https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/4fcd90fc-d329-4f68-a280-2dd6747ef46a.jpg

PUSH0

Security Researcher

Security reseacher team by @oot2k1 and @thekmj_ Multiple top placements in security competitions

Contact Me

High

5

Total

Medium

4

Solo

19

Total

$63.59K

Total Earnings

#133 All Time

10x

Payouts

gold

4x

1st Places

silver

1x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Oct '24

Covalent - EWM Light Client

Covalent - EWM Light Client

6,682.79 USDC • Sherlock • PUSH0

gold

Findings not publicly available for private contests.

predict.fun lending market

predict.fun lending market

9,828.83 USDC • 2 total findings • Sherlock • PUSH0

gold

medium

Collateral can already be seized even when negRiskMarket is not fully resolved

medium

Lender can deny a repayment by getting themselves on the USDC blacklist

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

16,200.97 USDC • 8 total findings • Sherlock • PUSH0

#6

high

Wrong call order for `setTopPoolIdsWithWeights`, resulting in wrong distribution of rewards

high

Bribe rewards are lost if a pool receives no votes during an epoch

high

Unlocked positions can still vote

medium

Bribes can be denied by filling up a farm with fake bribes until `MAX_BRIBES_PER_POOL` limit

medium

Incorrect access control for `_requireOnlyOperatorOrOwnerOf()`. Anyone can call `MlumStaking.addToPosition()` for other users, with various impacts.

medium

Users can artificially create a voting ballot with 2 weeks `lockDuration`, effectively bypassing the 3-month limit

medium

Down Rebasing Tokens will cause bankrun in MlumStaking and MasterChefV2

medium

New staking positions still gets the full reward amount as with old stakings, diluting rewards for old stakers

May '24

Terrace

Terrace

9,404.87 USDC • Sherlock • PUSH0

gold

Findings not publicly available for private contests.

Apr '24

Arcadia - Aerodrome integrations

Arcadia - Aerodrome integrations

1,446.42 USDC • 1 total finding • Sherlock • PUSH0

silver

medium

Max exposure cap can be bypassed on assets using WrappedAerodromeAM.sol

Feb '24

Perpetual

Perpetual

11,350.47 USDC • 4 total findings • Sherlock • PUSH0

bronze

high

LP can instantly arbitrage and drain any Maker by updating the Pyth price

medium

OracleMaker's price with spread does not take into account the new position

medium

USDT/USDC depeg event will pit both makers at a highly risky position due to arbitrage

medium

No slippage check for deposit/withdraw in either Makers

AI Arena

AI Arena

0.04 USDC • 1 total finding • Code4rena • PUSH0

#185

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

Arcadia

Arcadia

4,084.31 USDC • 2 total findings • Sherlock • PUSH0

#4

medium

`CREATE2` address collision against an Account will allow complete draining of lending pools

medium

L2 sequencer down will push an auction's price down, causing unfair liquidation prices, and potentially guaranteeing bad debt

Covalent

Covalent

4,593.97 USDC • 5 total findings • Sherlock • PUSH0

gold

medium

New staking between reward epochs will dilute rewards for existing stakers. Anyone can then front-run `OperationalStaking.rewardValidators()` to steal rewards

medium

Frontrunning validator freeze to withdraw tokens

medium

No cooldown in `recoverUnstaking()`, opens up several possible attacks by abusing this functionality.

medium

`validatorMaxStake` can be bypassed by using `setValidatorAddress()`

medium

No option to change validator address without also transferring unstakings, leads to lost rewards when a validator has taken more than 300 unstakings (even if through normal usage)

Decent

Decent

0.12 USDC • 1 total finding • Code4rena • PUSH0

#55

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.