Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/97ebc91b-b829-43cb-a822-f4a06f1e8194.jpg

TradMod

Security Researcher

:D

Contact Me

High

9

Total

Medium

13

Total

$8.58K

Total Earnings

#613 All Time

29x

Payouts

regular

5x

Top 10

regular

13x

Top 25

regular

21x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Hats Finance

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

64.85 USDC • Sherlock • DevABDee

#21

Jan '25

Aave v3.3

Aave v3.3

566.26 USDC • Sherlock • DevABDee

#42

Aug '24

Chakra

Chakra

47.22 USDT • 4 total findings • Code4rena • Shaheen

#37

high

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

high

In Starknet already processed messages can be re-submitted and by anyone

high

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

medium

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

Jul '24

Karak Restaking

Karak Restaking

492.15 USDC • 1 total finding • Code4rena • Shaheen

#11

medium

When malicious behavior occurs and DSS requests slashing against vault during 2 day period after `SLASHING_WINDOW` of 7 days is passed after staker initiates a withdrawal, token amount to be slashed is calculated to be higher than what it should be

MakerDAO Endgame

MakerDAO Endgame

945.36 USDC • Sherlock • DevABDee

#61

Biconomy: Nexus

Biconomy: Nexus

134.97 USDC • 1 total finding • CodeHawks • Shaheen

#16

high

User may lose funds when creating Nexus account or executing user operations

Jun '24

Thorchain

Thorchain

752.57 USDC • 3 total findings • Code4rena • Shaheen

#7

high

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

medium

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS

Apr '24

Renzo

Renzo

1.52 USDC • 2 total findings • Code4rena • Shaheen

#53

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

medium

Lack of slippage and deadline during withdraw and deposit

Jan '24

Catalyst Exchange

Catalyst Exchange

1,000 USDC • 1 total finding • Hats • Shaheen

#5

low

Wormhole Consistency Levels set to zero in the publishMessage

Decent

Decent

161.77 USDC • 1 total finding • Code4rena • Shaheen

#29

medium

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Nov '23

core-and-erc1155a

core-and-erc1155a

852.1 USDC • 1 total finding • Cantina • Shaheen

#15

medium

Finding not yet public.

Kelp DAO | rsETH

Kelp DAO | rsETH

143.01 USDC • 1 total finding • Code4rena • Shaheen

#27

medium

Lack of slippage control on LRTDepositPool.depositAsset

Oct '23

Party Protocol

Party Protocol

215.71 USDC • 1 total finding • Code4rena • Shaheen

#22

high

Single host can unfairly skip veto period for proposal that does not have full host support

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

57.72 USDC • 1 total finding • Code4rena • DevABDee

#46

medium

Message channels can be blocked resulting in DoS

Allo V2

Allo V2

0.09 USDC • 1 total finding • Sherlock • DevABDee

#74

medium

Insufficient support for Fee-on-Transfer Tokens which will result in computation inconsistencies.

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

44.97 USDC • Code4rena • DevABDee

#56

Jul '23

Beam

Beam

315.19 USDC • Sherlock • DevABDee

#4

Jun '23

Canto

Canto

174.48 USDC • Code4rena • DevABDee

#11

Unitas Protocol

Unitas Protocol

1,414.45 USDC • 1 total finding • Sherlock • DevABDee

#7

high

`XOracle.putPrice()` Can Fall Victim to Front-running Attacks: Attackers Can Make Quick Profits, while Users Can Avoid Loss and even Turn the Potential Loss into Profits.

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 3 total findings • Sherlock • DevABDee

#90

high

StableOracleWBTC uses the wrong address for the WBTC/USD oracle

high

`mintRebalancer()` & `burnRebalancer()` are `onlyBalancer` modifier. An Attacker can manipulate USSD's `totalSupply()`

medium

Improper validation of the Chainlink Oracle priceFeed function can result in zero or stale prices.

Footium

Footium

0.00 USDC • 1 total finding • Sherlock • DevABDee

#35

medium

ERC20 return values not checked

Mar '23

Asymmetry contest

Asymmetry contest

13.13 USDC • Code4rena • DevABDee

#110

Neo Tokyo contest

Neo Tokyo contest

235.24 USDC • Code4rena • DevABDee

#11

Aragon Protocol contest

Aragon Protocol contest

720.35 USDC • Code4rena • DevABDee

#10

Jan '23

Popcorn contest

Popcorn contest

35.48 USDC • Code4rena • DevABDee

#84

Canto Identity Protocol contest

Canto Identity Protocol contest

44.97 CANTO • Code4rena • DevABDee

#13

Aug '22

Nouns DAO contest

Nouns DAO contest

52.1 USDC • Code4rena • DevABDee

#38

Foundation Drop contest

Foundation Drop contest

62 USDC • Code4rena • DevABDee

#47

Jul '22

Golom contest

Golom contest

35.17 USDC • Code4rena • DevABDee

#86