https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/2f4318e2-0d05-4878-b259-532127c5b58f.jpg

Saeedalipoor01988

Security Researcher

بازار سهام و کریپتو ، #بیتکوین و #اتریوم

Contact Me

High

12

Total

Medium

26

Total

$8.29K

Total Earnings

#616 All Time

24x

Payouts

regular

2x

Top 10

regular

8x

Top 25

regular

16x

Top 50

All

Sherlock

Code4rena

Jul '23

Tapioca DAO

Tapioca DAO

3,585.64 USDC • 12 total findings • Code4rena • SaeedAlipoor01988

#20

high

`utilization` for `_getInterestRate()` does not factor in interest

high

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

high

Funds are locked because borrowFee is not correctly implemented in BigBang

medium

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

medium

BigBang and Singularity should not pause repay() and liquidate()

medium

TOFT `exerciseOption` fails due to not passing `msg.value` properly

medium

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

medium

Single UniswapV3Swapper using a single fee makes it highly likely to be suboptimal

medium

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

medium

Oracle Manipulation using Uniswap V3 pool that is not yet deployed

medium

Option brokers don't handle oracle decimals correctly when calculating payment amounts

medium

Loss of possible rewards in Curve Gauge

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

0 USDC • 2 total findings • Code4rena • SaeedAlipoor01988

#71

high

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 4 total findings • Sherlock • Saeedalipoor01988

#94

high

USSD executes swaps without slippage protection

high

lack of access control on USSD.sol.mintRebalancer() and USSD.sol.burnRebalancer()

high

chainlink weth/usd priceFeed is using for get price of btc/usd by mistake

medium

Chainlink's latestRoundData return stale or incorrect result

Index

Index

15.09 USDC • 2 total findings • Sherlock • Saeedalipoor01988

#22

medium

USE OF DEPRECATED CHAINLINK FUNCTION: LATESTANSWER

medium

No check if Arbitrum L2 sequencer is down in Chainlink feeds

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

3,148.21 USDC • 3 total findings • Code4rena • SaeedAlipoor01988

#6

high

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

medium

Borrow rate calculation can cause VToken.accrueInterest() to revert, DoSing all major functionality

medium

Fix utilization rate computation

Apr '23

Teller

Teller

0.20 USDC • 1 total finding • Sherlock • Saeedalipoor01988

#53

medium

malicious admin can steal user's funds by set fee to high value

Frankencoin

Frankencoin

82.94 USDC • 1 total finding • Code4rena • SaeedAlipoor01988

#50

medium

need alternative ways for fund transfer in `end()` to prevent DoS

Caviar Private Pools

Caviar Private Pools

23.08 USDC • 1 total finding • Code4rena • SaeedAlipoor01988

#65

high

Risk of silent overflow in reserves update

Rubicon v2

Rubicon v2

7.34 USDC • 3 total findings • Code4rena • SaeedAlipoor01988

#106

high

Reward accounting is incorrect in BathBuddy contract

high

DOS of market operations with malicious offers

medium

Zero reward rate calculation impedes low-decimals token distributions

Mar '23

Asymmetry contest

Asymmetry contest

49.05 USDC • 3 total findings • Code4rena • SaeedAlipoor01988

#78

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

medium

DoS due to external call failure

medium

Lack of deadline for uniswap AMM

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

12.03 USDC • Code4rena • SaeedAlipoor01988

#29

Sense Update #1

Sense Update #1

223.79 USDC • 1 total finding • Sherlock • Saeedalipoor01988

#8

medium

Usage of transfer() can result in revert

Y2K

Y2K

41.79 USDC • 1 total finding • Sherlock • Saeedalipoor01988

#57

medium

Lack of price freshness check in ControllerPeggedAssetV2.sol#L299.getLatestPrice function allows a stale price to be used

Wenwin contest

Wenwin contest

21.7 USDC • Code4rena • SaeedAlipoor01988

#26

Aragon Protocol contest

Aragon Protocol contest

72.43 USDC • Code4rena • SaeedAlipoor01988

#14

Feb '23

Derby

Derby

26.40 USDC • 1 total finding • Sherlock • Saeedalipoor01988

#36

medium

Did Not Approve To Zero First Causing Certain Token Transfer To Fail - USDT

Ethos Reserve contest

Ethos Reserve contest

42.07 USDC • Code4rena • SaeedAlipoor01988

#34

Blueberry

Blueberry

111.76 USDC • 1 total finding • Sherlock • Saeedalipoor01988

#29

medium

The use of the platform can be disrupted if access to Chainlink oracle data feed is blocked

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

17.2 USDC • Code4rena • SaeedAlipoor01988

#74

Timeswap contest

Timeswap contest

326.64 USDC • 1 total finding • Code4rena • SaeedAlipoor01988

#15

medium

Fee on transfer tokens will not behave as expected

Ondo Finance contest

Ondo Finance contest

36.24 USDC • Code4rena • SaeedAlipoor01988

#19

Astaria contest

Astaria contest

363.16 USDC • Code4rena • SaeedAlipoor01988

#33

Nov '22

Canto contest

Canto contest

13.69 CANTO • Code4rena • SaeedAlipoor01988

#12

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

66.44 USDC • 1 total finding • Code4rena • SaeedAlipoor01988

#48

medium

Incorrect implementation of the ETHPoolLPFactory.sol#rotateLPTokens let user stakes ETH more than maxStakingAmountPerValidator in StakingFundsVault, and DOS the stake function in LiquidStakingManager