Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/bc007664-a1b9-4b17-8ca6-c945f5f1ebb2.jpg

Yashar

smashing codes

Contact Me

High

5

Total

Medium

16

Total

$19.24K

Total Earnings

#402 All Time

13x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

Cantina

Immunefi

Mar '25

Attackathon | Movement Labs

Attackathon | Movement Labs

2,718 USDC • 2 total findings • Immunefi • Cartel

#22

high

Finding not yet public.

high

Finding not yet public.

Feb '25

Attackathon | Stacks II

Attackathon | Stacks II

4,783 STX • 1 total finding • Immunefi • Cartel

#8

medium

Finding not yet public.

Jan '25

infrared-contracts

infrared-contracts

7,604.41 USDC • 3 total findings • Cantina • yashar

#11

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Oct '24

optimism-java

optimism-java

247.21 OP • 1 total finding • Cantina • yashar

#11

medium

Finding not yet public.

Aug '24

Sentiment V2

Sentiment V2

155.09 USDC • 2 total findings • Sherlock • Yashar

#26

medium

Attacker can DoS the `SuperPoolFactory`

medium

De-Whitelisted tokens remain usable as collateral due to incomplete asset revocation

Jul '24

LoopFi

LoopFi

3.52 USDC • 3 total findings • Code4rena • yashar

#52

medium

WhenNotPaused modifier in the CDPVault can be bypassed by users

medium

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

MakerDAO Endgame

MakerDAO Endgame

230.94 USDC • Sherlock • Yashar

#89

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

40.06 USDC • 3 total findings • Sherlock • Yashar

#42

high

The voting mechanism for the periods that have a bribe will be DoSed

medium

Attacker can manipulate the `lockDuration` of other users positions

medium

Attackers can drain the rewards

Jun '24

Andromeda – Validator Staking ADO and Vesting ADO

Andromeda – Validator Staking ADO and Vesting ADO

416.09 USDC • 1 total finding • Sherlock • Yashar

#6

medium

Stakers Funds Will Be Permanently Locked Within the Contract if a Validator is Tombstoned

Mar '24

zkSync Era

zkSync Era

565.16 USDC • 1 total finding • Code4rena • yashar

#11

medium

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Jan '24

reNFT

reNFT

8.62 USDC • Code4rena • yashar

#63

Oct '23

Open Dollar

Open Dollar

2,468.82 USDC • 3 total findings • Code4rena • yashar

bronze

medium

Malicious users are able to bypass the Tax payment using making a Fake BasicActions Contract

medium

Updating `SafeManager` address in the `Vault721` will disable NFV minting

medium

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

Aug '23

Dopex

Dopex

0.15 USDC • 1 total finding • Code4rena • yashar

#124

high

The peg stability module can be compromised by forcing lowerDepeg to revert.