https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/e081d787-b94e-42e9-84d4-445be2d1a6e0.jpg

LonWof-Demon

Security Researcher

Contact Me

High

15

Total

Medium

25

Total

$12.91K

Total Earnings

#472 All Time

22x

Payouts

gold

1x

1st Places

bronze

1x

3rd Places

regular

5x

Top 10

All

Sherlock

Code4rena

Cantina

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

3.39 USDC • Sherlock • LonWof-Demon

#69

Symmio, Staking and Vesting

Symmio, Staking and Vesting

39.70 USDC • 2 total findings • Sherlock • LonWof-Demon

#14

medium

improper Use of `initializer` Modifier in Symmetric Vesting Contract.

medium

Reward Dilution Exploit Due to Continuous Incentive Addition in Staking Contract

Feb '25

Usual Labs

Usual Labs

41.88 USDC • Sherlock • LonWof-Demon

#42

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • LonelyWolfDemon

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

243.25 USDC • 1 total finding • Code4rena • LonelyWolfDemon

#13

high

Adversary can win proposals with voting power as low as 4%

infrared-contracts

infrared-contracts

4,560.87 USDC • 2 total findings • Cantina • recur

#16

high

Finding not yet public.

medium

Finding not yet public.

Aave v3.3

Aave v3.3

66.07 USDC • Sherlock • LonWof-Demon

#88

Dec '24

Tally ARB Staker

Tally ARB Staker

213.44 USDC • Sherlock • LonWof-Demon

#14

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

95.28 OP • 5 total findings • Sherlock • LonWof-Demon

#19

high

An attacker could potentially drain the entire pool balance, including all user funds, from the `OracleLess` contract.

high

Missing Validation of recipient in `createOrder` Allows Attacker to back-Run Approvals, Resulting in Slippage Manipulation and Complete Fund Loss

high

Order ID Collision in `Bracket.sol` Contract Leads to Overwriting of Bracket Orders

medium

Improper Stale Price Validation in `PythOracle` Contract Valid Data

medium

Incorrect Take-Profit Logic in `checkInRange` for direction = true

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

100.93 USDC • Sherlock • LonWof-Demon

#28

hyperlend

hyperlend

500 USDC • Cantina • recur

#13

Oct '24

Usual V1

Usual V1

1,013.20 USDC • 1 total finding • Sherlock • LonWof-Demon

bronze

high

Incorrect Fee Calculation in withdraw Leads to Undercharging and Mismanagement of $.totalDeposits

mev-commit

mev-commit

1,087.46 USDC • 5 total findings • Cantina • recur

#13

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

1,696.54 USDC • 6 total findings • Cantina • recur

#7

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

262.91 USDC • Sherlock • recursiveEth

#6

Jul '24

TraitForge

TraitForge

0.04 USDC • 5 total findings • Code4rena • LonelyWolfDemon

#86

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

Pause and unpause functions are inaccessible

medium

`Golden God` Tokens can be minted twice per generation

May '24

Midas

Midas

656.97 USDC • 1 total finding • Sherlock • recursiveEth

#4

high

Vulnerability in Access Control Allows Blacklisted Users to Revoke Blacklist Role

Apr '24

NOYA

NOYA

57.45 USDC + NOYA stars • 5 total findings • Code4rena • recursiveEth

#55

medium

`AccountingManager#totalWithdrawnAmount` should reflect tokens actually transferred to users, instead of expected transfers

medium

Withdrawals in AccountManager are prone to DOS attacks.

medium

First depositor can make subsequent depositor lose all of her or his deposit

medium

`AccountingManager` contract's `previewDeposit`, `previewMint`, `previewWithdraw`, and `previewRedeem` functions are not compliant with EIP-4626 standard

medium

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

TITLES Publishing Protocol

TITLES Publishing Protocol

22.95 USDC • 1 total finding • Sherlock • recursiveEth

#39

medium

Title: Failure to Update Edge Acknowledgment Status in Storage

Zivoe

Zivoe

1,067.81 USDC • 2 total findings • Sherlock • recursiveEth

#11

medium

Title: Inadequate Allowance Handling in OCL locker `OCL_ZVE:pushToLockerMulti`Function

medium

Title: Inadequate Allowance Handling in convertAndForward Function of `OCT_DAO` & `OCT_YDL`.

Feb '24

Jala Swap

Jala Swap

1,163.35 USDC • 2 total findings • Sherlock • recursiveEth

gold

medium

Missing Implementation of Permit Function in Contract

medium

Inconsistent Parameter Passing in Token Swapping Functions

opal-contracts

opal-contracts

19.95 USDC • 1 total finding • Cantina • recur

#38

medium

Finding not yet public.