John44

Security Researcher

Contact Me

High

Total

Medium

Solo

Total

$3.05K

Total Earnings

#889 All Time

6x

Payouts

1x

2nd Places

3x

Top 10

4x

Top 25

All

Sherlock

Feb '25

Rova

1,178.25 USDC • 1 total finding • Sherlock • John44

medium

Incorrect use of currency for token amount

Dec '24

Oku's New Order Types Contract Contest

2.31 OP • 5 total findings • Sherlock • John44

#43

high

Malicious orders can be created for other users, using up all of their allowances

high

Users can cancel the same order multiple times, draining the contracts

high

Users can modify a cancelled order, withdrawing the same tokens twice

medium

PythOracle only returns stale data

medium

StopLimit and OracleLess can be completely bricked by creating empty orders

Autonomint Colored Dollar V1

1,445.67 OP • 25 total findings • Sherlock • John44

high

Withdraw signatures can be replayed, allowing users to withdraw more funds than they should be able to

high

CDS.updateDownsideProtected can be called by anyone

high

Users may be unable to withdraw from CDS when they have accumulated a profit

high

Treasury can be drained through the `redeemUSDT` function

high

When a CDS withdrawal occurs 10% of option fees are deducted for the protocol instead of 10% of the profits

high

Incorrect option fees accounting

high

Users can artificially inflate the cumulative/interest rate

high

Users can withdraw liquidated collateral

high

Users can escape from liquidations

high

`downsideProtected` is incorrectly implemented

medium

Health ratio is hardcoded causing issues once the LTV is updated

medium

Several functions in CDS and Borrowing can be bricked, due to insufficient validation in `multiSign.executeSetterFunction`

medium

weETH and rsETH yields are calculated incorrectly, causing withdrawals to fail

medium

Users may be unable to witdraw from CDS if all of their deposited assets have been used for liquidations

medium

Gas fee may not be refunded, or it may prevent users from withdrawing from CDS

medium

CDS withdrawals will likely revert due to a lack of tokens

medium

Borrowers can avoid paying interest, due to incorrect interest rate updates

medium

`totalVolumeOfBorrowersAmountinWei` is incorrectly updated when withdrawing from borrowing.sol

medium

Synthethix is not deployed on Mode

medium

`liquidationType2` will always revert due to transfering ETH from the borrowLiquidation contract

medium

A deposit can only be liquidated once it becomes insolvent

medium

Borrowers can choose any volatility in order to pay less fees

medium

`liquidationType2` interacts with Synthethix incorrectly

medium

Transferring margin is implemented incorrectly in `liquidationType2`

medium

Submiting an offchain delayed offer will revert due to incorrect decimal calculations

Nov '24

Ethos Network Financial Contracts

354.14 USDC • 4 total findings • Sherlock • John44

#12

high

Vouchers can pay less fees through `increaseVouch`

high

Users pay higher fees than intended when buying votes

high

`marketFunds` will be wrongly updated when votes are sold

medium

No slippage protection when selling votes

Telcoin Update #2

25.79 USDC • Sherlock • John44

#32

Oct '24

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • John44

medium

Compromised addresses are not restricted in any way