Josh4324

Security Researcher

Contact Me

High

Total

Medium

Total

$2.82K

Total Earnings

#1066 All Time

19x

Payouts

1x

3rd Places

4x

Top 10

9x

Top 25

All

Sherlock

Code4rena

Cantina

Immunefi

Oct '25

Reflector V3

0 USDC • 2 total findings • Code4rena • Josh4324

#16

high

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

medium

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Audit Comp | Belong

924 USDC • 5 total findings • Immunefi • Josh4324

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

Audit Comp | Alchemix V3

87 USDC • 7 total findings • Immunefi • Josh4324

#70

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

Sep '25

Super DCA Liquidity Network

29.43 OP • 2 total findings • Sherlock • Josh4324

#38

high

Reward Index Reset Vulnerability in stake / unstake

high

Users can claim cashback for Old Trades predating the CashbackClaim startTIme in SuperDCACashback

Aug '25

Yield Basis

44.80 USDC • 1 total finding • Sherlock • Josh4324

#11

medium

Missing claimed Update in Claim Function in InflationaryVest.vy

May '25

primev-validator-registry

0.18 USDC • 1 total finding • Cantina • Josh4324

high

Finding not yet public.

Audit Comp | Flare | FAssets

867 • 1 total finding • Immunefi • Josh4324

#28

medium

Finding not yet public.

alchemix-v3

21.22 USDC • 3 total findings • Cantina • Josh4324

#91

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Mar '25

badger-ebtc-bsm

14.85 USDC • 1 total finding • Cantina • Josh4324

#31

high

Finding not yet public.

colorpool-chromia

463.22 USDC • 3 total findings • Cantina • Josh4324

#13

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

size-solidity

171.52 USDC • 1 total finding • Cantina • Josh4324

medium

Finding not yet public.

Yieldoor

48.11 USDC • 1 total finding • Sherlock • Josh4324

#16

high

Uninitialized feeRecipient in Leverager.sol

Rova

0.04 USDC • 1 total finding • Sherlock • Josh4324

medium

Incorrect Handling of Token Amount Updates in updateParticipation

Jan '25

Liquid Ron

0.02 USDC • 2 total findings • Code4rena • Josh4324

#11

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

daao-contracts

39.23 USDC • 3 total findings • Cantina • Josh4324

#69

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Oct '24

stakeup-bloomv2

100.49 USDC • 2 total findings • Cantina • Josh4324

#53

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

3.32 USDC • 2 total findings • Cantina • Josh4324

#70

high

Finding not yet public.

medium

Finding not yet public.

Apr '24

DYAD

3.82 USDC • 1 total finding • Code4rena • Josh4324

#109

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Feb '24

AI Arena

0.1 USDC • 2 total findings • Code4rena • Josh4324

#183

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`