Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/d7fc848f-5c4d-4926-a816-f59da118f8cf.png

KungFuPanda

Gedankenexperimente!

Terra incognita.

Contact Me

High

21

Total

Medium

8

Total

$1.19K

Total Earnings

#1185 All Time

22x

Payouts

regular

1x

Top 10

regular

6x

Top 25

regular

12x

Top 50

All

Sherlock

Code4rena

Cantina

Mar '25

Crestal Network

Crestal Network

0.01 USDC • 1 total finding • Sherlock • KungFuPanda

#12

high

The `paywitherc20` function is publicly exposed, allowing direct token theft

Jan '25

Aave v3.3

Aave v3.3

50.48 USDC • Sherlock • KungFuPanda

#93

Dec '24

Tally ARB Staker

Tally ARB Staker

14.42 USDC • Sherlock • KungFuPanda

#35

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

24.97 OP • 3 total findings • Sherlock • KungFuPanda

#25

high

Malicious user can grief legitimate users by permanently locking their pre-approved ERC20 funds in the StopLimit contract

high

Griefing other users' ERC20 approvals and permits through unsanitized external call in OracleLess:fillOrder

high

Malicious users can create orders, charging other users, to be exeucted at unfavorable prices

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

41.03 OP • 3 total findings • Sherlock • KungFuPanda

#34

high

Almost infinitely doubling the aBondBalance by calling `ABondToken.transferFrom`, where `from` is the attacker's 1st account

high

`CDS::updateDownsideProtected` lacks access control, and hence allows for DoS'ing `_updateCurrentTotalCdsDepositedAmount` and therefore `deposit`

high

Contrary to the intended schedule, the users can renew options as often as they wish

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

1.77 USDC • Sherlock • KungFuPanda

#67

Debita Finance V3

Debita Finance V3

7.88 USDC • 1 total finding • Sherlock • KungFuPanda

#54

high

The "buyer" newer gets the `receiptID` ERC721 token from the "seller" in exchange for `token`, because the receipt ERC721 token remains stuck in the `BuyOrder` contract with no way to rescue / transfer it

Oct '24

stakeup-bloomv2

stakeup-bloomv2

9.91 USDC • 1 total finding • Cantina • persimmon

#91

high

Finding not yet public.

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

9.11 USDC • 1 total finding • Sherlock • KungFuPanda

#23

medium

ManagedBudget doesn't comply with fee-on-transfer tokens

Flayer

Flayer

46.21 USDC • 1 total finding • Sherlock • KungFuPanda

#61

high

In ProtectedListings, listing.checkpoint is greater by 1 than it should be in case the _collection has already been checkpointed at least once during the same block.timestamp, leading to incorect health factor and unlockPrice calculations

Aug '24

Chakra

Chakra

0.03 USDT • 1 total finding • Code4rena • JanuaryPersimmon2024

#66

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

88.38 USDC • Sherlock • KungFuPanda

#15

Phi

Phi

9.34 USDC • 2 total findings • Code4rena • JanuaryPersimmon2024

#47

high

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

high

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

Winnables Raffles

Winnables Raffles

3.82 USDC • 1 total finding • Sherlock • KungFuPanda

#34

high

Permanently blocking fair winners from claiming their prizes and getting propagated; and fair users -- from cancelling their raffles -- by maliciously constructing a fake prizeManager contract

Jul '24

TraitForge

TraitForge

0.01 USDC • 1 total finding • Code4rena • JanuaryPersimmon2024

#88

high

The maximum number of generations is infinite

LoopFi

LoopFi

2.09 USDC • 1 total finding • Code4rena • JanuaryPersimmon2024

#54

medium

WhenNotPaused modifier in the CDPVault can be bypassed by users

Munchables

Munchables

29.25 USDC • 1 total finding • Code4rena • JanuaryPersimmon2024

#43

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Union Finance Update #2

Union Finance Update #2

511.73 USDC • 2 total findings • Sherlock • KungFuPanda

#6

high

The _totalStaked tracker calculation is incorrect and will be inflated due to the improper logic in the writeOffDebt function of the UserManager contract, leading to wrong Comptroller gInflationIndex being calculated and wrong user rewards being issued

medium

Users can get vouched for (entrusted) maliciously by utilizing the ERC1155Voucher's onERC1155BatchReceived function which lacks proper access control checks

Velocimeter

Velocimeter

216.41 USDC • 2 total findings • Sherlock • KungFuPanda

#36

high

Permanent freezing of user's funds as a consequence of _checkpoint_total_supply using > instead of >= in the RewardsDistributorV2

high

Exceeding the MAX_DELEGATES limit maliciously will cause operational disruptions in the VotingEscrow

May '24

Olas

Olas

51.57 USDC • 1 total finding • Code4rena • JanuaryPersimmon2024

#14

medium

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

Apr '24

NOYA

NOYA

69.32 USDC + NOYA stars • 5 total findings • Code4rena • JanuaryPersimmon2024

#53

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

PendleConnector.sol::supply doesn't pass a valid slippance protection min

medium

The modifier `onlyExistingRoute` works incorrectly

medium

Incorrect modifier condition

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Jan '24

Decent

Decent

0.06 USDC • 1 total finding • Code4rena • JanuaryPersimmon2024

#57

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.