Josh4324

Security Researcher

Contact Me

High

Total

Medium

Total

$1.81K

Total Earnings

#1199 All Time

16x

Payouts

1x

3rd Places

3x

Top 10

7x

Top 25

All

Sherlock

Code4rena

Cantina

Immunefi

Sep '25

Super DCA Liquidity Network

29.43 OP • 2 total findings • Sherlock • Josh4324

#38

high

Reward Index Reset Vulnerability in stake / unstake

high

Users can claim cashback for Old Trades predating the CashbackClaim startTIme in SuperDCACashback

Aug '25

Yield Basis

44.80 USDC • 1 total finding • Sherlock • Josh4324

#11

medium

Missing claimed Update in Claim Function in InflationaryVest.vy

May '25

primev-validator-registry

0.18 USDC • 1 total finding • Cantina • Josh4324

high

Finding not yet public.

Audit Comp | Flare | FAssets

867 • 1 total finding • Immunefi • Josh4324

#28

medium

Finding not yet public.

alchemix-v3

21.22 USDC • 3 total findings • Cantina • Josh4324

#91

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Mar '25

badger-ebtc-bsm

14.85 USDC • 1 total finding • Cantina • Josh4324

#31

high

Finding not yet public.

colorpool-chromia

463.22 USDC • 3 total findings • Cantina • Josh4324

#13

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

size-solidity

171.52 USDC • 1 total finding • Cantina • Josh4324

medium

Finding not yet public.

Yieldoor

48.11 USDC • 1 total finding • Sherlock • Josh4324

#16

high

Uninitialized feeRecipient in Leverager.sol

Rova

0.04 USDC • 1 total finding • Sherlock • Josh4324

medium

Incorrect Handling of Token Amount Updates in updateParticipation

Jan '25

Liquid Ron

0.02 USDC • 2 total findings • Code4rena • Josh4324

#11

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

daao-contracts

39.23 USDC • 3 total findings • Cantina • Josh4324

#69

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Oct '24

stakeup-bloomv2

100.49 USDC • 2 total findings • Cantina • Josh4324

#53

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

3.32 USDC • 2 total findings • Cantina • Josh4324

#70

high

Finding not yet public.

medium

Finding not yet public.

Apr '24

DYAD

3.82 USDC • 1 total finding • Code4rena • Josh4324

#109

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Feb '24

AI Arena

0.1 USDC • 2 total findings • Code4rena • Josh4324

#183

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`