https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

Ryonen

Security Researcher

Contact Me

High

23

Total

Medium

33

Total

$2.69K

Total Earnings

#933 All Time

22x

Payouts

regular

3x

Top 10

regular

10x

Top 25

regular

16x

Top 50

All

Sherlock

Code4rena

CodeHawks

Apr '25

Aegis.im YUSD

Aegis.im YUSD

45.94 OP • 1 total finding • Sherlock • Ryonen

#4

high

AegisMinting::approveRedeemRequest mints unbacked token due to incorrect fee logic

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

49.73 USDC • Sherlock • Ryonen

#27

Crestal Network

Crestal Network

77.24 USDC • 2 total findings • Sherlock • Ryonen

#4

high

Payment::payWithERC20 lacks access control

medium

Whitelist can be bypassed, making createAgentWithWhitelistUsers redundant

Symmio, Staking and Vesting

Symmio, Staking and Vesting

8.90 USDC • 2 total findings • Sherlock • Ryonen

#16

medium

Attacker can call SymmStaking::notifyRewardAmount to extend periodFinish and "dilute" rewards

medium

Vesting::_resetVestingPlans reverts in legitimate cases

Feb '25

Yieldoor

Yieldoor

13.90 USDC • 2 total findings • Sherlock • Ryonen

#25

high

Leverager::_checkWithinlimits incorrectly calculates positionLeverage

medium

Leverager::withdraw repayFromWithdraw error

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • Ryonen

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Plaza Finance

Plaza Finance

798.27 USDC • 6 total findings • Sherlock • Ryonen

#15

high

BondOracleAdapter::latestRoundData Returns X96 Result

high

lToken Not Considered in MarketRate

medium

An Attacker Can Almost Completely Drain the Protocol

medium

Attacker Can Consistently Cause a Denial-of-Service (DoS) in Auctions

medium

redeemRate Division Before Multiplication

medium

Pool Contract: Comparison Between Different Decimals

Dec '24

QuantAMM

QuantAMM

739.34 op • 5 total findings • CodeHawks • ryonen

#18

high

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

high

fees sent to QuantAMMAdmin is stuck forever as there is no function to retrieve them

medium

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

medium

Incorrect Handling Of Nft Self-Transfer In afterupdate Hook Allows The Owner To Grief A Buyer By Rendering The Nft Unable To Redeem Its Associated Liquidity, Resulting In A Loss Of Funds

medium

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Tally ARB Staker

Tally ARB Staker

132.00 USDC • Sherlock • Ryonen

#19

SecondSwap

SecondSwap

56.81 USDC • 2 total findings • Code4rena • Ryonen

#41

medium

Underflow in `claimable` DOSing `claim` Function

medium

Incorrect referral fee calculations

Lambo.win

Lambo.win

5.26 USDC • 1 total finding • Code4rena • Ryonen

#34

medium

Accumulated ETH in the LamboVEthRouter will be irretrievable

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

353.76 USDC • 3 total findings • Sherlock • Ryonen

#13

high

ReputationMarket::_calculateBuy Overcharges Fees

high

Users Can Avoid Some Fees in EthosVouch

medium

No Slippage Protection When Selling Tokens

Debita Finance V3

Debita Finance V3

9.11 USDC • 1 total finding • Sherlock • Ryonen

#51

medium

DebitaIncentives::updateFunds Does Not Check All validPairs

Aug '24

Sentiment V2

Sentiment V2

27.66 USDC • 3 total findings • Sherlock • Ryonen

#39

medium

SuperPool does not use Pausable modifiers

medium

No incentive to liquidate

medium

SuperPool is not ERC 4626 compliant

Jul '24

TraitForge

TraitForge

0.01 USDC • 3 total findings • Code4rena • Ryonen

#88

medium

Forger Entities can forge more times than intended

medium

Pause and unpause functions are inaccessible

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

28.91 USDC • 4 total findings • Sherlock • Ryonen

#49

high

BribeRewarder.deposit Reverts

medium

MlumStaking._requireOnlyOperatorOrOwnerOf incorrect implementation

medium

Inconsistency Calculating MlumStaking, Position avgDuration

medium

MlumStaking.harvestPositionsTo Invalid Implementation

Jun '24

Vultisig

Vultisig

171.14 USDC • 2 total findings • Code4rena • Ryonen

#21

high

Most users won't be able to claim their share of Uniswap fees

medium

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Apr '24

DYAD

DYAD

13.58 USDC • 4 total findings • Code4rena • Ryonen

#87

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

medium

No incentive to liquidate small positions could result in protocol going underwater

medium

Value of kerosene can be manipulated to force liquidate users

Feb '24

AI Arena

AI Arena

3.74 USDC • 5 total findings • Code4rena • Ryonen

#142

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Curves

Curves

5.79 USDC • 5 total findings • Code4rena • Ryonen

#94

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Dec '23

The Standard

The Standard

0.08 USDC • 2 total findings • CodeHawks • ryonen

#101

high

Rewards can be drained because of lack of access control

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Revolution Protocol

Revolution Protocol

148.46 USDC • 1 total finding • Code4rena • Ryonen

#39

medium

Anyone can pause AuctionHouse in _createAuction