https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

Kumpa

Security Researcher

Contact Me

High

4

Total

Medium

18

Total

$8.54K

Total Earnings

#597 All Time

13x

Payouts

regular

4x

Top 25

regular

8x

Top 50

All

Sherlock

Code4rena

Apr '23

Frankencoin

Frankencoin

97.17 USDC • 3 total findings • Code4rena • Kumpa

#46

high

CHALLENGER_REWARD can be used to drain reserves and free mint

medium

Challengers and bidders can collude together to restrict the minting of position owner

medium

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Feb '23

Carapace

Carapace

116.22 USDC • 2 total findings • Sherlock • Kumpa

#27

medium

Frontrun monitoring program to be able to purchase protection for locked pools

medium

After the pool returns from the locked state, ```_getExchangeRate()``` may be broken and stop ```deposit()``` from functioning

Jan '23

Popcorn contest

Popcorn contest

158.69 USDC • 4 total findings • Code4rena • Kumpa

#59

high

Staking rewards can be drained

medium

DOS any Staking contract with Arithmetic Overflow

medium

Accrued perfomance fee calculation takes wrong assumptions for share decimals, leading to loss of shares or hyperinflation

medium

Malicious Users Can Drain The Assets Of Vault. (Due to not being ERC4626 Complaint)

Aug '22

Sentiment

Sentiment

406.55 USDC • 1 total finding • Sherlock • Kumpa

#18

medium

User can deposit unallowed Collateral to his account by using ```AccountManager.exec()```

Foundation Drop contest

Foundation Drop contest

41.21 USDC • Code4rena • Kumpa

#58

Jul '22

Golom contest

Golom contest

35.32 USDC • Code4rena • Kumpa

#85

Fractional v2 contest

Fractional v2 contest

103.43 USDC • 1 total finding • Code4rena • Kumpa

#67

high

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

Jun '22

Illuminate contest

Illuminate contest

1,262.76 USDC • 4 total findings • Code4rena • Kumpa

#13

high

Able to mint any amount of PT

medium

Lend method signature for illuminate does not track the accumulated fee

medium

```withdraw``` eToken before ```withdrawFee``` of eToken could render ```withdrawFee``` of eToken unfunctioning

medium

Centralisation Risk: Admin Can Change Important Variables To Steal Funds

May '22

Backd Tokenomics contest

Backd Tokenomics contest

119.82 USDC • Code4rena • Kumpa

#30

veToken Finance contest

veToken Finance contest

661.92 USDT • 2 total findings • Code4rena • Kumpa

#25

medium

Incorrectly set ```_maxTime``` to be in line with the locking ```maxTime``` of each veToken could render the ```deposit``` of this contract to be unfunctional or even freeze assets inside the contract

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Rubicon contest

Rubicon contest

121.12 USDC • 2 total findings • Code4rena • Kumpa

#50

medium

Strategists can take more rewards than they should using the function strategistBootyClaim().

medium

Missing checks allow strategists to steal all fund via `tailOff`

Aura Finance contest

Aura Finance contest

5,338.63 USDC • 1 total finding • Code4rena • Kumpa

#11

medium

Increase voting power by tokenizing the address that locks the token

Cally contest

Cally contest

80.62 USDC • 2 total findings • Code4rena • Kumpa

#55

medium

Use safeTransferFrom instead of transferFrom for ERC721 transfers

medium

Owner can modify the feeRate on existing vaults and steal the strike value on exercise