iPT inflation in the `mint` function

high

Re-entrancy during lending allows an attacker to mint iPT without paying underlying tokens

high

Re-entrancy in Sense redemption allows an attacker to inflate holdings and get more underlying tokens

high

Missing contract code existence check can cause free and unlimited iPT minting

high

iPT redeeming is possible when iPT redemptions are paused

high

User can accidentally burn their iPT tokens during redemption

medium

Wrong return value in the Pendle's `lend` function can cause lose of funds or excessive iPT issuance

Astaria

Astaria

2,773.04 USDC • 9 total findings • Sherlock • Jeiwan

#4

high

Cancelling an auction doesn't repay the entire debt and doesn't unlock collateral

high

A borrower can steal auctioned collateral for current bidder

high

Funds can be lost when repaying liens

high

The implied value of a public vault can be impaired, liquidity providers can lose funds

high

Incorrect maximum potential debt calculation causes denial of service

high

Denial of service in `AstariaRouter.commitToLiens`

high

Liquidity providers can lose funds when a withdraw proxy is not set for an epoch

medium

Liquidity providers can lose funds due to vault share price manipulation

medium

An auction can never be extended due to an underflow

Holograph contest

Holograph contest

874.77 USDC • 6 total findings • Code4rena • Jeiwan

#11

high

If user sets a low `gasPrice` the operator would have to choose between being locked out of the pod or executing the job anyway

medium

Source contract can steal NFTs from users

medium

Wrong slashing calculation rewards for operator that did not do his job

medium

Bond tokens (HLG) can get permanently stuck in operator

medium

`_payoutToken[s]()` is not compatible with tokens with missing return value

medium

`_payoutEth()` calculates `balance` with an offset, always leaving dust `ETH` in the contract

Juicebox contest

Juicebox contest

1,842.44 USDC • 2 total findings • Code4rena • Jeiwan

#7

high

Outstanding reserved tokens are incorrectly counted in total redemption weight

medium

NFT not minted when contributed via a supported payment terminal

Mover

Mover

2,594.88 USDC • 1 total finding • Sherlock • Jeiwan

silver

high

Lack of validation of Synapse bridge calldata allows stealing of funds

Union Finance

Union Finance

1,591.38 USDC • 4 total findings • Sherlock • Jeiwan

#6

medium

Increased reward token inflation due to double counting of `totalFrozen`

medium

`AssetManager.withdraw()` can lock user funds indefinitely

medium

Removed money market adapters can drain `AssetManager` due to approved token spending

medium

Removed adapter can still hold funds, removed token can still be deposited to a market

Trader Joe v2 contest

Trader Joe v2 contest

10,427.14 USDC • 2 total findings • Code4rena • Jeiwan

#5

high

Incorrect output amount calculation for Trader Joe V1 pools

high

Wrong calculation in function `LBRouter._getAmountsIn` make user lose a lot of tokens when swap through JoePair (most of them will gifted to JoePair freely)

Merit Circle

Merit Circle

495.62 USDC • 2 total findings • Sherlock • Jeiwan

#4

high

Depositors will never get the highest bonus after a new point is added to the end of a curve

medium

Misconfigured pool can lead to rewards locked indefinitely

Blur Exchange contest

Blur Exchange contest

114.82 USDC • 1 total finding • Code4rena • Jeiwan

#20

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Sep '22

Knox Finance

Knox Finance

20.77 USDC • 1 total finding • Sherlock • Jeiwan

#12

medium

Oracle data misreporting can disrupt auction and options settlement

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

8,310.1 USDC • 5 total findings • Code4rena • Jeiwan

silver

medium

Undercounted liquidity leads to increased `volumePerLiquidityInBlock` and incorrect adaptive fee

medium

Swapping can be impaired when `activeIncentive` is set

medium

Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots.

medium

A "FrontRunning attack" can be made to the `initialize` function

medium

`safeTransfer` function does not check for existence of ERC20 token contract

Y2k Finance contest

Y2k Finance contest

984.3 USDC • 5 total findings • Code4rena • Jeiwan

#13

high

Incorrect handling of pricefeed.decimals()

high

Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits

high

Risk users are required to payout if the price of the pegged asset goes higher than underlying

high

Vault.sol is not EIP-4626 compliant

medium

Different Oracle issues can return outdated prices

PartyDAO contest

PartyDAO contest

434.64 USDC • 1 total finding • Code4rena • Jeiwan

#16

medium

Calling `transferEth` function can revert if `receiver` input corresponds to a contract that is unable to receive ETH through its `receive` or `fallback` function

Notional

Notional

2,602.90 USDC • 2 total findings • Sherlock • Jeiwan

#7

medium

Flawed decimals check could lock funds in a 2-token Balancer Strategy Vault

medium

Deprecated Balancer Price Oracles could lead to locked funds in the Balancer strategy vaults

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

38.41 USDC • Code4rena • Jeiwan

#9

Canto Dex Oracle contest

Canto Dex Oracle contest

357.08 CANTO • 2 total findings • Code4rena • Jeiwan

#7

medium

Hackers can deploy token with respective name as the stable one to impersonate the stable token

medium

Calculated `token0TVL` may be zero under certain scenarios

Nouns Builder contest

Nouns Builder contest

3,487.42 USDC • 3 total findings • Code4rena • Jeiwan

#5

medium

Tokens without properties can be minted and cannot be rendered

medium

Minting is not possible when a property has no items

medium

Index out of bounds error when properties length is more than attributes length breaks minting

Aug '22

Olympus DAO contest

Olympus DAO contest

1,111.24 USDC • 2 total findings • Code4rena • Jeiwan

#19

medium

Heart::beat() could be called several times in one block if no one called it for a some time

medium

Admin cannot be changed to EOA after deployment

Nouns DAO contest

Nouns DAO contest

35.45 USDC • Code4rena • Jeiwan

#40