https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/277c31c8-cdeb-40fc-a578-9fd8ebe10da0.jpg

Zarf

Security Researcher

Blockchain Security Researcher @OpenZeppelin

Contact Me

High

Total

Medium

Solo

Total

$3.76K

Total Earnings

#873 All Time

10x

Payouts

5x

Top 10

7x

Top 25

10x

Top 50

All

Sherlock

Code4rena

Jan '23

Cooler

184.54 USDC • 3 total findings • Sherlock • Zarf

#21

high

no-revert-on-transfer ERC20 tokens not supported

high

Borrower can be prevented to repay loan

medium

toggleRoll can be frontrunned

UXD Protocol

51.94 USDC • 1 total finding • Sherlock • Zarf

#26

high

Depository can pull USDC from arbitrary addresses upon rebalance

Dec '22

Forgeries contest

64.93 USDC • 1 total finding • Code4rena • Zarf

#20

high

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Caviar contest

59.72 USDC • 1 total finding • Code4rena • Zarf

#38

medium

Rounding error in buyQuote might result in free tokens

prePO contest

28.12 USDC • Code4rena • Zarf

#31

NounsDAO

349.49 USDC • 1 total finding • Sherlock • Zarf

medium

Payer’s funds might be permanently locked in certain cases

Nov '22

Opyn Crab Netting

639.85 USDC • 1 total finding • Sherlock • Zarf

high

Contract can be stuck when USDC is paused/recipient blacklisted

Bull v Bear

339.37 USDC • 2 total findings • Sherlock • Zarf

high

Checks-Effects-Interaction pattern not followed

medium

Fee-on-transfer tokens not might leak funds

Bond Protocol

1,782.51 USDC • 1 total finding • Sherlock • Zarf

medium

Read-only reentrancy in BondFixedTermTeller

Oct '22

Merit Circle

257.01 USDC • 1 total finding • Sherlock • Zarf

high

Ability to enjoy max benefits while only being locked for the minimum duration