https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/501f096a-409a-46ca-ad17-a11eefdfd8d9.jpeg

Wojack

Security Researcher

Smart Contract Auditor & Web3 Security Researcher Solidity | Move | Vyper | Rust https://hackenproof.com/hackers/Wojack

Contact Me

High

Total

Medium

Total

$83.00

Total Earnings

#2191 All Time

5x

Payouts

1x

Top 10

3x

Top 25

5x

Top 50

All

Sherlock

Code4rena

Nov '25

Brix Money

47.7 USDC • 1 total finding • Code4rena • Wojack

medium

Cross-chain unstake and fast redeem operations fail due to minAmountLD not accounting for LayerZero dust removal

stNXM by EaseDeFi

0.79 USDC • 3 total findings • Sherlock • Wojack

#47

high

Reliance on Uniswap V3 spot price in totalAssets allows share price manipulation via flash loans

medium

Duplicate tranche IDs in stakeNxm cause double-counting of assets, leading to totalAssets inflation and potential vault drainage

medium

Strict APY sanity check in StNxmOracle causes permanent Denial of Service for Morpho operations shortly after deployment

Oct '25

Reflector V3

0 USDC • 2 total findings • Code4rena • Wojack

#16

high

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

medium

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Index Fun Order Book

0.62 USDC • 1 total finding • Sherlock • Wojack

#15

medium

An authorized matcher can steal all protocol fees by changing the treasury address

Hybra Finance

34.43 USDC • 1 total finding • Code4rena • Wojack

#28

medium

CL gauge accepts unverified pools, allowing malicious pool to brick distribution