https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/6e689b63-30a2-4b07-8731-c6c7aade5b03.jpg

alix40

Security Researcher

Contact Me

High

13

Total

Medium

23

Total

$55.81K

Total Earnings

#187 All Time

11x

Payouts

silver

1x

2nd Places

bronze

1x

3rd Places

regular

5x

Top 10

All

Code4rena

Cantina

Dec '24

Flex Perpetuals

Flex Perpetuals

63.04 USDC • 1 total finding • Code4rena • alix40

bronze

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

bima-money

bima-money

1,351.61 USDC • 1 total finding • Cantina • alix40

#18

medium

Finding not yet public.

Jun '24

eBTC Zap Router

eBTC Zap Router

2,356.92 USDC • 1 total finding • Code4rena • alix40

#4

medium

Staking ETH incorrectly assumes revert bubbling

Size

Size

3,146.73 USDC • 7 total findings • Code4rena • alix40

#12

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

Borrower is not able to compensate his lenders if he is underwater

medium

`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool

medium

Multicall does not work as intended

medium

LiquidateWithReplacement does not charge swap fees on the borrower

medium

withdraw() users may can't withdraw underlyingBorrowToken properly

May '24

Euler-v2

Euler-v2

20,862 USDC • Cantina • alix40

#4

Apr '24

DYAD

DYAD

1,417.44 USDC • 9 total findings • Code4rena • alix40

silver

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

high

User can get their Kerosene stuck because of an invalid check on withdraw

high

Flash loan protection mechanism can be bypassed via self-liquidations

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

medium

Liquidating positions with bounded Kerosen could be unprofitable for liquidators

medium

Incorrect deployment / missing contract will break functionality

medium

No incentive to liquidate when CR <= 1 as asset received < dyad burned

Mar '24

Revert Lend

Revert Lend

463.91 USDC • 4 total findings • Code4rena • alix40

#27

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

medium

V3Vault is not ERC-4626 compliant

medium

Lack of safety buffer in `_checkLoanIsHealthy` could subject users who take out the max loan into a forced liquidation

medium

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

Feb '24

curvance

curvance

25,890.43 USDC • 13 total findings • Cantina • alix40

#6

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

HydraDX

HydraDX

150.19 USDC • Code4rena • alix40

#16

Jan '24

reNFT

reNFT

88.09 USDC • Code4rena • alix40

#40

Nov '23

Panoptic

Panoptic

19.82 USDC • Code4rena • alix40

#27