Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/cb9af12c-1065-4096-848f-7682a0044836.jpg

alekso91

Security Researcher

Working hard - every day - max consistency Transitioned into full time solo security researcher in 2025, web3 is my passion since 2017.

Contact Me

High

9

Total

Medium

13

Total

$1.70K

Total Earnings

#1145 All Time

9x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

6x

Top 25

All

Code4rena

Cantina

CodeHawks

Apr '25

mighty-contracts

mighty-contracts

12.33 USDC • 3 total findings • Cantina • qalex

#68

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

liquidity-book-vaults

liquidity-book-vaults

226.02 USDC • 5 total findings • Cantina • qalex

#17

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Mar '25

colorpool-chromia

colorpool-chromia

315.18 USDC • 2 total findings • Cantina • qalex

#18

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

THORWallet

THORWallet

346.49 USDC • 2 total findings • Code4rena • Alekso

bronze

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Core Contracts

Core Contracts

230.84 usdc • 10 total findings • CodeHawks • 0xalexsr

#92

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Hardcoded Exchange Rate Leading to Incorrect Deposits and Redemptions

medium

There is no logic checking for RAACNFT price staleness before minting it

medium

RAACNFT wrongly suppose crvUSD to be equal to 1 dollar

medium

Missing Slippage Protection in `LendingPool.deposit()`

low

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

Lack of incentives for users to call LendingPool::initiateLiquidation allows extensive delay between when health factor dropped below threshold and when grace period starts

low

Missing TokenURI Function in RAACNFT contract Makes All NFTs Look the Same and Unusable

Jan '25

Liquid Ron

Liquid Ron

0.02 USDC • 1 total finding • Code4rena • Alekso

#11

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

IQ AI

IQ AI

210.53 USDC • Code4rena • Alekso

#14

daao-contracts

daao-contracts

2.83 USDC • 3 total findings • Cantina • qalex

#93

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Ignite

Ignite

354.55 usdc • CodeHawks • 0xalexsr

#10