https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/e8fbe42a-a13a-4e16-a241-37f712567ea6.jpg

MiloTruck

Security Researcher

I find bugs.

Contact Me

High

3

Solo

25

Total

Medium

3

Solo

75

Total

$270.61K

Total Earnings

#32 All Time

57x

Payouts

gold

7x

1st Places

silver

2x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Hats Finance

Jan '25

reserve-index-dtf

reserve-index-dtf

53.43 USDC • 1 total finding • Cantina • milotruck

#8

medium

Finding not yet public.

Jul '24

MakerDAO Endgame

MakerDAO Endgame

8,142.94 USDC • Sherlock • MiloTruck

#10

Biconomy: Nexus

Biconomy: Nexus

14,769.04 USDC • 7 total findings • CodeHawks • MiloTruck

gold

high

User may lose funds when creating Nexus account or executing user operations

high

Registry is never called when setting up modules using the `Bootstrap` contract

high

Installing validators with enable mode in `validateUserOp()` doesn't check `moduleType`

high

Missing nonce in `_getEnableModeDataHash()` allows signature replay

medium

Protocol not fully compliant with `EIP-7579`

low

`Nexus.validateUserOp()` violates the EIP-4337 specification

low

Missing `_isInitialized(msg.sender)` check in `K1Validator.transferOwnership()`

May '24

YOLO Games

YOLO Games

13,904.1 USDC • 12 total findings • Cantina • milotruck

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

7,207.73 USDC • 7 total findings • Sherlock • MiloTruck

bronze

high

`DrawManager.finishDraw()` might allocate more rewards than the reserve amount to draws

medium

Use of `.transfer()` in `Requestor.withdraw()` will not work on zkSync

medium

Draws can be retried even if a random number is available or the current draw has finished

medium

`drawTimeoutAt()` causes the prize pool to shutdown one draw earlier

medium

`try/catch` in `Claimer._claim()` allows users to steal gas from claimer bots

medium

Price formula in `TpdaLiquidationPair._computePrice()` does not account for a jump in liquidatable balance

medium

`TpdaLiquidationPair.swapExactAmountOut()` can be DOSed by a vault's mint limit

Mar '24

Optimism Fault Proofs

Optimism Fault Proofs

31,275.21 USDC • 1 total finding • Sherlock • MiloTruck

bronze

medium

L1 re-orgs could cause `FaultDisputeGame.move()` to be executed on the wrong parent claim

Nov '23

morpho-blue

morpho-blue

16,838.17 USDC • 3 total findings • Cantina • milotruck

silver

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Oct '23

The Wildcat Protocol

The Wildcat Protocol

10,093.23 USDC • 10 total findings • Code4rena • MiloTruck

silver

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

`codehash` check in factory contracts does not account for non-empty addresses

high

Borrower can drain all funds of a sanctioned lender

medium

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

medium

`setAnnualInterestBips()` can be abused to keep a market's reserve ratio at 90%

medium

Removing markets from `WildcatArchController` gives lenders immunity from sanctions

medium

`create2WithStoredInitCode()` does not revert if contract deployment failed

medium

`collectFees()` updates delinquency wrongly as `_writeState()` is called before assets are transferred

medium

Calculation for lender withdrawals in `_applyWithdrawalBatchPayment()` should not round up

medium

Protocol markets are incompatible with rebasing tokens

ENS

ENS

55.85 USDC • Code4rena • MiloTruck

#16

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

48,797.95 USDC • Code4rena • MiloTruck

gold
StakeWise

StakeWise

11,700 USDC • 4 total findings • Hats • MiloTruck

gold

high

Users can `migrate()` before the first harvest to gain more shares

high

Attacker can leverage flashloans to steal rewards from vaults

medium

EIP-712 typehash is incorrect in `KeeperRewards.sol` and `KeeperValidators.sol`

medium

`enterExitQueue()` might be uncallable if the vault experiences a huge loss

Arbitrum Security Council Election System

Arbitrum Security Council Election System

15,482.7 USDC • 4 total findings • Code4rena • MiloTruck

gold

high

Signatures can be replayed in `castVoteWithReasonAndParamsBySig()` to use up more votes than a user intended

medium

Incorrect initialization of `SecurityCouncilMemberRemovalGovernor` contract

medium

SecurityCouncilNomineeElectionGovernor might have to wait for more than 6 months to create election again

medium

`SecurityCouncilMemberElectionGovernor` Owner Can Change `votingPeriod` During an Active Election

Jul '23

Lens Protocol V2

Lens Protocol V2

29,747.31 USDC • 8 total findings • Code4rena • MiloTruck

gold

medium

Token guardian protection doesn't account for approved operators in `approve()`

medium

EIP-712 typehash is incorrect for several functions in `MetaTxLib`

medium

Inconsistent encoding of arrays in `MetaTxLib`

medium

Whitelisted profile creators could accidentally break migration for V1 profiles

medium

Users can unfollow through `FollowNFT` contract when LensHub is paused by governance

medium

Users cannot unfollow if they do not own the FollowNFT of the `followTokenId` used for their profile

medium

`tryMigrate()` doesn't ensure that `followerProfileId` isn't already following

medium

Identifying publications using its ID makes the protocol vulnerable to blockchain re-orgs

Jun '23

LUKSO

LUKSO

44,459.52 USDC • 6 total findings • Code4rena • MiloTruck

gold

medium

`LSP8CompatibleERC721`'s `approve()` deviates from ERC-721 specification

medium

`LSP8Burnable` extension incorrectly inherits `LSP8IdentifiableDigitalAssetCore`

medium

LSP8 and LSP9's ERC-165 interface ID differs from their specification

medium

Two-step ownership transfer process in `LSP0ERC725AccountCore` can be bypassed

medium

The owner of a `LSP0ERC725Account` can become the owner again after renouncing ownership

medium

Permission escalation by adding the same permission twice

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

6,300.97 USDC • Code4rena • MiloTruck

#8

Footium

Footium

120.88 USDC • 2 total findings • Sherlock • MiloTruck

#19

high

A previous club owner can abuse approvals to steal assets from the club's escrow

medium

Users might lose funds as `claimERC20Prize()` doesn't revert for no-revert-on-transfer tokens

Apr '23

EigenLayer Contest

EigenLayer Contest

1,978.72 USDC • 2 total findings • Code4rena • MiloTruck

#9

high

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

medium

A malicious strategy can permanently DoS all currently pending withdrawals that contain it

Teller

Teller

193.70 USDC • 6 total findings • Sherlock • MiloTruck

#27

high

Anyone can commit collateral on behalf of borrowers for pending bids

medium

Anyone can claim defaulted loan's collateral on behalf of lender

medium

Lenders can steal collateral from liquidators if no-revert-on-failure tokens are used

medium

Protocol does not support fee-on-transfer tokens

medium

Market owners can manipulate marketplace fee to steal principal from borrowers

medium

Changing `lenderManager` to a new address will break `getLoanLender()`

Frankencoin

Frankencoin

832.81 USDC • 2 total findings • Code4rena • MiloTruck

#13

medium

Manipulation of total share amount might cause future depositors to lose their assets

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Caviar Private Pools

Caviar Private Pools

9.33 USDC • 1 total finding • Code4rena • MiloTruck

#70

medium

Royalty recipients will not get fair share of royalties

Mar '23

Asymmetry contest

Asymmetry contest

224.11 USDC • 7 total findings • Code4rena • MiloTruck

#28

high

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

high

An attacker can manipulate the preDepositvePrice to steal from other users.

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

high

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

high

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

medium

DoS due to external call failure

medium

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Polynomial Protocol contest

Polynomial Protocol contest

759.68 USDC • Code4rena • MiloTruck

#14

Wenwin contest

Wenwin contest

397.6 USDC • 1 total finding • Code4rena • MiloTruck

#14

medium

Unsafe casting from `uint256` to `uint16` could cause ticket prizes to become much smaller than intended

Feb '23

Ethos Reserve contest

Ethos Reserve contest

142.85 USDC • 1 total finding • Code4rena • MiloTruck

#31

medium

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

Oct '22

Inverse Finance contest

Inverse Finance contest

156.27 USDC • 1 total finding • Code4rena • MiloTruck

#35

medium

Calling `repay` function sends less DOLA to `Market` contract when `forceReplenish` function is not called while it could be called

Trader Joe v2 contest

Trader Joe v2 contest

614.74 USDC • 1 total finding • Code4rena • MiloTruck

#14

medium

beforeTokenTransfer called with wrong parameters in LBToken._burn

Blur Exchange contest

Blur Exchange contest

114.82 USDC • 1 total finding • Code4rena • MiloTruck

#20

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Sep '22

VTVL contest

VTVL contest

116.68 USDC • 1 total finding • Code4rena • MiloTruck

#38

medium

Variable balance token causing fund lock and loss

Art Gobblers contest

Art Gobblers contest

68.66 USDC • Code4rena • MiloTruck

#20

Y2k Finance contest

Y2k Finance contest

52.83 USDC • Code4rena • MiloTruck

#49

PartyDAO contest

PartyDAO contest

140.16 USDC • Code4rena • MiloTruck

#29

Nouns Builder contest

Nouns Builder contest

660.32 USDC • 3 total findings • Code4rena • MiloTruck

#30

medium

Founders can receive less tokens that expected

medium

`Token:mint`: infinite loop if the founders' shares sum up to 100

medium

Highest bid in first auction can get irretreivably stuck in the protocol

Aug '22

FIAT DAO veFDT contest

FIAT DAO veFDT contest

62.31 USDC • Code4rena • MiloTruck

#38

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

75.52 USDC • Code4rena • MiloTruck

#34

Foundation Drop contest

Foundation Drop contest

66.92 USDC • Code4rena • MiloTruck

#39

Rigor Protocol contest

Rigor Protocol contest

75.08 USDC • 1 total finding • Code4rena • MiloTruck

#50

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

36.49 USDC • Code4rena • MiloTruck

#45

Golom contest

Golom contest

129.83 USDC • Code4rena • MiloTruck

#73

ENS contest

ENS contest

147.9 USDC • Code4rena • MiloTruck

#35

Juicebox V2 contest

Juicebox V2 contest

128.1 USDC • Code4rena • MiloTruck

#46

Jun '22

Putty contest

Putty contest

72.88 USDC • Code4rena • MiloTruck

#59

Nibbl contest

Nibbl contest

52.53 USDC • Code4rena • MiloTruck

#25

Yieldy contest

Yieldy contest

704.54 USDC • 1 total finding • Code4rena • MiloTruck

#17

medium

Incorrect withdrawal requested

Nested Finance contest

Nested Finance contest

130.06 USDC • Code4rena • MiloTruck

#10

Badger-Vested-Aura contest

Badger-Vested-Aura contest

31.91 USDC • Code4rena • MiloTruck

#40

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

87.77 USDC • Code4rena • MiloTruck

#46

Connext Amarok contest

Connext Amarok contest

312.27 USDC • Code4rena • MiloTruck

#27

May '22

Backd Tokenomics contest

Backd Tokenomics contest

451.89 USDC • Code4rena • MiloTruck

#18

veToken Finance contest

veToken Finance contest

311.17 USDT • Code4rena • MiloTruck

#29

Velodrome Finance contest

Velodrome Finance contest

440.73 USDC • 1 total finding • Code4rena • MiloTruck

#21

medium

Bribe.sol is not meant to handle fee-on-transfer tokens

Rubicon contest

Rubicon contest

234.95 USDC • 3 total findings • Code4rena • MiloTruck

#34

high

First depositor can break minting of shares

medium

Strategists can take more rewards than they should using the function strategistBootyClaim().

medium

Missing checks allow strategists to steal all fund via `tailOff`

OpenSea Seaport contest

OpenSea Seaport contest

437.19 USDC • Code4rena • MiloTruck

#47

Aura Finance contest

Aura Finance contest

245.13 USDC • Code4rena • MiloTruck

#29

Cally contest

Cally contest

255.08 USDC • 4 total findings • Code4rena • MiloTruck

#20

medium

Use safeTransferFrom instead of transferFrom for ERC721 transfers

medium

Owner can set the feeRate to be greater than 100% and cause all future calls to `exercise` to revert

medium

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

medium

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Enso Finance contest

Enso Finance contest

416.92 USDT • Code4rena • MiloTruck

#30

Alchemix contest

Alchemix contest

270.5 DAI • Code4rena • MiloTruck

#27

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

15.49 USDC • Code4rena • MiloTruck

#57