https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

Viktor_Cortess

Security Researcher

Contact Me

High

8

Total

Medium

10

Total

$2.00K

Total Earnings

#1019 All Time

18x

Payouts

regular

4x

Top 25

regular

9x

Top 50

All

Sherlock

Code4rena

Oct '23

NextGen

NextGen

26.77 USDC • 3 total findings • Code4rena • Viktor_Cortess

#77

high

Attacker can reenter to mint all the collection supply

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

medium

Auction payout goes to AuctionDemo contract owner, not the token owner

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.79 USDC • 1 total finding • Code4rena • Viktor_Cortess

#54

high

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

3.86 USDC • Code4rena • Viktor_Cortess

#58

Dopex

Dopex

98.54 USDC • 3 total findings • Code4rena • Viktor_Cortess

#77

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

medium

Missing slippage parameter on Uniswap `addLiquidity()` function

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Tangible Caviar

Tangible Caviar

44.31 USDC • Code4rena • Viktor_Cortess

#62

Jul '23

Axelar Network

Axelar Network

94.77 USDC • 1 total finding • Code4rena • Viktor_Cortess

#22

medium

Proposal requiring native coin transfers cannot be executed

Jun '23

Symmetrical

Symmetrical

64.51 USDC • 2 total findings • Sherlock • Viktor_Cortess

#36

medium

PartyB can withdraw funds if it got suspended.

medium

function lockQuote increments nonce incorrectly

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

883.33 USDC • Code4rena • Viktor_Cortess

#27

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

67.74 USDC • 3 total findings • Sherlock • Viktor_Cortess

#29

high

Missing deadline checks allow pending transactions to be maliciously executed.

high

A number of similar problems with contracts that are supposed to interact with Oracles.

high

getPriceUSD() function in StableOracleDAI contract calculates price of WETH with inverted data.

Apr '23

Rubicon v2

Rubicon v2

0.51 USDC • 2 total findings • Code4rena • Viktor_Cortess

#120

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

medium

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Mar '23

Asymmetry contest

Asymmetry contest

13.27 USDC • 1 total finding • Code4rena • Viktor_Cortess

#109

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

31.9 USDC • 1 total finding • Code4rena • Viktor_Cortess

#26

medium

Bio Protocol - `tokenURI` JSON injection

Neo Tokyo contest

Neo Tokyo contest

48.97 USDC • Code4rena • Viktor_Cortess

#20

Feb '23

Ethos Reserve contest

Ethos Reserve contest

370.05 USDC • Code4rena • Viktor_Cortess

#27

Jan '23

Popcorn contest

Popcorn contest

4.58 USDC • 1 total finding • Code4rena • Viktor_Cortess

#89

medium

Fee on transfer token not supported

Timeswap contest

Timeswap contest

113.89 USDC • Code4rena • Viktor_Cortess

#19

Ondo Finance contest

Ondo Finance contest

68.6 USDC • Code4rena • Viktor_Cortess

#18

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

36.5 USDC • Code4rena • Viktor_Cortess

#55