Security Researcher
Independent Web3 security researcher Senior Watson at @sherlockdefi DM for audit
High
Solo
Total
Medium
Total
Total Earnings
#230 All Time
Payouts
1st Places
3rd Places
Top 10
All
Sherlock
Code4rena
Apr '24
high
`unassignedEarnings` of each maturity doesn't change after liquidation, resulting in the attacker being able to cheat and steal the yield from maturities
medium
Miscalculation of already released rewards in the `RewardsController.config()` function
medium
Modifying Reward Distribution Start Time Could Incur An Incorrect Reward Distribution
medium
`clearBadDebt` function does not accrue earnings from each maturity.
medium
A maturity with remaining earnings that have not yet been accrued may not be included in the `totalAsset()` function
medium
An attacker can borrow 0 in many markets, allowing any user to increase the number of the user's markets in Auditor, which may lead to a DOS attack
medium
As time passes, the decrease in the value of `previewRepay(fixedDebt)` due to the floating interest results in borrowers being unable to claim their full rewards
Jan '23
high
Attackers can force borrower unable to repay the loan in case debt token is USDC
high
Use `safeTransfer` instead of `transfer`
high
Collateral can be locked forever because borrower can `roll` the loan many times
medium
Because the default value of `rollable` is true, function `toggleRoll` can not block the rollover
medium
Borrower can't roll a loan over when call `repay()` before
Nov '22
high
Malicious users can stake nft with high `unlockTime` to get a high voting power and prevent users from create a proposal
high
Users's nft can be locked because of the wrong implementation of function `Staking.delegate()`
medium
Should decrease the community power of proposer when his/her proposal is vetoed/canceled
medium
Wrong update of community power when a proposal is queued
medium
Users who didn't own any nfts still can increase their community power
Sep '22
Jul '22
Jun '22