https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/741fe184-2993-4a7f-8710-bc974a611e57.jpg

Mlome

Security Researcher

Smart contract security auditor | Opportunist hacker

Contact Me

High

Total

Medium

Total

$213.00

Total Earnings

#1647 All Time

4x

Payouts

2x

Top 25

2x

Top 50

All

Sherlock

CodeHawks

Dec '23

The Standard

0.10 USDC • 1 total finding • CodeHawks • Mlome

#100

high

Rewards can be drained because of lack of access control

Aug '23

Cooler Update

26.24 USDC • 2 total findings • Sherlock • Mlome

#16

high

Lender can block repayment by reverting on `onRepay()` callback

medium

Lender can increase loan interest at any time because of lack of access control

Jul '23

Beedle - Oracle free perpetual lending

187.11 USDC • 13 total findings • CodeHawks • Mlome

#20

high

Lender contract can be drained by re-entrancy in `repay`

high

Lender contract can be drained by re-entrancy in `setPool`

high

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Using forged/fake lending pools to steal any loan opening for auction

high

Stealing any loan opening for auction through others' lending pool

high

Token spending by Uniswap router doesn't get approved

high

Lender can Sandwich a borrower to seize his collateral

medium

Lender contract can be drained by re-entrancy in `seizeLoan`

medium

Lender contract can be drained by re-entrancy in `refinance` (collateral)

low

Emitting incorrect event parameters

gas

Uncheck Arithmetic where overflow/underflow impossible

Foundry DeFi Stablecoin CodeHawks Audit Contest

0.00 USDC • 1 total finding • CodeHawks • Mlome

#164

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops