https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/3be88bc2-05fc-4c50-923b-3a086f4e6a50.jpg

OrangeSantra

Security Researcher

smart contract dev $ security researcher

Contact Me

High

Total

Medium

Total

$1.66K

Total Earnings

#1088 All Time

4x

Payouts

1x

3rd Places

1x

Top 10

1x

Top 25

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

5.58 USDC • Sherlock • OrangeSantra

#61

Jan '25

Plaza Finance

65.53 USDC • 3 total findings • Sherlock • OrangeSantra

#43

high

In `Pool.sol::getRedeemAmount()` there is nothing for `marketRate` of levETH.

high

Incorrect logic for calculation of shares in `BondToken::getIndexedUserAmount`.

medium

Precision loss in calculation of `redeemRate` in `Pool.sol::getRedeemAmount` function.

Dec '24

Autonomint Colored Dollar V1

21.02 OP • 4 total findings • Sherlock • OrangeSantra

#44

high

User can put any arbitrary `usdaPrice` and `usdtPrice` while calling `CDS.sol::redeemUSDT` function.

high

`CDS.sol::updateDownsideProtected()` can be called by anyone, with anyvalue changeing the state variable `downsideProtected`.

high

A user won't be able to get his redeemed amount by calling `borrowing.sol::redeemYields()`.

medium

when `borrowing.sol::depositTokens` is called, stale `lastCumulativeRate` is being passed to `BorrowLib.deposit()` function.

Lambo.win

1,564.53 USDC • 1 total finding • Code4rena • orangesantra

high

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.