https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/67729610-849b-4ebc-85d6-e6bb05391fd7.jpg

Shaheen

Security Researcher

Cybersecurity Researcher 🦅

High

7

Total

Medium

11

Total

$4.21K

Total Earnings

#796 All Time

13x

Payouts

regular

2x

Top 10

regular

6x

Top 25

regular

11x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Hats Finance

Jan '25

Aave v3.3

8.47 USDC • Sherlock • Shaheen

#111

Aug '24

Chakra

47.22 USDT • 4 total findings • Code4rena • Shaheen

#37

high

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

high

In Starknet already processed messages can be re-submitted and by anyone

high

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

medium

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

Jul '24

Karak Restaking

492.15 USDC • 1 total finding • Code4rena • Shaheen

#11

medium

When malicious behavior occurs and DSS requests slashing against vault during 2 day period after `SLASHING_WINDOW` of 7 days is passed after staker initiates a withdrawal, token amount to be slashed is calculated to be higher than what it should be

Biconomy: Nexus

134.97 USDC • 1 total finding • CodeHawks • Shaheen

#16

high

User may lose funds when creating Nexus account or executing user operations

Jun '24

Thorchain

752.57 USDC • 3 total findings • Code4rena • Shaheen

#7

high

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

medium

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS

Apr '24

Renzo

1.52 USDC • 2 total findings • Code4rena • Shaheen

#53

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

medium

Lack of slippage and deadline during withdraw and deposit

TITLES Publishing Protocol

5.27 USDC • 3 total findings • Sherlock • Shaheen

#47

high

`mintBatch()` Allows Users To Mint Unlimited NFTs by Only Paying Fee of 1 NFT's Mint

medium

`_refundExcess()` Functionality will Never Work and Users will Loose Ethers as the Funds will be Stuck in the FeeManager Contract

medium

`mintBatch()` will always revert for the users

Feb '24

Audit Comp | Puffer Finance

400 USDC • 1 total finding • Immunefi • Shaheen

#26

low

Finding not yet public.

Jan '24

Catalyst Exchange

1,000 USDC • 1 total finding • Hats • Shaheen

#5

low

Wormhole Consistency Levels set to zero in the publishMessage

Decent

161.77 USDC • 1 total finding • Code4rena • Shaheen

#29

medium

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Nov '23

core-and-erc1155a

852.1 USDC • 1 total finding • Cantina • Shaheen

#15

medium

Finding not yet public.

Kelp DAO | rsETH

143.01 USDC • 1 total finding • Code4rena • Shaheen

#27

medium

Lack of slippage control on LRTDepositPool.depositAsset

Oct '23

Party Protocol

215.71 USDC • 1 total finding • Code4rena • Shaheen

#22

high

Single host can unfairly skip veto period for proposal that does not have full host support