https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/5193c30f-0c8d-4ed0-8662-3fc52297058a.jpg

Kalogerone

Security Researcher

Soon to be smart contract auditor (security reviewer). Not taking myself too seriously (yet). https://t.co/4P0tTxheVT

Contact Me

High

9

Total

Medium

26

Total

$27.71K

Total Earnings

#288 All Time

18x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

8x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • Kalogerone

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Storage Proofs

Storage Proofs

510.14 op • 1 total finding • CodeHawks • kalogerone

#4

low

Uninitialized `last_block_number` Variable

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • Kalogerone

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Aave v3.3

Aave v3.3

274.80 USDC • Sherlock • Kalogerone

#58

Ignite

Ignite

15,659.36 usdc • CodeHawks • kalogerone

gold

Dec '24

Alchemix Transmuter

Alchemix Transmuter

786.30 op • 5 total findings • CodeHawks • kalogerone

silver

medium

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

medium

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

medium

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

low

Missing Router Update Mechanism in StrategyMainnet Contract

low

Old router retains token allowance after update

Aug '24

Fjord Token Staking

Fjord Token Staking

0.19 USDC • 1 total finding • CodeHawks • kalogerone

#20

medium

[H-01] Auction tokens will be lost forever when auction ends without bids

Sentiment V2

Sentiment V2

99.72 USDC • 3 total findings • Sherlock • Kalogerone

#34

medium

The `SuperPool` vault is not strictly ERC4626 compliant as it should be

medium

The `SuperPool.sol` contract is supposed to have `Pausable` functions, but none have the modifier

medium

Griefer can DOS the `SuperPool` creation and make it very expensive for other users

Jul '24

TraitForge

TraitForge

233.1 USDC • 9 total findings • Code4rena • Kalogerone

#18

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

The maximum number of generations is infinite

medium

There is no slippage check in the `nuke()` function.

medium

Pause and unpause functions are inaccessible

medium

NFTs mature too slowly under default settings.

medium

`Golden God` Tokens can be minted twice per generation

medium

Each generation should have 1 "Golden God" NFT, but there could be 0

medium

TraitForgeNft: Generations without a golden god are possible

medium

Incorrect check against golden entropy value in the first two batches

Zaros Part 1

Zaros Part 1

24.03 USDC • 1 total finding • CodeHawks • kalogerone

#74

medium

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

Audit Comp | Folks Finance

Audit Comp | Folks Finance

213 USDC • 2 total findings • Immunefi • Kalogerone

#27

medium

Finding not yet public.

medium

Finding not yet public.

MakerDAO Endgame

MakerDAO Endgame

517.73 USDC • Sherlock • Kalogerone

#70

Jun '24

Size

Size

59.09 USDC • 2 total findings • Code4rena • Kalogerone

#47

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

May '24

Midas

Midas

69.66 USDC • 1 total finding • Sherlock • Kalogerone

#5

medium

Corruptible Upgradability Pattern

YOLO Games

YOLO Games

660.93 USDC • 1 total finding • Cantina • kalogerone

#7

high

Finding not yet public.

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

410.94 USDC • 3 total findings • Sherlock • Kalogerone

#10

high

Minting "works" is supposed to refund excess ETH, but it doesn't

medium

Editions::mintBatch function will always revert

medium

CREATE opcode works differently in the zkSync chain

Panoptic

Panoptic

8,126.32 USDC • 1 total finding • Code4rena • Kalogerone

#4

medium

`CREATE2` address collision during pool deployment allows for complete draining of the pool

Feb '24

AI Arena

AI Arena

62.63 USDC • 6 total findings • Code4rena • Kalogerone

#86

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.