https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/260b6daf-25a0-425c-a1e6-bc31236e6039.JPG

Rhaydden

Security Researcher

Contact Me

High

17

Total

Medium

38

Total

$43.36K

Total Earnings

#201 All Time

44x

Payouts

bronze

2x

3rd Places

regular

15x

Top 10

regular

30x

Top 25

All

Sherlock

Code4rena

Cantina

Feb '25

Initia Cosmos

Initia Cosmos

2,205.44 USDC • 1 total finding • Code4rena • Rhaydden

bronze

medium

IBC channel version negotiation bypass in IBC hooks middleware

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • Rhaydden

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

openvm

openvm

4,523.8 USDC • 1 total finding • Cantina • Rhaydden

#5

high

Finding not yet public.

daao-contracts

daao-contracts

62.51 USDC • 2 total findings • Cantina • Rhaydden

#53

high

Finding not yet public.

high

Finding not yet public.

ton-pool-contracts

ton-pool-contracts

947.45 USDC • 2 total findings • Cantina • Rhaydden

#10

medium

Finding not yet public.

medium

Finding not yet public.

farcasterattestation-monorepo

farcasterattestation-monorepo

588.09 OP • 1 total finding • Cantina • Rhaydden

#22

medium

Finding not yet public.

Initia Move

Initia Move

7,469.25 USDC • 2 total findings • Code4rena • Rhaydden

bronze

medium

The proposal expiration logic is incorrect

medium

Incorrect request type in oracle currency pairs query whitelist breaks price discovery

Dec '24

Soon

Soon

1,623.64 USDC • 1 total finding • Cantina • Rhaydden

#10

medium

Finding not yet public.

story-protocol

story-protocol

854.98 USDC • 1 total finding • Cantina • Rhaydden

#48

medium

Finding not yet public.

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • Rhaydden

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

SecondSwap

SecondSwap

90.02 USDC • 3 total findings • Code4rena • Rhaydden

#30

high

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

medium

Incorrect referral fee calculations

medium

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Lambo.win

Lambo.win

115.74 USDC • 2 total findings • Code4rena • Rhaydden

#23

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

high

Calculation for `directionMask` is incorrect

Nov '24

MANTRA DEX

MANTRA DEX

484.27 USDC • 1 total finding • Code4rena • Rhaydden

#15

medium

Wrong simulation function used in reverse operation path

MANTRA Chain

MANTRA Chain

421.05 USDC • Code4rena • Rhaydden

#10

hyperlend

hyperlend

2,708.38 USDC • 1 total finding • Cantina • Rhaydden

#8

medium

Finding not yet public.

Nibiru

Nibiru

1,449.27 USDC • 1 total finding • Code4rena • Rhaydden

#8

medium

The `bankBalance` function failed to handle errors correctly.

Oct '24

Kleidi

Kleidi

0 USDC • Code4rena • Rhaydden

#12

stakeup-bloomv2

stakeup-bloomv2

418.5 USDC • 2 total findings • Cantina • Rhaydden

#27

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

0.16 USDC • 1 total finding • Cantina • Rhaydden

#75

high

Finding not yet public.

Aug '24

Chakra

Chakra

10.3 USDT • 1 total finding • Code4rena • Rhaydden

#51

high

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

Superposition

Superposition

36.06 USDC • 2 total findings • Code4rena • Rhaydden

#30

high

update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council

medium

_onTransferReceived() does not work as intended

Phi

Phi

98.76 USDC • 1 total finding • Code4rena • Rhaydden

#18

medium

Contract `PhiNFT1155` can't be paused

Centrifuge

Centrifuge

470.12 USDC • 1 total finding • Cantina • Rhaydden

#12

medium

Finding not yet public.

zetachain-protocol

zetachain-protocol

199.51 USDC • 1 total finding • Cantina • Rhaydden

#44

high

Finding not yet public.

Jul '24

Basin

Basin

472.65 USDC • 1 total finding • Code4rena • Rhaydden

#5

high

Incorrectly assigned `decimal1` parameter upon decoding

Reserve Core

Reserve Core

0 USDC • Code4rena • Rhaydden

#7

TraitForge

TraitForge

0.77 USDC • 3 total findings • Code4rena • Rhaydden

#82

high

The maximum number of generations is infinite

high

Wrong minting logic based on total token count across generations

medium

There is no slippage check in the `nuke()` function.

LoopFi

LoopFi

1,550.82 USDC • 4 total findings • Code4rena • Rhaydden

#11

high

Availability of deposit invariant can be bypassed

medium

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

medium

Incorrect address is used as `spender` for ERC20 permit signature verification

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Munchables

Munchables

361.15 USDC • 2 total findings • Code4rena • Rhaydden

#15

high

Single plot can be occupied by multiple renters

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Karak Restaking

Karak Restaking

315.79 USDC • Code4rena • Rhaydden

#13

Jun '24

eBTC Zap Router

eBTC Zap Router

1,637.57 USDC • 1 total finding • Code4rena • Rhaydden

#6

medium

Incorrect Comparison Logic in Post-Operation Checks

Vultisig

Vultisig

294.74 USDC • Code4rena • Rhaydden

#12

Size

Size

6.17 USDC • 1 total finding • Code4rena • Rhaydden

#58

medium

Fragmentation fee is not taken if user compensates with newly created position

May '24

Olas

Olas

0 USDC • Code4rena • Rhaydden

#15

Predy

Predy

1,097.37 USDC • 2 total findings • Code4rena • Rhaydden

#7

medium

incorrect price for negative ticks due to lack of rounding down

medium

Liquidity manipulation is possible when trading

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

1,153.42 USDC • 1 total finding • Sherlock • Rhaydden

#11

medium

Missing `notShutdown` modifier in `claimPrize`

Arbitrum BoLD

Arbitrum BoLD

10,526.32 USDC • Code4rena • Rhaydden

#8

LoopFi

LoopFi

142.22 USDC • 4 total findings • Code4rena • Rhaydden

#7

high

Availability of deposit invariant can be bypassed

medium

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

medium

Incorrect address is used as `spender` for ERC20 permit signature verification

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Apr '24

Renzo

Renzo

1.48 USDC • 1 total finding • Code4rena • Rhaydden

#54

medium

Lack of slippage and deadline during withdraw and deposit

NOYA

NOYA

304.7 USDC + NOYA stars • 2 total findings • Code4rena • Rhaydden

#30

medium

`totalAssets()`, and thus `convertToShares()` and `convertToAssets()`, may revert, in violation of ERC-4626

medium

`Keepers` does not implement EIP712 correctly on multiple occasions

Panoptic

Panoptic

32.96 USDC • Code4rena • Rhaydden

#18

Mar '24

DittoETH

DittoETH

404.17 USDC • 1 total finding • Code4rena • Rhaydden

#13

medium

The `colRedeemed` variable is wrongly retrieved in `LibBytes::readProposalData` function

Feb '24

Wise Lending

Wise Lending

124.91 USDC • 1 total finding • Code4rena • Rhaydden

#26

medium

Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

Jan '24

Salty.IO

Salty.IO

90.94 USDC • 1 total finding • Code4rena • Rhaydden

#71

medium

Creation of token whitelisting proposals can be DOS'd