https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

adriro

Security Researcher

Contact Me

High

40

Total

Medium

67

Total

$73.92K

Total Earnings

#135 All Time

42x

Payouts

gold

4x

1st Places

silver

4x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Dec '24

Chainlink Payment Abstraction

Chainlink Payment Abstraction

3,550.23 USDC • Code4rena • adriro

gold

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

738.19 USDC • 1 total finding • Code4rena • adriro

#6

high

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

Kelp DAO | rsETH

Kelp DAO | rsETH

1,086.27 USDC • 4 total findings • Code4rena • adriro

bronze

high

The price of rsEHT could be manipulated by the first staker

high

Possible arbitrage from Chainlink price discrepancy

high

Protocol mints less rsETH on deposit than intended

medium

Lack of slippage control on LRTDepositPool.depositAsset

Oct '23

Party Protocol

Party Protocol

215.71 USDC • 1 total finding • Code4rena • adriro

#22

high

Single host can unfairly skip veto period for proposal that does not have full host support

ENS

ENS

5.43 USDC • Code4rena • adriro

#20

Canto Liquidity Mining Protocol

Canto Liquidity Mining Protocol

1,782.52 USDC • 2 total findings • Code4rena • adriro

bronze

high

Array Length of `tickTracking_ ` Can be Purposely Increased to Brick Minting and Burning of Most Users' Liquidity Positions

medium

Rewards cannot be transferred when calling protocol command

Sep '23

Ondo Finance

Ondo Finance

4,057.52 USDC • 2 total findings • Code4rena • adriro

gold

medium

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

medium

Chain support cannot be removed or cleared in bridge contracts

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

2,395.2 USDC • Code4rena • adriro

#20

May '23

Juicebox Buyback Delegate

Juicebox Buyback Delegate

1,157.51 USDC • Code4rena • adriro

#4

Apr '23

Caviar Private Pools

Caviar Private Pools

450.79 USDC • 8 total findings • Code4rena • adriro

#19

high

Risk of silent overflow in reserves update

medium

Transaction revert if the baseToken does not support 0 value transfer when charging changeFee

medium

`Factory.create`: Predictability of pool address creates multiple issues.

medium

Loss of funds for traders due to accounting error in royalty calculations

medium

Royalty recipients will not get fair share of royalties

medium

`changeFeeQuote` will fail for low decimal ERC20 tokens

medium

Flash loan fee is incorrect in Private Pool contract

medium

EthRouter can't perform multiple changes

Rubicon v2

Rubicon v2

2,632.61 USDC • 11 total findings • Code4rena • adriro

#5

high

Reward accounting is incorrect in BathBuddy contract

high

FeeWrapper fails to handle ETH payment refunds

high

`RubiconMarket._buys` will not work for V1 offers due to the reversion in `cancel` method.

high

An attacker can steal all tokens of users that use `FeeWrapper`

medium

BathBuddy contract should implement methods to pause and unpause contract

medium

Rewards for initial period may be lost in `BathBuddy` contract

medium

Low level calls to accounts with no code will succeed in `FeeWrapper`

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Zero reward rate calculation impedes low-decimals token distributions

medium

Cannot close leveraged positions

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Mar '23

Asymmetry contest

Asymmetry contest

1,540.52 USDC • 7 total findings • Code4rena • adriro

silver

high

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

high

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

high

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

high

Reth `poolPrice` calculation may overflow

medium

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors

medium

DoS due to external call failure

medium

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

4,472.49 USDC • 5 total findings • Code4rena • adriro

silver

high

Users will be able to purchase fewer NFTs than the project had anticipated

medium

Bio lines will overflow the buffer for repeated "continuation" characters

medium

Users can end up buying and paying for a different Tray than the one they were trying to acquire

medium

Incorrect emoji displaying

medium

Bio Protocol - `tokenURI` JSON injection

Polynomial Protocol contest

Polynomial Protocol contest

208.61 USDC • Code4rena • adriro

#25

Neo Tokyo contest

Neo Tokyo contest

3,665.6 USDC • 1 total finding • Code4rena • adriro

gold

high

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Wenwin contest

Wenwin contest

1,307.28 USDC • 3 total findings • Code4rena • adriro

#4

high

`LotteryMath.calculateNewProfit` returns wrong profit when there is no jackpot winner

medium

Unsafe casting from `uint256` to `uint16` could cause ticket prizes to become much smaller than intended

medium

The buyer of the ticket could be front-runned by the ticket owner who claims the rewards before the ticket's NFT is traded

Aragon Protocol contest

Aragon Protocol contest

17,746.25 USDC • 1 total finding • Code4rena • adriro

gold

medium

MerkleMinter created through TokenFactory cannot be upgraded

Jan '23

Canto Identity Protocol contest

Canto Identity Protocol contest

153.57 CANTO • 1 total finding • Code4rena • adriro

#9

medium

Multiple accounts can have the same identity

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

1,767.69 USDC • 8 total findings • Code4rena • adriro

silver

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

medium

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

medium

Funds can be stuck due to wrong order of operations

medium

RabbitHoleReceipt's address might be changed therefore only manual mint will be available

medium

Users may not claim Erc1155 rewards when the Quest has ended

medium

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

medium

User may loose rewards if the receipt is minted after quest end time

Timeswap contest

Timeswap contest

3,809.64 USDC • 3 total findings • Code4rena • adriro

#5

medium

_ownedTokensIndex is SHARED by different owners, as a result, _removeTokenFromAllTokensEnumeration might remove the wrong tokenId.

medium

Burning a `ERC1155Enumerable` token doesn't remove it from the enumeration

medium

`_currentIndex` is incorrectly updated; breaking the ERC1155 enumerable implementation

Ondo Finance contest

Ondo Finance contest

3,616.11 USDC • 2 total findings • Code4rena • adriro

#4

high

Loss of user funds when completing CASH redemptions

medium

KYCRegistry is susceptible to signature replay attack.

Astaria contest

Astaria contest

433.71 USDC • 3 total findings • Code4rena • adriro

#29

high

ERC4626Cloned deposit and mint logic differ on first deposit

medium

Function withdraw() and redeem() in ERC4626RouterBase would revert always because they have unnecessary allowance setting

medium

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

755.73 USDC • 5 total findings • Code4rena • adriro

#15

high

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

high

Arbitrary transactions possible due to insufficient signature validation

high

Attacker can gain control of counterfactual wallet

high

Destruction of the `SmartAccount` implementation

medium

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Dec '22

GoGoPool contest

GoGoPool contest

300.82 USDC • 5 total findings • Code4rena • adriro

#43

high

Hijacking of node operators minipool causes loss of staked funds

medium

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

medium

MultisigManager may not be able to add a valid Multisig

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

Coding logic of the contract upgrading renders upgrading contracts impractical

Forgeries contest

Forgeries contest

71.66 USDC • Code4rena • adriro

#19

Caviar contest

Caviar contest

45.94 USDC • 1 total finding • Code4rena • adriro

#43

medium

Rounding error in buyQuote might result in free tokens

prePO contest

prePO contest

220.97 USDC • 1 total finding • Code4rena • adriro

#25

medium

The recipient receives free collateral token if an ERC20 token that deducts a fee on transfer used as baseToken

Escher contest

Escher contest

1,010.7 USDC • 5 total findings • Code4rena • adriro

#8

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

medium

ETH will get stuck if all NFTs do not get sold.

medium

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

medium

Creator can still "cancel" a sale after it has started by revoking permissions in `OpenEdition` contract

medium

NFTs mintable after Auction deadline expires

PoolTogether contest

PoolTogether contest

53.42 USDC • Code4rena • adriro

#12

NounsDAO

NounsDAO

114.65 USDC • 1 total finding • Sherlock • adriro

#6

medium

Allow payer to recover tokens sent in excess

Nov '22

Opyn Crab Netting

Opyn Crab Netting

385.06 USDC • 2 total findings • Sherlock • adriro

#13

high

`checkOrder` function can be used by a griefer to invalidate an order or cause a DoS by frontrunning the auction calls

high

Potential DoS in `depositsQueued` and `withdrawsQueued` functions

Redacted Cartel contest

Redacted Cartel contest

824.67 USDC • 1 total finding • Code4rena • adriro

#17

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

Buffer Finance

Buffer Finance

1,013.05 USDC • 2 total findings • Sherlock • adriro

#6

high

`asset` param from publisher isn't validated in function `resolveQueuedTrades` of `BufferRouter` contract

medium

ERC20 `transferFrom` isn't validated in function `initiateTrade` of `BufferRouter` contract

Blur Exchange contest

Blur Exchange contest

1,083.73 USDC • 3 total findings • Code4rena • adriro

#4

high

Direct theft of buyers ETH funds.

medium

Pool designed to be upgradeable but does not set owner, making it unupgradeable

medium

Yul `call` return value not checked

LooksRare Aggregator contest

LooksRare Aggregator contest

36.34 USDC • Code4rena • adriro

#24

Debt DAO contest

Debt DAO contest

9,439.35 USDC • 10 total findings • Code4rena • adriro

silver

high

Non-existing revenue contract can be passed to claimRevenue to send all tokens to treasury

high

addCredit / increaseCredit cannot be called by lender first when token is ETH

high

Borrower can close a credit without repaying debt

high

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

high

Call to declareInsolvent() would revert when contract status reaches liquidation point after repayment of credit position 1

medium

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

medium

The lender can draw out extra credit token from borrower's account

medium

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • adriro

#30

Inverse Finance contest

Inverse Finance contest

87.22 USDC • 1 total finding • Code4rena • adriro

#36

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

Holograph contest

Holograph contest

1,331.96 USDC • 3 total findings • Code4rena • adriro

#7

high

Failed job can't be recovered. NFT may be lost.

medium

Bad source of randomness

medium

MED - Incorrect implementation of ERC721 may have bad consequences for receiver

Trader Joe v2 contest

Trader Joe v2 contest

279.81 USDC • Code4rena • adriro

#19

Blur Exchange contest

Blur Exchange contest

32.65 USDC • 3 total findings • Code4rena • adriro

#23

high

Direct theft of buyers ETH funds.

medium

Pool designed to be upgradeable but does not set owner, making it unupgradeable

medium

Yul `call` return value not checked

Sep '22

VTVL contest

VTVL contest

9.83 USDC • 1 total finding • Code4rena • adriro

#78

medium

Supply cap of VariableSupplyERC20Token is not properly enforced