https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

R2

Security Researcher

Contact Me

High

7

Total

Medium

15

Total

$4.21K

Total Earnings

#842 All Time

12x

Payouts

regular

1x

Top 10

regular

6x

Top 25

regular

12x

Top 50

All

Code4rena

Apr '23

Rubicon v2

Rubicon v2

136.71 USDC • 5 total findings • Code4rena • R2

#48

high

Reward accounting is incorrect in BathBuddy contract

high

RubiconMarket checks slippage incorrectly

medium

Incorrect fee handling in Position.sol's Market Buy/Sell functions

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

medium

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Nov '22

ParaSpace contest

ParaSpace contest

266.74 USDC • 1 total finding • Code4rena • R2

#40

medium

Fallback oracle is using spot price in Uniswap liquidity pool, which is very vulnerable to flashloan price manipulation

Redacted Cartel contest

Redacted Cartel contest

1,704.35 USDC • 3 total findings • Code4rena • R2

#11

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

medium

Tokens with fees will break the ``depositGlp()`` logic

LooksRare Aggregator contest

LooksRare Aggregator contest

113.56 USDC • 1 total finding • Code4rena • R2

#21

medium

Public to all funds escape

SIZE contest

SIZE contest

46.82 USDC • 2 total findings • Code4rena • R2

#33

high

Attacker can steal any funds in the contract by state confusion (no preconditions)

medium

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Debt DAO contest

Debt DAO contest

220.35 USDC • 1 total finding • Code4rena • R2

#34

medium

Lender can reject closing a position

Sep '22

Y2k Finance contest

Y2k Finance contest

544.98 USDC • 3 total findings • Code4rena • R2

#21

high

Incorrect handling of pricefeed.decimals()

high

Depeg event can happen at incorrect price

medium

Fee-on-Transfer tokens cause problems in multiple places

PartyDAO contest

PartyDAO contest

89.95 USDC • Code4rena • R2

#50

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

81.81 USDC • Code4rena • R2

#6

Canto Dex Oracle contest

Canto Dex Oracle contest

39.22 CANTO • Code4rena • R2

#12

Nouns Builder contest

Nouns Builder contest

919.25 USDC • 6 total findings • Code4rena • R2

#23

high

Use can get unlimited votes

medium

Founders can receive less tokens that expected

medium

A proposal can pass with 0 votes in favor at early DAO stages

medium

Proposals can be bricked and Auctions stalled by bad settings

medium

Index out of bounds error when properties length is more than attributes length breaks minting

medium

Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low

Aug '22

Nouns DAO contest

Nouns DAO contest

52.1 USDC • Code4rena • R2

#38