https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7ca6d1fa-a0a1-46e4-b0a5-15296d22144c.jpg

Silvermist

Security Researcher

Smart Contract Security Researcher

Contact Me

High

17

Total

Medium

24

Total

$3.69K

Total Earnings

#835 All Time

20x

Payouts

regular

3x

Top 10

regular

10x

Top 25

regular

11x

Top 50

All

Sherlock

Code4rena

Cantina

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • Silvermist

#18

medium

Anyone could call `notifyRewardAmount` to extend the period finish time

Jan '25

Peapods

Peapods

51.22 USDC • 1 total finding • Sherlock • Silvermist

#27

medium

`_checkAndHandleBaseTokenPodConfig` function applies the debond fee twice

Dec '24

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

8.65 OP • 3 total findings • Sherlock • Silvermist

#57

high

CDS.sol#updateDownsideProtected - There is a missing access control

medium

`lastCumulativeRate` is incorrectly calculated due to wrong update of the `lastEventTime`

medium

BorrowLib.sol#calculateReturnToAbond - Under some conditions, a higher value will be subtracted from a lower one, breaking the liquidation.

Oct '24

Orderly Solana Vault Contract

Orderly Solana Vault Contract

1,173.90 USDC • 1 total finding • Sherlock • Silvermist

#4

high

A malicious user can withdrawals another user's money

Sep '24

symbioticfi-core

symbioticfi-core

211.51 USDC • 1 total finding • Cantina • Silvermist

#22

medium

Finding not yet public.

Aug '24

Superposition

Superposition

417.76 USDC • 3 total findings • Code4rena • Silvermist

#14

high

Missing `lower<upper` check in `mint_position`

medium

swap_2 implementation will randomly revert due to improper check, root cause for failed test ethers_suite_uniswap_orchestrated_uniswap_two

medium

Users can't remove liquidity while a pool is disabled

Winnables Raffles

Winnables Raffles

140.87 USDC • 3 total findings • Sherlock • Silvermist

#14

high

WinnablesTicketManager.sol#cancelRaffle

high

WinnablesTicketManager.sol#refundPlayers

medium

WinnablesTicketManager.sol#_checkShouldCancel

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

146.34 USDC • 7 total findings • Sherlock • Silvermist

#21

high

BribeRewarder.sol#deposit() will revert because of wrong check

high

Voter.sol#vote

high

Possible stuck of funds in BribeRewarder.sol

high

BribeRewards.sol#claim

medium

MlumStaking.sol#_requireOnlyOperatorOrOwnerOf is improperly implemented

medium

addToPosition #_transferSupportingFeeOnTransfer should be called at the beginning of the function

medium

A malicious user can fill the maximum bribe limit to sabotage pool voting

May '24

YOLO Games

YOLO Games

556.67 USDC • 2 total findings • Cantina • Silvermist

#10

medium

Finding not yet public.

medium

Finding not yet public.

Mar '24

Zap Protocol

Zap Protocol

244.05 USDC • 3 total findings • Sherlock • Silvermist

#6

high

Vesting.sol#claim() Reentrancy allows a malisious user to drain the contract

medium

TokenSale.sol#claim Incorrect check allows blacklisted users to claim

medium

TokenSale.sol#calculateMaxAllocation() Incorrect return values

Revert Lend

Revert Lend

25.11 USDC • 2 total findings • Code4rena • Silvermist

#63

medium

V3Oracle susceptible to price manipulation

medium

V3Vault is not ERC-4626 compliant

Feb '24

AI Arena

AI Arena

4.54 USDC • 4 total findings • Code4rena • Silvermist

#135

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

medium

Can mint NFT with the desired attributes by reverting transaction

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element

Jan '24

Salty.IO

Salty.IO

87.74 USDC • 1 total finding • Code4rena • Silvermist

#73

high

First Liquidity provider can claim all initial pool rewards

Curves

Curves

0.41 USDC • 2 total findings • Code4rena • Silvermist

#133

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

559.98 USDC • 1 total finding • Code4rena • Silvermist

#25

medium

LendingTerm.sol#_partialRepay() A user cannot partial repay a loan with 0 interest

Oct '23

NextGen

NextGen

0 USDC • 1 total finding • Code4rena • Silvermist

#115

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

The Wildcat Protocol

The Wildcat Protocol

6.73 USDC • 2 total findings • Code4rena • Silvermist

#69

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrower can drain all funds of a sanctioned lender

Sep '23

Allo V2

Allo V2

36.90 USDC • 1 total finding • Sherlock • Silvermist

#53

medium

fee-on-transfer tokens can cause stuck of funds

Aug '23

Cooler Update

Cooler Update

0.70 USDC • 1 total finding • Sherlock • Silvermist

#20

medium

Cooler#rollLoan anyone can call rollLoan and change the loan terms without borrower agreeing

Jun '23

Lybra Finance

Lybra Finance

18.42 USDC • 1 total finding • Code4rena • Silvermist

#80

high

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted