https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/e72ef767-6fee-488c-b963-57f94aecdb4f.jpg

Vagner

Security Researcher

Full time smart-contract security researcher Warden on @code4rena Sherlock on @sherlockdefi Hawk on @CodeHawks GitHub: https://t.co/OsCj90LY88

Contact Me

High

21

Total

Medium

4

Solo

30

Total

$17.72K

Total Earnings

#387 All Time

32x

Payouts

bronze

2x

3rd Places

regular

7x

Top 10

regular

14x

Top 25

All

Sherlock

Code4rena

CodeHawks

Nov '23

Notional Update #4

Notional Update #4

907.87 USDC • 3 total findings • Sherlock • Vagner

bronze

medium

`BalancerWeightedAuraVault.sol` wrongly assumes that all of the weighted pools uses `totalSupply`

medium

`getOraclePrice` in `SingleSidedLPVaultBase.sol` does not check if the sequencer is down for Arbitrum/Optimism

medium

`depositFromNotional` function is payable, which means that it should accept Ether, but in reality will revert 100% when msg.value > 0

Oct '23

Party Protocol

Party Protocol

1,061.86 USDC • 1 total finding • Code4rena • Vagner

#6

medium

Some arbitrary proposal calls will fail because executeProposal() in ProposalExecutionEngine is not payable

NextGen

NextGen

2.77 USDC • 2 total findings • Code4rena • Vagner

#102

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

The Wildcat Protocol

The Wildcat Protocol

6.73 USDC • 2 total findings • Code4rena • Vagner

#69

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrower can drain all funds of a sanctioned lender

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

0.11 USDC • 1 total finding • Code4rena • Vagner

#62

high

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Allo V2

Allo V2

1.56 USDC • 2 total findings • Sherlock • Vagner

#66

medium

Funding a pool on `Allo.sol` would not be compatible and accurate with Fee-on-transfer tokens

medium

`_registerRecipient` in the `RFPSimpleStrategy.sol` will revert 100% if `useRegistryAnchor` is true

Centrifuge

Centrifuge

50.43 USDC • 1 total finding • Code4rena • Vagner

#31

medium

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

Aug '23

Livepeer Onchain Treasury Upgrade

Livepeer Onchain Treasury Upgrade

2,232.82 USDC • 1 total finding • Code4rena • Vagner

#6

medium

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

Chainlink Staking v0.2

Chainlink Staking v0.2

3.86 USDC • Code4rena • Vagner

#58

Cooler Update

Cooler Update

25.53 USDC • 1 total finding • Sherlock • Vagner

#17

high

Lenders can force borrowers to get defaulted

Dopex

Dopex

10.34 USDC • 2 total findings • Code4rena • Vagner

#117

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Blueberry Update #3

Blueberry Update #3

1,479.94 USDC • 3 total findings • Sherlock • Vagner

bronze

high

`getPrice` in `CurveTricryptoOracle.sol` assumes that the ETH will always be the third token which is not the case all the time.

medium

`closePositionFarm` in `AuraSpell.sol` doesn't use any real slippage protection when `exitPool` is called which can lead to loss of funds

medium

`getPrice` in `WeightedBPTOracle.sol` uses `totalSupply` for price calculations which can lead to wrong results

Tangible Caviar

Tangible Caviar

502.53 USDC • Code4rena • Vagner

#24

Good Entry

Good Entry

482.48 USDC • 1 total finding • Code4rena • Vagner

#18

high

Incorrect Solidity version in FullMath.sol can cause permanent freezing of assets for arithmetic underflow-induced revert

Jul '23

Moonwell

Moonwell

239.81 USDC • 2 total findings • Code4rena • Vagner

#27

medium

Proposals which intend to send native tokens to target addresses can't be executed

medium

`fastTrackProposalExecution` doesn't check `intendedRecipient`

Perennial V2

Perennial V2

1,365.53 USDC • 1 total finding • Sherlock • Vagner

#8

medium

`_unwrap` in `MultiInvoker.sol` can revert every time in some cases which will make the users not being able to `_liquidate` or `_withdraw` with `warp` to true

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

0.40 USDC • 3 total findings • CodeHawks • Vagner

#205

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

medium

No expiration deadline leads to losing a lot of funds

gas

Unnecessary If condition in update() of Staking.sol

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.56 USDC • 2 total findings • CodeHawks • Vagner

#122

high

Theft of collateral tokens with fewer than 18 decimals

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

37.93 USDC • 1 total finding • CodeHawks • Vagner

#55

medium

High - Funds can be lost if any participant is blacklisted

Tokensoft

Tokensoft

78.59 USDC • 1 total finding • Sherlock • Vagner

#14

medium

The `xcall` made in the function `_settleClaim` is not configured correctly which will make the transaction revert all the time

Tokemak

Tokemak

2,568.06 USDC • 1 total finding • Sherlock • Vagner

#10

medium

`getPriceInEth` in `TellorOracle.sol` doesn't uses the best practices recommended by Tellor which can cause wrong pricing

PoolTogether

PoolTogether

15.92 USDC • Code4rena • Vagner

#66

Tapioca DAO

Tapioca DAO

5,019.06 USDC • 7 total findings • Code4rena • Vagner

#13

high

`_sendToken` implementation in `Balancer.sol` is wrong which will make the underlying erc20 be send to a random address and lost

high

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

high

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

medium

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

medium

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

medium

`Seer.sol` inherits `OracleMulti.sol` which calls `_getQuoteAtTick` from `OracleMath.sol` , function which would revert when `_getRatioAtTick` is called since it doesn't allow overflow behavior

medium

FullMath and TickMath libraries desire overflow behavior

Bond Options

Bond Options

150.44 USDC • 1 total finding • Sherlock • Vagner

#12

medium

In the case of a blacklisted address `exercise` could revert, making it impossible for users exercise and use their `optionToken`

Jun '23

Lybra Finance

Lybra Finance

16.78 USDC • 2 total findings • Code4rena • Vagner

#81

medium

Incorrect function call in LybraRETHVault's getAssetPrice

medium

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • Vagner

#30

medium

`getUnderlyingPrice` from `Oracle.sol` doesn't have extra checks which can return stale or incorrect results

DODO V3

DODO V3

52.09 USDC • 1 total finding • Sherlock • Vagner

#28

medium

Liquidation and borrowing process would be broken for some ERC20

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

44.70 USDC • 5 total findings • Sherlock • Vagner

#42

high

`mintRebalancer` and `burnRebalancer` do not use the `onlyBalancer` modifier which means that anyone can call them and mint/burn any amount of tokens to the contract

high

Function `BuyUSSDSellCollateral` would revert all the time when it gets to sell WBTC.

high

The last if statement in `SellUSSDBuyCollateral` function is broken according to the comments.

high

The address in the `StableOracleWBTC.sol` is wrong which would give the wrong price when the oracle is called

high

`StableOracleDAI.sol` assumes the wrong decimals in the `getPriceUSD` function

Ajna Protocol

Ajna Protocol

845.55 USDC • 1 total finding • Code4rena • Vagner

#14

high

Incorrect calculation of the remaining updatedRewards leads to possible underflow error

Apr '23

Teller

Teller

0.02 USDC • 1 total finding • Sherlock • Vagner

#54

medium

Fee-on-transfer tokens could break the liquidation process in some cases

Mar '23

Asymmetry contest

Asymmetry contest

3.49 USDC • 1 total finding • Code4rena • Vagner

#123

high

An attacker can manipulate the preDepositvePrice to steal from other users.

Kairos Loan

Kairos Loan

509.26 USDC • 1 total finding • Sherlock • Vagner

#6

medium

ERC20's that don't let transfer of 0 amount of tokens can get the NFT stuck in the contract in case of liquidation