https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/cc036d1b-6b51-4a5c-ae01-2737b0ef7bcf.jpg

air_0x

Security Researcher

Contact Me

High

11

Total

Medium

9

Total

$583.00

Total Earnings

#1483 All Time

13x

Payouts

regular

2x

Top 10

regular

7x

Top 25

regular

8x

Top 50

All

Code4rena

Cantina

CodeHawks

May '25

primev-validator-registry

primev-validator-registry

0.18 USDC • 1 total finding • Cantina • spaceimage

#6

high

Finding not yet public.

stability-contracts

stability-contracts

166.63 USDC • 2 total findings • Cantina • spaceimage

#19

medium

Finding not yet public.

medium

Finding not yet public.

alchemix-v3

alchemix-v3

13.7 USDC • 3 total findings • Cantina • spaceimage

#105

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Apr '25

mighty-contracts

mighty-contracts

11.86 USDC • 1 total finding • Cantina • spaceimage

#73

medium

Finding not yet public.

liquidity-book-vaults

liquidity-book-vaults

32.73 USDC • 1 total finding • Cantina • 0xair

#45

medium

Finding not yet public.

Feb '25

Core Contracts

Core Contracts

44.84 usdc • 7 total findings • CodeHawks • air

#197

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Attackers can double voting power and veToken amount by locking and increasing

high

Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses

medium

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

low

Canceled vote still get voted on and accumulate voting power in Goverance.sol

low

LendingPool protocol fee is not properly handled

Jan '25

Next Generation

Next Generation

3.55 USDC • 1 total finding • Code4rena • air_0x

#15

medium

Lack of deadline check in forwarded request

Liquid Ron

Liquid Ron

0.02 USDC • 2 total findings • Code4rena • air_0x

#11

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Dec '24

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • air_0x

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Aug '24

The Wildcat Protocol

The Wildcat Protocol

0 USDC • Code4rena • air_0x

#13

Tadle

Tadle

0.02 USDC • 2 total findings • CodeHawks • air

#170

high

Native token withdrawal fails until manually approved

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Jul '24

TraitForge

TraitForge

0 USDC • 1 total finding • Code4rena • air_0x

#89

medium

Forger Entities can forge more times than intended

May '24

Predy

Predy

247.6 USDC • 1 total finding • Code4rena • air_0x

#22

high

Reallocation depends on the slot0 price, which can be manipulated.