https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/436e7f7b-7d72-43a6-bab3-260bb83bda59.JPG

Pelz

Security Researcher

Security Researcher || Team Name on Sherlock : HackTrace

Contact Me

High

Total

Medium

Total

$2.94K

Total Earnings

#904 All Time

19x

Payouts

1x

3rd Places

3x

Top 10

8x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Apr '25

ZKP2P V2

2,170.80 OP • Sherlock • Pelz

Findings not publicly available for private contests.

Mar '25

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • Pelz

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

PinLink: RWA-Tokenized DePIN Marketplace

1.40 USDC • Sherlock • Pelz

#81

Crestal Network

0.01 USDC • 1 total finding • Sherlock • Pelz

#12

high

Unauthorized Token Transfers Due to Missing Caller Verification in PayWithErc20 function

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • Pelz

#18

medium

Reward Rate Skew Due to Permissionless Deposits

Feb '25

Yieldoor

16.24 USDC • 1 total finding • Sherlock • Pelz

#24

medium

Infinite Loop in `_getTokenIn()` Causes Out-of-Gas Revert on Multi-Hop Swaps Blocking leveraged Positions from being opened

THORWallet

346.49 USDC • 1 total finding • Code4rena • Pelz

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Jan '25

Next Generation

4.74 USDC • 1 total finding • Code4rena • Pelz

#13

high

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Part 2

56.20 usdc • 1 total finding • CodeHawks • pelz

#56

medium

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Oct '24

Dria

13.52 USDC • 1 total finding • CodeHawks • pelz

#50

medium

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Sep '24

Royco Protocol

0.16 USDC • 1 total finding • Cantina • Pelz

#75

high

Finding not yet public.

Aug '24

Tadle

0.00 USDC • 3 total findings • CodeHawks • pelz

#172

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

TokenManager - Unlimited withdraw

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Jul '24

Zaros Part 1

127.99 USDC • 5 total findings • CodeHawks • pelz

#44

high

Incorrect logic for checking isFillPriceValid

high

`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected

medium

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

low

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

low

UpgradeBranch.sol does not use _disableInitializers()