https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

X0sauce

Security Researcher

Contact Me

High

6

Total

Medium

13

Total

$5.24K

Total Earnings

#738 All Time

15x

Payouts

gold

3x

1st Places

silver

1x

2nd Places

regular

6x

Top 10

All

Sherlock

Code4rena

Immunefi

Apr '25

ZKP2P V2

ZKP2P V2

2,843.20 OP • Sherlock • X0sauce

gold

Findings not publicly available for private contests.

Mar '25

Audit Comp | Yeet

Audit Comp | Yeet

72 USDC • 1 total finding • Immunefi • X0sauce

#27

high

Finding not yet public.

Symmio, Staking and Vesting

Symmio, Staking and Vesting

8.90 USDC • 2 total findings • Sherlock • X0sauce

#16

medium

Reward distribution can be indefinitely extended by supplying small amounts of reward token

medium

Vesting plans cannot be resetted upon new addition of SYMM LP tokens

Feb '25

THORWallet

THORWallet

0 USDC • 1 total finding • Code4rena • X0sauce

#10

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Rova

Rova

1,178.30 USDC • 2 total findings • Sherlock • X0sauce

gold

medium

Minimum and maximum token amount allowed for user is wrongly compared in `updateParticipation`

medium

Token allocation is wrongly updated in `updateParticipation`

Jan '25

Next Generation

Next Generation

3.65 USDC • 1 total finding • Code4rena • X0sauce

#14

high

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Plaza Finance

Plaza Finance

92.87 USDC • 6 total findings • Sherlock • X0sauce

#37

high

`Pool.transferReserveToAuction` does not correctly reduce `currentPeriod` to transfer `reserveTokens` to Auction

medium

Precision difference in `getRedeemAmount` results in inaccurate marketRate and redeemRate compairison

medium

Precision loss in `getCreateAmount` and `getRedeemAmount` functions

medium

Inconsistency in `sharesPerToken` values recorded

medium

Excess bids cannot be removed in `Auction.removeExcessBids` if address is USDC blacklisted

medium

Unspent deposit amount is stuck in `BalancerRouter` and not returned to depositor

Dec '24

SecondSwap

SecondSwap

0.83 USDC • 1 total finding • Code4rena • X0sauce

#63

medium

Listing potential can not be purchased with discounted price

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.01 OP • 1 total finding • Sherlock • X0sauce

#65

medium

The `PythOracle.currentValue` function always returns outdated prices

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • X0sauce

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • X0sauce

#33

high

Market funds cannot be withdrawn for a profile as fees are not subtracted from `fundsPaid` when they are already applied

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

137.02 USDC • Sherlock • X0sauce

#23

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • X0sauce

gold

high

`VVVVCTokenDistributor.claim` can be front-run to steal rewards

Telcoin Update #2

Telcoin Update #2

491.86 USDC • Sherlock • X0sauce

#4

Oct '24

Gamma Brevis Rewarder

Gamma Brevis Rewarder

314.34 OP • 1 total finding • Sherlock • X0sauce

silver

medium

[M-01] Distribution created with very small amount results in lost in fees for fee recipient and distribution assets for hypervisors