https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/6ade3464-56f5-465e-aa5d-8a9fdb7eda09.jpg

MSaptarshi

Security Researcher

An Web3 security researcher who knows nothing like John Snow

Contact Me

High

4

Total

Medium

22

Total

$1.73K

Total Earnings

#1072 All Time

17x

Payouts

regular

1x

Top 10

regular

6x

Top 25

regular

10x

Top 50

All

Sherlock

Code4rena

CodeHawks

Dec '24

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • MSaptarshi

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Lambo.win

Lambo.win

230.17 USDC • 1 total finding • Code4rena • MSaptarshi

#16

medium

Rebalance will be completely dossed if OKX commision rate goes beyond the fee limits

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

9.11 USDC • 1 total finding • Sherlock • MSaptarshi

#23

medium

ERC20 Token with rebase/FOT feature

Aug '24

Tadle

Tadle

186.63 USDC • 3 total findings • CodeHawks • MSaptarshi007

#32

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

medium

Unnecessary balance checks and precision issues in TokenManager::_transfer

medium

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

Jul '24

TraitForge

TraitForge

0 USDC • 1 total finding • Code4rena • MSaptarshi

#89

medium

Pause and unpause functions are inaccessible

Zaros Part 1

Zaros Part 1

17.17 USDC • 1 total finding • CodeHawks • MSaptarshi007

#80

medium

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

MakerDAO Endgame

MakerDAO Endgame

123.23 USDC • Sherlock • MSaptarshi

#98

Biconomy: Nexus

Biconomy: Nexus

163.04 USDC • 1 total finding • CodeHawks • MSaptarshi007

#15

medium

Factory deployments won't work correctly on the ZKsync chain

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

0.08 USDC • 1 total finding • Sherlock • MSaptarshi

#64

medium

Less Support for Non standard ERC20 tokens such as rebase or FOT

Velocimeter

Velocimeter

109.30 USDC • 3 total findings • Sherlock • MSaptarshi

#43

high

DOS attack by delegating tokens at MAX_DELEGATES = 1024

high

Not enough protection from MEV during zapping of liquidity

medium

First liquidity provider of a stable pair can DOS the pool

May '24

Olas

Olas

51.57 USDC • 1 total finding • Code4rena • MSaptarshi

#14

medium

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

Predy

Predy

3.06 USDC • 2 total findings • Code4rena • MSaptarshi

#38

medium

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Sablier

Sablier

412.97 USDC • 1 total finding • CodeHawks • MSaptarshi007

#15

medium

Use of CREATE method is suspicious of reorg attack

Apr '24

Renzo

Renzo

1.89 USDC • 2 total findings • Code4rena • MSaptarshi

#52

high

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

medium

Lack of slippage and deadline during withdraw and deposit

NOYA

NOYA

347.01 USDC + NOYA stars • 5 total findings • Code4rena • MSaptarshi

#28

medium

CompoundConnector.sol misses unclaimed rewards in getPositionTVL, resulting in undervalued positionTVL/TVL

medium

Lack of function to claim reward in `AaveConnector`

medium

`Keepers` does not implement EIP712 correctly on multiple occasions

medium

Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract

medium

Extra rewards are not updated in curve connector when harvestConvexRewards is called

Mar '24

Revert Lend

Revert Lend

6.61 USDC • 1 total finding • Code4rena • MSaptarshi

#70

medium

V3Oracle susceptible to price manipulation

Jan '24

Salty.IO

Salty.IO

1.63 USDC • 1 total finding • Code4rena • MSaptarshi

#116

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST