https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

Nihavent

Security Researcher

Contact Me

High

11

Total

Medium

14

Total

$3.90K

Total Earnings

#815 All Time

5x

Payouts

regular

1x

Top 10

regular

3x

Top 25

regular

3x

Top 50

All

Sherlock

Code4rena

Aug '24

ZeroLend One

ZeroLend One

2,410.48 USDC • 9 total findings • Sherlock • Nihavent

#4

high

`LiquidationLogic::_calculateDebt()` treats debt shares as assets which results in bad debt, invalid health checks, and loss of protocol liquidation fees

high

`PositionBalanceConfiguration::getSupplyBalance()` adds interest in assets to a shares balance resulting in user unable to withdraw their entire balance

high

Treasury shares are 'burnt' upon but never 'minted' resulting in suppliers not being able to withdraw all of their assets

high

Bad debt is not handled by the protocol, resulting in withdrawal race conditions for suppliers

high

`LiquidationLogic::_repayDebtTokens()` incorrectly assigns burnt debt tokens to `nextDebtShares`, resulting in incorrect interest rate updates

medium

Unclaimable reserve assets will accrue in a pool due to the difference between interest paid on borrows and interest earned on supplies

medium

Supply interest is earned on `accruedToTreasuryShares` resulting in higher than expected treasury fees and under rare circumstances DOSed pool withdrawals

medium

`CuratedVaultSetters::_supplyPool()` does not consider the pool cap of the underlying pool, which may cause `deposit()` to revert or lead to an unintended reordering of `supplyQueue`

medium

Curated Vault allocators cannot `reallocate()` a pool to zero due to attempting to withdraw 0 tokens from the underlying pool

Sentiment V2

Sentiment V2

792.99 USDC • 5 total findings • Sherlock • Nihavent

#15

medium

If the last `pool.totalDepositAssets` are rebalanced in a Base Pool, the next depositor will lose a portion of their deposit

medium

Liquidators may repay a position's debt to pools that are within their risk tolerance, breaking the concept of isolated risk in base pools

medium

Approve function not supported for USDT on some networks, resulting in inability to deploy a SuperPool with USDT as the asset

medium

Unliquidatable tokens can be exploited by positions, at the expense of pool depositors

medium

`maxWithdraw()` and `maxRedeem()` can overestimate maximum the available liquidity, resulting in a lack of ERC4626 complianace

Jul '24

TraitForge

TraitForge

7.19 USDC • 6 total findings • Code4rena • Nihavent

#72

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

`Golden God` Tokens can be minted twice per generation

medium

TraitForgeNft: Generations without a golden god are possible

Jun '24

Size

Size

6.22 USDC • 2 total findings • Code4rena • Nihavent

#57

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Fragmentation fee is not taken if user compensates with newly created position

Apr '24

Zivoe

Zivoe

679.59 USDC • 3 total findings • Sherlock • Nihavent

#20

high

[M-#] ITO participants' vested ZVE rewards are diluted by post-ITO deposits into tranches due to rewards being denominated by the total supply of `zSTT` and `zJTT` at the time when claimAirdrop() is called.

high

[M-#] Griefing attack possible in `ZivoeRewards::depositRewards()` by continuously extending `periodFinish`

medium

[M-#] Current tranche sizes are not considered when calculating tranche target yield in `ZivoeYDL::distributeYield()` resulting in tranche yield being paid based on outdated supply values.