https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_3.png

__141345__

Security Researcher

Contact Me

High

36

Total

Medium

1

Solo

75

Total

$68.34K

Total Earnings

#134 All Time

67x

Payouts

gold

1x

1st Places

silver

2x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Aug '23

Dopex

Dopex

3,073.82 USDC • 4 total findings • Code4rena • __141345__

#4

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

Put settlement can be anticipated and lead to user losses and bonding DoS

medium

User can avoid paying high premium price by correctly timing his bond call

medium

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

32.30 USDC • 7 total findings • Sherlock • __141345__

#50

high

`ethOracle` in `StableOracleDAI` is `addr(0)`

high

No access control on `mintRebalancer()/burnRebalancer()`

high

Extra 1e18 scaling in `BuyUSSDSellCollateral()`

high

Need slippage control for rebalance swap

high

Spot price in `getOwnValuation()` could be manipulated

medium

`latestRoundData()` has no check for stale price and round completeness

medium

WBTC depeg risk

Footium

Footium

0.01 USDC • 1 total finding • Sherlock • __141345__

#32

medium

ERC20 `tranfer()` return value not checked

Apr '23

Teller

Teller

11.74 USDC • 2 total findings • Sherlock • __141345__

#48

high

DoS with malicious collateral contract to manipulate `collateralAddresses[]`

medium

Fee on transfer token support

Frankencoin

Frankencoin

6,945.35 USDC • 5 total findings • Code4rena • __141345__

gold

high

CHALLENGER_REWARD can be used to drain reserves and free mint

high

transfer position ownership to `addr(0)` to DoS `end()` challenge

medium

need alternative ways for fund transfer in `end()` to prevent DoS

medium

Challengers and bidders can collude together to restrict the minting of position owner

medium

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Rubicon v2

Rubicon v2

29.3 USDC • 4 total findings • Code4rena • __141345__

#92

high

Reward accounting is incorrect in BathBuddy contract

high

DOS of market operations with malicious offers

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Mar '23

Gitcoin

Gitcoin

231.20 USDC • Sherlock • __141345__

#19

Asymmetry contest

Asymmetry contest

10.74 USDC • 1 total finding • Code4rena • __141345__

#116

medium

DoS due to external call failure

Polynomial Protocol contest

Polynomial Protocol contest

216.35 USDC • Code4rena • __141345__

#23

Feb '23

Surge

Surge

160.57 USDC • 2 total findings • Sherlock • __141345__

#12

high

Steal liquidatable borrower's collateral using rounding down

high

Steal deposit fund when `deposit()` by exchange rate manipulation

Carapace

Carapace

287.12 USDC • 3 total findings • Sherlock • __141345__

#21

high

LP token should be transferred to the seller if defaulted

high

DoS when accruing Premium

medium

Expired protection capital could still be locked

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

18.7 USDC • 1 total finding • Code4rena • __141345__

#72

medium

Possible scenario for Signature Replay Attack

Reserve contest

Reserve contest

3,558.64 USDC • 3 total findings • Code4rena • __141345__

#11

medium

Loss of staking yield for stakers when another user stakes in pause/frozen state

medium

RToken permanently insolvent/unusable if a single collateral in the basket behaves unexpectedly

medium

Should Accrue Before Change, Loss of Rewards in case of change of settings

Dec '22

Papr contest

Papr contest

287.37 USDC • 1 total finding • Code4rena • __141345__

#22

medium

Disabled NFT collateral should not be used to mint debt

GoGoPool contest

GoGoPool contest

762.68 USDC • 5 total findings • Code4rena • __141345__

#29

medium

Division by zero error can block RewardsPool#startRewardCycle if all multisig wallet are disabled.

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

medium

Cancellation of minipool may skip MinipoolCancelMoratoriumSeconds checking if it was cancelled before

medium

Inflation rate can be reduce by half at most if it get called every 1.99 interval.

medium

Bypass `whenNotPaused` modifier

Caviar contest

Caviar contest

47.25 USDC • 2 total findings • Code4rena • __141345__

#42

high

Liquidity providers may lose funds when adding liquidity

high

First depositor can break minting of shares

Rain

Rain

113.51 USDC • Sherlock • __141345__

#9

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

3,067.24 USDC • 9 total findings • Code4rena • __141345__

#6

high

Malicious user can steal all assets in BondNFT

high

Incorrect Assumption of Stablecoin Market Stability

medium

Must approve 0 first

medium

Approved operators of Position token can't call Trading.initiateCloseOrder

medium

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

medium

`BondNFT.sol#claim()` needs to correct all the missing epochs

medium

Unreleased locks cause the reward distribution to be flawed in BondNFT

medium

Chainlink price feed is not sufficiently validated and can return stale price

medium

Lock.sol: claimGovFees function can cause assets to be stuck in the Lock contract

Escher contest

Escher contest

0.61 USDC • 1 total finding • Code4rena • __141345__

#71

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Nov '22

ParaSpace contest

ParaSpace contest

1,711.52 USDC • 4 total findings • Code4rena • __141345__

#15

high

Discrepency in the Uniswap V3 position price calculation because of decimals

medium

Fallback oracle is using spot price in Uniswap liquidity pool, which is very vulnerable to flashloan price manipulation

medium

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

medium

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Opyn Crab Netting

Opyn Crab Netting

148.20 USDC • 2 total findings • Sherlock • __141345__

#17

high

`checkOrder()` need access control

medium

Unbounded loop could DoS `withdrawUSDC()/dequeueCrab()` and lock user fund

Isomorph

Isomorph

137.22 USDC • 1 total finding • Sherlock • __141345__

#20

medium

`latestRoundData()` has no check for round completeness

Redacted Cartel contest

Redacted Cartel contest

4,323.79 USDC • 3 total findings • Code4rena • __141345__

#5

high

Users Receive Less Rewards Due To Miscalculations

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

Reward tokens mismanagement can cause users losing rewards

Buffer Finance

Buffer Finance

4,673.69 USDC • 3 total findings • Sherlock • __141345__

silver

high

steal pool profit by timing the `unlock` transaction

medium

transfer return value not checked

medium

non standard ERC20 support

Bull v Bear

Bull v Bear

306.83 USDC • 1 total finding • Sherlock • __141345__

#10

high

`reclaimContract()` need to check if the order is matched

SIZE contest

SIZE contest

14.14 USDC • 2 total findings • Code4rena • __141345__

#40

medium

Attacker may DOS auctions using invalid bid parameters

medium

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Debt DAO contest

Debt DAO contest

1,181.59 USDC • 4 total findings • Code4rena • __141345__

#21

medium

The lender can draw out extra credit token from borrower's account

medium

Mistakenly sent eth could be locked

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

Chainlink Staking contest

Chainlink Staking contest

4,797.62 USDC • Code4rena • __141345__

#8

Oct '22

Rage Trade

Rage Trade

149.37 USDC • 1 total finding • Sherlock • __141345__

#6

medium

Steal deposit fund in ERC4626 vault by exchange rate manipulation

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • __141345__

#30

Inverse Finance contest

Inverse Finance contest

56.12 USDC • 1 total finding • Code4rena • __141345__

#40

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Illuminate

Illuminate

125.51 USDC • 1 total finding • Sherlock • __141345__

#24

high

Bypass paused `redeem()`

Astaria

Astaria

919.51 USDC • 4 total findings • Sherlock • __141345__

#9

high

`LIEN_TOKEN.ownerOf(i)` should be `LIEN_TOKEN.ownerOf(liensRemaining[i])`

medium

If an auction has no bidder, the NFT ownership should go back to the loan lenders

medium

Steal deposit fund in ERC4626 vault by exchange rate manipulation

medium

Over payment should be returned

Holograph contest

Holograph contest

318.36 USDC • 3 total findings • Code4rena • __141345__

#22

medium

Source contract can steal NFTs from users

medium

Bad source of randomness

medium

`_payoutToken[s]()` is not compatible with tokens with missing return value

3xcalibur contest

3xcalibur contest

935.69 USDC • Code4rena • __141345__

#8

Juicebox contest

Juicebox contest

63.84 USDC • Code4rena • __141345__

#17

Trader Joe v2 contest

Trader Joe v2 contest

614.1 USDC • 1 total finding • Code4rena • __141345__

#15

high

Transfering funds to yourself increases your balance

The Graph L2 bridge contest

The Graph L2 bridge contest

271.42 USDC • Code4rena • __141345__

#13

Blur Exchange contest

Blur Exchange contest

32.65 USDC • Code4rena • __141345__

#23

Mycelium

Mycelium

99.78 USDC • 1 total finding • Sherlock • __141345__

#9

high

Vault exchange rate manipulation in `deposit()`

Sep '22

Knox Finance

Knox Finance

4,559.98 USDC • 4 total findings • Sherlock • __141345__

#5

high

Unbounded length loop could cause DoS in `_processOrders()`

high

Underflow in `_previewWithdraw()` causing DoS

medium

`epochsByBuyer[]` can lose records

medium

`latestRoundData()` might return stale or incorrect results

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

3,335.24 USDC • 1 total finding • Code4rena • __141345__

#5

medium

`exp()` function is not accurate when `x/g` is not small

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

3,298.16 USDC • 3 total findings • Code4rena • __141345__

silver

medium

Rewards delay release could cause yields steal and loss

medium

frxETH can be depegged due to ETH staking balance slashing

medium

`getNextValidator()` error could temporarily make `depositEther()` inoperable

VTVL contest

VTVL contest

148.58 USDC • 2 total findings • Code4rena • __141345__

#35

medium

Variable balance token causing fund lock and loss

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

Art Gobblers contest

Art Gobblers contest

930.57 USDC • Code4rena • __141345__

#14

Y2k Finance contest

Y2k Finance contest

52.83 USDC • Code4rena • __141345__

#49

PartyDAO contest

PartyDAO contest

117.98 USDC • Code4rena • __141345__

#39

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.6 USDC • Code4rena • __141345__

#13

Canto Dex Oracle contest

Canto Dex Oracle contest

1,212.51 CANTO • 1 total finding • Code4rena • __141345__

#6

high

Hardcoded USD pegs can be broken

Nouns Builder contest

Nouns Builder contest

768.01 USDC • 4 total findings • Code4rena • __141345__

#29

medium

Founders can receive less tokens that expected

medium

The quorum votes calculations don't take into account burned tokens

medium

A proposal can pass with 0 votes in favor at early DAO stages

medium

Auction parameters can be changed during ongoing auction

Aug '22

Sentiment

Sentiment

607.68 USDC • 3 total findings • Sherlock • __141345__

#16

high

Steal deposit fund in ERC4626 vault using rounding down error

medium

ERC20 tokens with pause mode could break repay/liquidation functionality

medium

Chainlink `latestRoundData()` might return stale or incorrect results

Olympus DAO contest

Olympus DAO contest

441.48 USDC • 3 total findings • Code4rena • __141345__

#37

medium

`activateProposal()` need time delay

medium

Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

55.52 USDC • Code4rena • __141345__

#26

FIAT DAO veFDT contest

FIAT DAO veFDT contest

44.89 USDC • Code4rena • __141345__

#58

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

1,214.68 USDC • 1 total finding • Code4rena • __141345__

#10

medium

Liquidator might end up paying much more asset than collateral received

Foundation Drop contest

Foundation Drop contest

62.14 USDC • Code4rena • __141345__

#45

Mimo August 2022 contest

Mimo August 2022 contest

67.51 USDC • Code4rena • __141345__

#40

Rigor Protocol contest

Rigor Protocol contest

112.34 USDC • 1 total finding • Code4rena • __141345__

#42

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

7,787.96 USDC • 1 total finding • Code4rena • __141345__

bronze

medium

Add cancel and refund option for Transaction Recovery

Golom contest

Golom contest

129.98 USDC • Code4rena • __141345__

#72

Yield Witch v2 contest

Yield Witch v2 contest

65.42 USDC • Code4rena • __141345__

#14

Swivel v3 contest

Swivel v3 contest

76.37 USDC • Code4rena • __141345__

#37

ENS contest

ENS contest

124.78 USDC • 1 total finding • Code4rena • __141345__

#42

medium

transfer() depends on gas consts

Fractional v2 contest

Fractional v2 contest

104.37 USDC • 1 total finding • Code4rena • __141345__

#64

medium

Delegate call in `Vault#_execute` can alter Vault's ownership

Juicebox V2 contest

Juicebox V2 contest

395.03 USDC • Code4rena • __141345__

#23

Jun '22

Putty contest

Putty contest

73.45 USDC • Code4rena • __141345__

#58

Canto v2 contest

Canto v2 contest

2,752.3 USDC • 2 total findings • Code4rena • __141345__

#4

high

Oracle periodSize is very low allowing the TWAP price to be easily manipulated

high

The LP pair underlying price quote could be manipulated