Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/a485a08e-2316-472a-b7e9-23f728947426.jpg

Trumpero

Security Researcher

Independent Web3 security researcher Senior Watson at @sherlockdefi DM for audit

Contact Me

High

1

Solo

8

Total

Medium

13

Total

$37.21K

Total Earnings

#232 All Time

7x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

3x

Top 10

All

Sherlock

Code4rena

Apr '24

Exactly Protocol

Exactly Protocol

22,684.98 USDC • 7 total findings • Sherlock • Trumpero

bronze

high

`unassignedEarnings` of each maturity doesn't change after liquidation, resulting in the attacker being able to cheat and steal the yield from maturities

medium

Miscalculation of already released rewards in the `RewardsController.config()` function

medium

Modifying Reward Distribution Start Time Could Incur An Incorrect Reward Distribution

medium

`clearBadDebt` function does not accrue earnings from each maturity.

medium

A maturity with remaining earnings that have not yet been accrued may not be included in the `totalAsset()` function

medium

An attacker can borrow 0 in many markets, allowing any user to increase the number of the user's markets in Auditor, which may lead to a DOS attack

medium

As time passes, the decrease in the value of `previewRepay(fixedDebt)` due to the floating interest results in borrowers being unable to claim their full rewards

Jan '23

Cooler

Cooler

287.03 USDC • 5 total findings • Sherlock • Trumpero

#11

high

Attackers can force borrower unable to repay the loan in case debt token is USDC

high

Use `safeTransfer` instead of `transfer`

high

Collateral can be locked forever because borrower can `roll` the loan many times

medium

Because the default value of `rollable` is true, function `toggleRoll` can not block the rollover

medium

Borrower can't roll a loan over when call `repay()` before

Nov '22

Opyn Crab Netting

Opyn Crab Netting

102.37 USDC • 1 total finding • Sherlock • Trumpero

#19

medium

Users can not withdraw all of their tokens if they deposited many times before (array `userDepositsIndex[msg.sender]` too long)

FrankenDAO

FrankenDAO

1,655.20 USDC • 5 total findings • Sherlock • Trumpero

bronze

high

Malicious users can stake nft with high `unlockTime` to get a high voting power and prevent users from create a proposal

high

Users's nft can be locked because of the wrong implementation of function `Staking.delegate()`

medium

Should decrease the community power of proposer when his/her proposal is vetoed/canceled

medium

Wrong update of community power when a proposal is queued

medium

Users who didn't own any nfts still can increase their community power

Sep '22

Knox Finance

Knox Finance

12,335.82 USDC • 3 total findings • Sherlock • Trumpero

gold

high

User can't withdraw from auction when number of sold contracts bigger than totalContracts

high

Wrong implementation of orderbook can make user can't get their fund back

medium

Oracle data can be outdated

Jul '22

Yield Witch v2 contest

Yield Witch v2 contest

56.62 USDC • Code4rena • Trumpero

#22

Jun '22

Notional x Index Coop

Notional x Index Coop

89.19 USDC • Code4rena • Trumpero

#38