https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/34efe8c9-0a7d-46d7-a4e9-3072f2698727.jpg

alexbabits

Security Researcher

Web3 Security.

Contact Me

High

Total

Medium

Total

$305.00

Total Earnings

#1517 All Time

7x

Payouts

3x

Top 10

3x

Top 25

3x

Top 50

All

Sherlock

Code4rena

CodeHawks

Nov '24

Debita Finance V3

7.88 USDC • 1 total finding • Sherlock • alexbabits

#54

high

Buyer doesn't receive NFT that they should get in `buyOrder.sellNFT()`

Jan '24

Covalent

228.10 USDC • 2 total findings • Sherlock • alexbabits

medium

Frontrunning `rewardValidators()` for instant rewards

medium

Validator cannot set new address if more than 300 unstakes in it's array

Telcoin Platform Audit

2.64 USDC • 1 total finding • Sherlock • alexbabits

high

Array swap and pop method during burn() leads to complete loss of user rewards and breaks mint()

Curves

0.01 USDC • 3 total findings • Code4rena • alexbabits

#136

high

Unauthorized Access to setCurves Function

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Dec '23

The Standard

20.37 USDC • 3 total findings • CodeHawks • alexbabits

#53

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

low

Anyone with TST tokens can monitor the mempool and frontrun mint/burn functions to get EUROs rewards without even staking.

low

Incorrectly set `version` for `SmartVaultV3` breaks off-chain integration

Revolution Protocol

1.34 USDC • 1 total finding • Code4rena • alexbabits

#75

medium

Bidder can use donations to get VerbsToken from auction that already ended.

Nov '23

Shell Protocol

44.92 USDC • Code4rena • alexbabits

#10