https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/84e406cf-9a97-4419-85d6-3f0c72f0b5b3.jpg

MohammedRizwan

Security Researcher

Smart contract Security Researcher

Contact Me

High

1

Solo

12

Total

Medium

7

Solo

48

Total

$63.48K

Total Earnings

#145 All Time

74x

Payouts

gold

3x

1st Places

silver

5x

2nd Places

bronze

4x

3rd Places

All

Sherlock

Code4rena

Cantina

Immunefi

Hats Finance

Sep '24

Circles

Circles

800.9 USDC • 1 total finding • Hats • 0xRizwan

#7

low

Incorrect `error` revert in `_matchNettedFlows()` function

Flayer

Flayer

298.22 USDC • 1 total finding • Sherlock • MohammedRizwan

#37

high

Loss of royalty payments in `ERC721Bridgable.sol` due to no implementation of receive() function

Accumulated finance

Accumulated finance

12,800 wROSE • 2 total findings • Hats • 0xRizwan

gold

medium

User can reject the `withdrawalId` due to use of `_safeMint()` in `requestWithdrawal()` function

low

Potential reentrancy in `collectWithdrawalFees()` function due to violation of CEI

Aug '24

Cork Protocol

Cork Protocol

28.08 USDC • 1 total finding • Sherlock • MohammedRizwan

#16

high

No slippage or deadline control while swapping in `_redeemCtDsAndSellExcessCt()` leads to loss of funds

Sentiment V2

Sentiment V2

120.53 USDC • 3 total findings • Sherlock • MohammedRizwan

#29

medium

Chainlink oracle will return the wrong price if the aggregator hits minAnswer

medium

Protocol functions is incompatible with USDT due to lack of 0 approval

medium

The Pausable functionalit of `SuperPool.sol` contract is useless as its not used on contracts functions

Jul '24

Union Finance Update #2

Union Finance Update #2

136.53 USDC • 2 total findings • Sherlock • MohammedRizwan

#9

medium

Possible loss of funds, transfer functions can silently fail

medium

`ERC1155Voucher.onERC1155BatchReceived()` does not check the caller is the valid token therefore any unregistered token can invoke `onERC1155BatchReceived()`

illuminex

illuminex

2,500 wROSE • 1 total finding • Hats • 0xRizwan

bronze

medium

`VaultBitcoinWallet` contract can not disable `relayersWhitelist` via `toggleRelayersWhitelistEnabled()` function

Velocimeter

Velocimeter

13.20 USDC • 2 total findings • Sherlock • MohammedRizwan

#51

high

Claimable gauge distributions are locked when `killGaugeTotally()` is called in `Voter.sol`

medium

In `Pair.sol`, First liquidity provider of a stable pair can DOS the pool

Jun '24

Palmera

Palmera

2,400 USDC • 2 total findings • Hats • 0xRizwan

silver

high

Incorrect access control on removeSafe()

low

use deprecated `this` in calculating `domainSeparator()`

Intuition

Intuition

1,000 USDC • 5 total findings • Hats • 0xRizwan

silver

medium

`AtomWallet.execute()` should be `payable`

low

Missing events for functions that change critical parameters in `EthMultiVault.sol`

low

Incorrect misleading comment

low

When redeem shares, maxRedeem of user is not checked

low

Incorrect misleading comment for `redeemAtom()` function

Safe

Safe

249.6 USDC • 1 total finding • Hats • 0xRizwan

bronze

low

low level staticcall return value is not checked

Inverter Network

Inverter Network

3,600 UMA • Hats • 0xRizwan

#7

May '24

Liquity

Liquity

398 LUSD • Hats • 0xRizwan

#4

Kintsu

Kintsu

506.3 USDC • 1 total finding • Hats • 0xRizwan

#5

low

Missing events for deposit and withdraw functions accessed by vault

Apr '24

Audit Comp | Alchemix

Audit Comp | Alchemix

949 USDC • 4 total findings • Immunefi • OxRizwan

#25

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

Teller Finance

Teller Finance

49.68 USDC • 2 total findings • Sherlock • MohammedRizwan

#27

high

`transfer` return value is not checked, use `safeTransfer()` instead

medium

`OwnableUpgradeable` is not initialized in `LenderCommitmentGroup_Smart.sol`

Mar '24

Aleph Zero: Most Relayer

Aleph Zero: Most Relayer

999.7 USDT • 1 total finding • Hats • 0xRizwan

gold

low

Incorrect consideration of Ethereum block time

Goat Trading

Goat Trading

150.17 USDC • 1 total finding • Sherlock • MohammedRizwan

#7

medium

Fee on transfer tokens are not supported by protocol functions

Smart-contracts

Smart-contracts

133.47 USDC • 2 total findings • Cantina • 0xRizwan

#33

high

Finding not yet public.

medium

Finding not yet public.

Most: Aleph Zero Bridge

Most: Aleph Zero Bridge

2,000 USDT • 3 total findings • Hats • 0xRizwan

#5

low

weird behaviour of `restricted` modifier

low

`requestNonce` must be initialize in `initialize()` function

low

Incorrect `event` emission in `accept_ownership()` function

Audit Comp | Immunefi Arbitration

Audit Comp | Immunefi Arbitration

1,269 USDC • 1 total finding • Immunefi • OxRizwan

#7

low

Finding not yet public.

Revert Lend

Revert Lend

49.39 USDC • 1 total finding • Code4rena • MohammedRizwan

#54

medium

V3Oracle susceptible to price manipulation

Feb '24

Fenix Finance

Fenix Finance

399.4 USDC • 2 total findings • Hats • 0xRizwan

#4

medium

`GaugeFactoryUpgradeable.setDistribution()` would revert due to incorrect access control

low

Missing events for functions that change critical parameters

Tokemak

Tokemak

180 USDC • 1 total finding • Hats • 0xRizwan

#13

low

Incorrect condition for `lookback3InDays` in `validate()`

Stealth

Stealth

2,000 USDC • Sherlock • MohammedRizwan

silver

Findings not publicly available for private contests.

opal-contracts

opal-contracts

771.16 USDC • 4 total findings • Cantina • 0xRizwan

#18

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Wise Lending

Wise Lending

252.3 USDC • 1 total finding • Hats • 0xRizwan

#7

medium

Incorrect consideration of `ONE_YEAR` leading to incorrect `APR RESTRICTION_FACTOR` and `PRECISION_FACTOR_YEAR`

Paladin

Paladin

4,200 PAL • Hats • 0xRizwan

#5

Blast Futures Exchange

Blast Futures Exchange

1,500 USDC • Hats • 0xRizwan

gold

Jan '24

Catalyst Exchange

Catalyst Exchange

3,300 USDC • Hats • 0xRizwan

silver
Ion Protocol

Ion Protocol

797.5 USDC • 2 total findings • Hats • 0xRizwan

#6

medium

Unhandled chainlink revert would lock price oracle access in `EthXSpotOracle.sol.getPrice()

low

Permanent pause of `GemJoin` contract will break contracts functionality

Notional Update #5

Notional Update #5

227.98 USDC • 1 total finding • Sherlock • MohammedRizwan

#8

medium

Use safeTransfer() instead of transfer()

SYMM IO

SYMM IO

329.89 USDC • Sherlock • MohammedRizwan

#5

Dec '23

Footium Update

Footium Update

377.09 USDC • Sherlock • MohammedRizwan

#6

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

4.08 USDC • Code4rena • MohammedRizwan

#30

ether.fi

ether.fi

689.1 USDC • Hats • 0xRizwan

bronze

Oct '23

HATs Arbitration Contracts

HATs Arbitration Contracts

498.5 USDC • 1 total finding • Hats • 0xRizwan

#5

medium

In `HATKlerosV2Connector.sol`, call() should be used instead of transfer() in `notifyArbitrator()`

Real Wagmi #2

Real Wagmi #2

88.51 USDC • 1 total finding • Sherlock • MohammedRizwan

#17

high

Using `slot0` for `sqrtPriceX96` in order to calculate amount could lead to price manipulation

Sep '23

Venus Prime

Venus Prime

4.37 USDC • Code4rena • MohammedRizwan

#39

Centrifuge

Centrifuge

12.79 USDC • Code4rena • MohammedRizwan

#34

Ondo Finance

Ondo Finance

16.83 USDC • Code4rena • MohammedRizwan

#30

Aug '23

Dopex

Dopex

73.26 USDC • 2 total findings • Code4rena • MohammedRizwan

#86

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

medium

A malicious early depositor can manipulate the `LP-Token` price per share to take an unfair share of future user deposits

Shell Protocol

Shell Protocol

97.25 USDC • Code4rena • MohammedRizwan

#13

KyberSwap

KyberSwap

12,315.78 USDC • 1 total finding • Sherlock • MohammedRizwan

silver

medium

UUPSUpgradeable vulnerability in OpenZeppelin Contracts

PoolTogether V5: Part Deux

PoolTogether V5: Part Deux

1,702.14 USDC • 3 total findings • Code4rena • MohammedRizwan

#5

medium

Missing `deadline` param in `swapExactAmountOut()` allowing outdated slippage and allow pending transaction to be executed unexpectedly.

medium

create methods are suspicious of the reorg attack

medium

Liquidators can be tricked to operate with LiquidationPairs that were deployed using the LiquidationPairFactory but they configured the LiquidationSource as a fake malicious contract

Tangible Caviar

Tangible Caviar

32.39 USDC • Code4rena • MohammedRizwan

#66

Jul '23

Moonwell

Moonwell

149.29 USDC • 1 total finding • Code4rena • MohammedRizwan

#29

medium

missing check for the max/min price in the `chainlinkOracle.sol` contract

Amphora Protocol

Amphora Protocol

9.43 USDC • Code4rena • MohammedRizwan

#23

Lens Protocol V2

Lens Protocol V2

31.38 USDC • Code4rena • MohammedRizwan

#9

Axelar Network

Axelar Network

43.33 USDC • Code4rena • MohammedRizwan

#24

Beam

Beam

0.00 USDC • Sherlock • MohammedRizwan

#32

PoolTogether

PoolTogether

15.92 USDC • Code4rena • MohammedRizwan

#66

Tapioca DAO

Tapioca DAO

0 USDC • 1 total finding • Code4rena • MohammedRizwan

#92

medium

Missing deadline checks allow pending transactions to be maliciously executed

GFX Labs

GFX Labs

199.37 USDC • 1 total finding • Sherlock • MohammedRizwan

#10

medium

Missing check for active Arbitrum Sequencer

Basin

Basin

169.01 USDC • 1 total finding • Code4rena • MohammedRizwan

#16

medium

boreWell can be frontrun/DoS-d

Nouns DAO

Nouns DAO

114.28 USDC • Code4rena • MohammedRizwan

#15

Jun '23

Lybra Finance

Lybra Finance

155.96 USDC • 1 total finding • Code4rena • MohammedRizwan

#47

high

There is a vulnerability in the executeFlashloan function of the PeUSDMainnet contract. Hackers can use this vulnerability to burn other people's eUSD token balance without permission

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • MohammedRizwan

#30

medium

In Oracle.sol, Chainlink's latestRoundData might return stale or incorrect results(with chainlink reference)

DODO V3

DODO V3

216.01 USDC • 5 total findings • Sherlock • MohammedRizwan

#19

medium

Missing check for active Arbitrum Sequencer

medium

Unhandled chainlink revert would lock price oracle access

medium

approve function can fail for non standard ERC20 tokens like USDT

medium

Use safeTransfer() instead of transfer()

medium

In D3VaultFunding.sol and D3VaultLiquidation.sol contracts, Multiplication after Division can cause larger Precision loss

Stader Labs

Stader Labs

31.8 USDC • 1 total finding • Code4rena • MohammedRizwan

#34

medium

Chainlink's `latestRoundData` may return stale or incorrect result

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

484.58 USDC • 4 total findings • Code4rena • MohammedRizwan

#43

medium

Wrong consideration of blockformation period causes incorrect votingPeriod and votingDelay calculations

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

Lack of slippage protection can lead to significant loss of user funds

medium

Protocol fees can become trapped indefinitely inside Talos vault contracts

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • MohammedRizwan

#23

medium

Chainlink's latestRoundData might return stale or incorrect results

medium

Missing check for active Arbitrum Sequencer

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

301.66 USDC • Code4rena • MohammedRizwan

#38

BASE

BASE

813.4 USDC • Code4rena • MohammedRizwan

bronze
USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 2 total findings • Sherlock • MohammedRizwan

#102

high

Missing deadline checks allow pending transactions to be maliciously executed

medium

Chainlink's latestRoundData might return stale or incorrect results

Index

Index

90.58 USDC • 2 total findings • Sherlock • MohammedRizwan

#21

medium

Missing check for active Arbitrum Sequencer

medium

Using deprecated Chainlink function latestAnswer()

Juicebox Buyback Delegate

Juicebox Buyback Delegate

16.19 USDC • Code4rena • MohammedRizwan

#18

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

66.59 USDC • 1 total finding • Code4rena • MohammedRizwan

#41

high

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

Ajna Protocol

Ajna Protocol

36.24 USDC • Code4rena • MohammedRizwan

#49

Apr '23

ENS Contest

ENS Contest

59.79 USDC • Code4rena • MohammedRizwan

#20

Frankencoin

Frankencoin

43.63 USDC • Code4rena • MohammedRizwan

#60

Rubicon v2

Rubicon v2

24.74 USDC • Code4rena • MohammedRizwan

#94

Mar '23

Wenwin contest

Wenwin contest

21.7 USDC • Code4rena • MohammedRizwan

#26

Feb '23

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • MohammedRizwan

#33