Security Researcher
High
Total
Medium
Total Earnings
#639 All Time
Payouts
Top 10
Top 25
Top 50
All
Code4rena
Dec '22
43.54 USDC • Code4rena • SmartSek
#26
635.4 USDC • Code4rena • SmartSek
#34
618.25 USDC • 2 total findings • Code4rena • SmartSek
#6
high
Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`
medium
Raffle creator can rug participants
1.15 USDC • 1 total finding • Code4rena • SmartSek
#64
Centralization risks: owner can freeze withdraws and use timelock to steal all funds
249.09 USDC • 1 total finding • Code4rena • SmartSek
#22
The recipient receives free collateral token if an ERC20 token that deducts a fee on transfer used as baseToken
Nov '22
603.51 USDC • Code4rena • SmartSek
#32
146.87 USDC • 2 total findings • Code4rena • SmartSek
#37
Calling `updateNodeRunnerWhitelistStatus` function always reverts
Adding non EOA representative
1,161.4 USDC • 3 total findings • Code4rena • SmartSek
#21
Reentrancy bug allows lender to steal other lenders funds
Mutual consent cannot be revoked and stays valid forever
address.call{value:x}() should be used instead of payable.transfer()
Jun '22
1,098.2 USDC • 1 total finding • Code4rena • SmartSek
#9
Buyout cannot be rejected when paused
937.53 USDC • 1 total finding • Code4rena • SmartSek
#18
Missing whenNotPaused modifier
May '22
3,472.66 USDC • 1 total finding • Code4rena • SmartSek
#8
Inconsistency in view functions can lead to users believing they’re due for more BKD rewards
1,168.41 USDT • 1 total finding • Code4rena • SmartSek
#15
compromised `owner` can drain funds from`VeTokenMinter.sol`
192.46 USDC • 4 total findings • Code4rena • SmartSek
#40
First depositor can break minting of shares
Admin rug vectors
Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`
Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter
379.33 USDC • Code4rena • SmartSek
#19
