https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/792c6753-3954-4f6c-9f4b-d7a540659b09.png

X77

Security Researcher

Contact Me

High

Total

Medium

Solo

Total

$16.73K

Total Earnings

#421 All Time

2x

Payouts

1x

1st Places

1x

2nd Places

2x

Top 10

All

Sherlock

May '25

LayerEdge - Staking

4,280.35 USDC • 3 total findings • Sherlock • X77

high

An edge case in `_checkBoundariesAndRecord()` causes wrong tier tracking

high

Incorrect tier tracking when tier 3 staker exits in a certain case

medium

Users might be unable to operate due to OOG error

Jan '25

Peapods

12,444.98 USDC • 23 total findings • Sherlock • X77

high

User will have tokens stuck closing a leverage position due to an unconsidered case

high

Vault inflation attack in `AutoCompoundingPodLp` is possible due to incorrectly minting dead shares

high

Handling tokens in the contract upon adding liquidity results in breaking the optimal one-sided supply amounts

high

`PodUnwrapLocker` can be drained due to an arbitrary input

medium

Users can prevent reward accrual in order to capture rewards distributed before they have joined

medium

`_calculateBasePerPTkn` includes debond fee twice, lowering the price too much

medium

Removing leverage will often revert due to calling an incorrect function

medium

Adding leverage using a podded token will lead to a revert

medium

Leverage position can be impossible to close due to a non-initialized struct field

medium

`_tokenToPodLp` will lower the yield of `AutoCompoundingPodLp` during volatile markets

medium

Bad data would DOS the whole `AutoCompoundingPodLp`

medium

`addInterest` will not update the interest acurately which would enable users to claim rewards for time that they weren't staked inside `LendingAssetVault`

medium

Incomplete logic will allow malicious users to perpetually override the amount to swap to the minimum

medium

`LendingAssetVault::_updateAssetMetadataFromVault()` results in incorrect calculations

medium

Protocol assumes the same deployment on all chains on multiple occasions

medium

MEV bots will steal from users due to an incorrectly manipulated value

medium

Incorrect `min/maxPrice` checks

medium

Incorrect total assets available calculation leads to incorrect utilisation

medium

Removing leverage will often fail when the received pair LP token is insufficient

medium

Pausing rewards will lead to tokens being bricked and users not being able to claim them

medium

A vault can be considered not over-utilized when it is and vice versa upon depositing

medium

Liquidations will revert incorrectly due to an out-of-sync leftover collateral value

medium

Tokens will be stuck in `AutoCompoundingPodLp` if the intermediary swap token is not a reward token