Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/f1b5344c-fc6e-41c6-8006-18c4f7cba513.png

PNS

Security Researcher?

Into the storm

High

13

Total

Medium

21

Total

$7.53K

Total Earnings

#647 All Time

29x

Payouts

gold

3x

1st Places

bronze

1x

3rd Places

regular

6x

Top 10

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

137.06 USDC • Sherlock • PNS

#11

Feb '25

SEDA Protocol

SEDA Protocol

42.20 USDC • 1 total finding • Sherlock • PNS

#20

medium

Requestor will be able to block identical requests from being processed

Jan '25

Peapods

Peapods

173.50 USDC • 1 total finding • Sherlock • PNS

#23

medium

Flash minter will create accounting inconsistencies in internal supply tracking

Plaza Finance

Plaza Finance

495.92 USDC • 1 total finding • Sherlock • PNS

#20

medium

The false assumption that 1USDC equals 1USD may result in losses to the user or the protocol

Dec '24

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.48 OP • 2 total findings • Sherlock • PNS

#60

high

Duplicate orders in the same block will overwrite previous orders and lead to token loss for the recipient

high

Lack of validation in `modifyOrder` allows double refunds, draining protocol funds

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

31.64 OP • 1 total finding • Sherlock • PNS

#37

high

Token holder can repeatedly spend ABOND tokens due to incorrect state updates in transferFrom

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

417.50 USDC • Sherlock • PNS

#13

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • PNS

gold

high

Attacker will front-run and claim tokens intended for a KYC-verified user

Oct '24

Ethos Network Social Contracts

Ethos Network Social Contracts

3,351.23 USDC • 3 total findings • Sherlock • PNS

gold

medium

Corruptible Upgradability Pattern

medium

A compromised address does not lose any ability to perform actions on behalf of the profile

medium

Re-registering an address does not remove it from the compromised list

Gamma Brevis Rewarder

Gamma Brevis Rewarder

445.40 OP • 2 total findings • Sherlock • PNS

gold

high

User may lose some rewards due to incorrect accounting

medium

Invariant not met, not all funds will be used for distribution

AXION

AXION

323.43 USDC • 1 total finding • Sherlock • PNS

#8

high

Incompatibility of required integration with Aerodrome/Velodrome

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

178.10 USDC • Sherlock • PNS

#7

Winnables Raffles

Winnables Raffles

7.19 USDC • 2 total findings • Sherlock • PNS

#28

high

A malicious user can permanently lock the prizes, exposing the protocol to loss

high

Attacker can block admin from creating a raffle, potentially disrupting the protocol

Jul '24

TraitForge

TraitForge

0.01 USDC • 1 total finding • Code4rena • PNS

#88

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

2.35 USDC • 2 total findings • Sherlock • PNS

#59

high

`Voter.vote` Never succeeds if a bribe is set for the period

medium

`MLumStaking.addToPosition` Has Incorrect Access Control Checks

May '24

Midas

Midas

726.63 USDC • 2 total findings • Sherlock • PNS

bronze

high

User Can Self-Revoke Role

medium

Contract Upgrade Pattern may be broken

Elfi

Elfi

271.03 USDC • 4 total findings • Sherlock • PNS

#19

high

Lack of Permissions in `AccountFacet.batchUpdateAccountToken()`

medium

Improper Implementation of ReentrancyGuard

medium

Loss Calculation Bug in Request Execution

medium

Improper Removal of Roles in `RoleAccessControlFacet.revokeAllRole()`

Napier Finance - LST/LRT Integrations

Napier Finance - LST/LRT Integrations

189.78 USDC • 2 total findings • Sherlock • PNS

#12

medium

`PufETHAdapter` use wrong deposit function signature from outdated depositor interface

medium

Incorrect staking limit check in `RsETHAdapter`

Apr '24

Renzo

Renzo

1.48 USDC • 1 total finding • Code4rena • PNS

#54

medium

Lack of slippage and deadline during withdraw and deposit

Feb '24

Rio Network

Rio Network

240.50 USDC • 1 total finding • Sherlock • PNS

#22

medium

Price arbitrage between different assets supporting a single LRT token

Dec '23

Revolution Protocol

Revolution Protocol

1.34 USDC • 1 total finding • Code4rena • PNS

#75

medium

Bidder can use donations to get VerbsToken from auction that already ended.

Nov '23

ZetaChain

ZetaChain

292.32 USDC • Code4rena • PNS

#17

Aug '23

Tangible Caviar

Tangible Caviar

0.75 USDC • Code4rena • PNS

#85

Jul '23

Amphora Protocol

Amphora Protocol

9.43 USDC • Code4rena • PNS

#23

Jun '23

DODO V3

DODO V3

21.14 USDC • 1 total finding • Sherlock • PNS

#31

medium

Missing checks for whether arbitrum, optimism or polygon Sequencer is active

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

4.59 USDC • 3 total findings • Sherlock • PNS

#73

high

Incorrect assumptions and calculations about the price of dai/eth

high

Wrong oracle address WETH/DAI uniswap v3

medium

Lack of checking whether the calculations are based on fresh data from chainlink.

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

56.63 USDC • Code4rena • PNS

#42

Apr '23

Frankencoin

Frankencoin

0.07 USDC • 1 total finding • Code4rena • PNS

#69

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Mar '23

Asymmetry contest

Asymmetry contest

13.13 USDC • Code4rena • PNS

#110