Security Researcher
Information Security Engineer, Bug Hunter @ #Hackerone | whitehat @Immunefi | CTF player | currently into web3 security. |
High
Total
Medium
Total
Total Earnings
#408 All Time
Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Cantina
CodeHawks
Mar '25
Feb '25
medium
Jan '25
high
high
high
high
medium
high
Dec '24
Oct '24
Aug '24
Jul '24
May '24
Mar '24
Feb '24
medium
medium
high
Jan '24
Dec '23
Oct '23
high
Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want
high
Borrower has no way to update `maxTotalSupply` of `market` or close market.
high
Borrower can drain all funds of a sanctioned lender
Sep '23
Aug '23
high
The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP
high
The peg stability module can be compromised by forcing lowerDepeg to revert.
high
`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`
Jul '23
medium
Proposals which intend to send native tokens to target addresses can't be executed
medium
missing check for the max/min price in the `chainlinkOracle.sol` contract
medium
accrueInterest is expected to revert when the rate is higher than the maximum allowed rate, which is possible since the utilization can be more than 1
high
Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit
high
TOFT and USDO Modules Can Be Selfdestructed
medium
all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV
May '23
high
Removing a BribeFlywheel from a Gauge does not remove the reward asset from the rewards depo, making it impossible to add a new Flywheel with the same reward token
high
Missing unwrapping of native token in RootBridgeAgent.sweep() causes fees to be stuck
high
Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens
medium
deposit gas through depositGasAnycallConfig should not withdraw the nativeToken
Apr '23
Feb '23