https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/bfa09f7f-76e6-46e6-b106-7da0a774be15.jpg

Norah

Security Researcher

Web3 Security Researcher || Smart Contract Auditor || Active on C4, Sherlock.

Contact Me

High

8

Total

Medium

14

Total

$4.27K

Total Earnings

#793 All Time

16x

Payouts

regular

7x

Top 25

regular

13x

Top 50

All

Sherlock

Code4rena

Cantina

Immunefi

Jul '24

Velocimeter

Velocimeter

38.23 USDC • 1 total finding • Sherlock • Norah

#50

high

Denial of Service Vulnerability in VotingEscrow Contract Due to Excessive Gas Consumption

May '24

YOLO Games

YOLO Games

346.98 USDC • 2 total findings • Cantina • norah

#13

medium

Finding not yet public.

medium

Finding not yet public.

Predy

Predy

0.17 USDC • 1 total finding • Code4rena • Norah

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '24

Audit Comp | Alchemix

Audit Comp | Alchemix

1,534 USDC • 5 total findings • Immunefi • Norah

#20

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Mar '24

Revert Lend

Revert Lend

205.34 USDC • 2 total findings • Code4rena • Norah

#39

medium

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

medium

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

Feb '24

Audit Comp | ZeroLend

Audit Comp | ZeroLend

853 USDC • 1 total finding • Immunefi • Norah

#18

medium

Finding not yet public.

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

716 USDC • 1 total finding • Immunefi • Norah

#18

medium

Finding not yet public.

Oct '23

NextGen

NextGen

0 USDC • 2 total findings • Code4rena • Norah

#115

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

Sep '23

Venus Prime

Venus Prime

202.85 USDC • 1 total finding • Code4rena • Norah

#19

high

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Aug '23

Dopex

Dopex

0.01 USDC • 1 total finding • Code4rena • Norah

#129

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Jun '23

Unitas Protocol

Unitas Protocol

81.25 USDC • 1 total finding • Sherlock • Norah

#18

medium

No check for stale price may lead to unexpected swap output

May '23

Iron Bank

Iron Bank

0.00 USDC • 1 total finding • Sherlock • Norah

#25

medium

getPrice() of PriceOracle.sol may return stale price

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

51.68 USDC • 1 total finding • Code4rena • Norah

#43

medium

Exchange Rate can be manipulated

Apr '23

Frankencoin

Frankencoin

153.27 USDC • 1 total finding • Code4rena • Norah

#37

medium

Owner of Denied Position is not able to withdraw collateral until expiry.

Caviar Private Pools

Caviar Private Pools

26.76 USDC • 1 total finding • Code4rena • Norah

#62

high

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

Feb '23

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • Norah

#33