https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/10d4ef0d-c779-47d5-965f-fa9de65e1471.png

KiroBrejka

Security Researcher

X -> xBugSlayer Telegram -> xBugSlayer Trying to make web3 a safe place

Contact Me

High

34

Total

Medium

25

Total

$4.41K

Total Earnings

#812 All Time

21x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

6x

Top 25

All

Sherlock

Code4rena

CodeHawks

Mar '25

Crestal Network

Crestal Network

2.37 USDC • 1 total finding • Sherlock • KiroBrejka

#11

medium

User can override the `deployWorkerAddr` and not submit a deployment proof

Feb '25

Liquidity Management

Liquidity Management

13.08 usdc • 2 total findings • CodeHawks • kirobrejka

#51

low

Incorrect Token Price Validation in KeeperProxy

low

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

Core Contracts

Core Contracts

619.21 usdc • 30 total findings • CodeHawks • kirobrejka

#37

high

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Gauge period cannot be updated

high

`GaugeController::_calculateReward` implementation will cause smaller shares to be allocated to every gauge

high

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

high

Reward manipulation vulnerability in StabilityPool

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Boost Miscalculation Leads to Excess Distribution

high

Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.

high

Treasury Balance Tracking Bypass in FeeCollector

high

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

high

Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses

high

Gauge stakers won't get any reward due to round-down in user weight calculation

high

Gauge reward system can be gamed with repeatedly stake/withdraw

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

LendingPool::getNormalizedIncome() returns stale liquidity index

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

medium

Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address

medium

Portion of revenue to be distributed for gauges remains undistributed

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Jan '25

Plaza Finance

Plaza Finance

24.16 USDC • 4 total findings • Sherlock • KiroBrejka

#61

medium

WSTETH is not supported by the protocol

medium

User can always inflate the `totalSellReserveAmount` variable to block the auction from being ended

medium

USDC blacklist may be a problem in Auction

medium

Precision loss in `Pool::getRedeemAmount` will result in users redeeming less collateral than they should

Aave v3.3

Aave v3.3

657.87 USDC • Sherlock • KiroBrejka

#35

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

4.47 OP • 2 total findings • Sherlock • KiroBrejka

#34

high

User can cancel his order and then call modify order to get even more funds

medium

User can brick the `Bracket` contract by inputing malicious `txData`

Nov '24

Debita Finance V3

Debita Finance V3

1,109.47 USDC • 4 total findings • Sherlock • KiroBrejka

#8

high

NFT buyer will never receive his receipt NFT after `buyOrder::sellNFT` function

high

Nobody can buy the `TaxTokenReceipt` NFT from auction

high

`BuyOrder` is not compliant with `TaxTokenReceipt`

medium

Malicious seller of receipt token is able to control the corresponding veNFT after a sell

Telcoin Update #2

Telcoin Update #2

0.01 USDC • Sherlock • KiroBrejka

#57

Oct '24

Dria

Dria

0.32 USDC • 1 total finding • CodeHawks • kirobrejka

#72

high

Subtraction in `variance()` will revert due to underflow

predict.fun lending market

predict.fun lending market

421.53 USDC • 1 total finding • Sherlock • KiroBrejka

#5

medium

`hashProposal` is not compliant with EIP-712

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

0.02 USDC • Sherlock • KiroBrejka

#39

Phi

Phi

15.83 USDC • 1 total finding • Code4rena • 0xBugSlayer

#42

medium

Incorrect Fee Handling Prevents Protocol from Updating Fees

Jul '24

LoopFi

LoopFi

87.29 USDC • 4 total findings • Code4rena • 0xBugSlayer

#39

high

Availability of deposit invariant can be bypassed

high

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

medium

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

0.08 USDC • 1 total finding • Sherlock • KiroBrejka

#64

medium

Absence of deflationary rebasing tokens protection in `BaseRewarder`

Jun '24

Size

Size

0.05 USDC • 1 total finding • Code4rena • 0xBugSlayer

#62

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

May '24

Olas

Olas

51.57 USDC • 1 total finding • Code4rena • 0xBugSlayer

#14

medium

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

LoopFi

LoopFi

386.08 USDC • 4 total findings • Code4rena • 0xBugSlayer

bronze

high

Availability of deposit invariant can be bypassed

high

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

medium

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Apr '24

NOYA

NOYA

0.02 USDC + NOYA stars • 1 total finding • Code4rena • 0xBugSlayer

#122

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Mar '24

Axis Finance

Axis Finance

998.85 USDC • 3 total findings • Sherlock • KiroBrejka

#13

high

[M-1]

high

[H-2]

high

[H-3]

Revert Lend

Revert Lend

17.32 USDC • 1 total finding • Code4rena • 0xBugSlayer

#67

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Jan '24

Decent

Decent

0.12 USDC • 1 total finding • Code4rena • 0xBugSlayer

#55

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.