https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/436e7f7b-7d72-43a6-bab3-260bb83bda59.JPG

Pelz

Security Researcher

Security Researcher || Team Name on Sherlock : HackTrace

Contact Me

High

11

Total

Medium

9

Total

$2.94K

Total Earnings

#904 All Time

19x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

8x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Apr '25

ZKP2P V2

ZKP2P V2

2,170.80 OP • Sherlock • Pelz

#4

Findings not publicly available for private contests.

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • Pelz

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

1.40 USDC • Sherlock • Pelz

#81

Crestal Network

Crestal Network

0.01 USDC • 1 total finding • Sherlock • Pelz

#12

high

Unauthorized Token Transfers Due to Missing Caller Verification in PayWithErc20 function

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • Pelz

#18

medium

Reward Rate Skew Due to Permissionless Deposits

Feb '25

Yieldoor

Yieldoor

16.24 USDC • 1 total finding • Sherlock • Pelz

#24

medium

Infinite Loop in `_getTokenIn()` Causes Out-of-Gas Revert on Multi-Hop Swaps Blocking leveraged Positions from being opened

THORWallet

THORWallet

346.49 USDC • 1 total finding • Code4rena • Pelz

bronze

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Jan '25

Next Generation

Next Generation

4.74 USDC • 1 total finding • Code4rena • Pelz

#13

high

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Part 2

Part 2

56.20 usdc • 1 total finding • CodeHawks • pelz

#56

medium

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Oct '24

Dria

Dria

13.52 USDC • 1 total finding • CodeHawks • pelz

#50

medium

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Sep '24

Royco Protocol

Royco Protocol

0.16 USDC • 1 total finding • Cantina • Pelz

#75

high

Finding not yet public.

Aug '24

Tadle

Tadle

0.00 USDC • 3 total findings • CodeHawks • pelz

#172

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

TokenManager - Unlimited withdraw

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Jul '24

Zaros Part 1

Zaros Part 1

127.99 USDC • 5 total findings • CodeHawks • pelz

#44

high

Incorrect logic for checking isFillPriceValid

high

`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected

medium

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

low

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

low

UpgradeBranch.sol does not use _disableInitializers()

Biconomy: Nexus

Biconomy: Nexus

178.78 USDC • 1 total finding • CodeHawks • pelz

#14

low

entryPoint() function cannot be overridden

TempleGold

TempleGold

21.05 USDC • 1 total finding • CodeHawks • pelz

#35

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

May '24

Predy

Predy

0.17 USDC • 1 total finding • Code4rena • Pelz

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '24

NOYA

NOYA

5.4 USDC + NOYA stars • 1 total finding • Code4rena • Pelz

#101

medium

`Keepers` does not implement EIP712 correctly on multiple occasions

Feb '24

AI Arena

AI Arena

0.11 USDC • 3 total findings • Code4rena • Pelz

#182

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

MorpheusAI

MorpheusAI

2.82 USDC • 1 total finding • CodeHawks • pelz

#27

low

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol