https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/d9827a08-3600-4d7d-966a-d4562c36f5a1.png

aman

Security Researcher

Blockchain Developer | javascript | golang | Nodejs | docker | k8s 543f011d70

Contact Me

High

18

Total

Medium

1

Solo

18

Total

$8.50K

Total Earnings

#599 All Time

29x

Payouts

silver

1x

2nd Places

regular

6x

Top 10

regular

13x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Mar '25

Audit Comp | Yeet

Audit Comp | Yeet

38 USDC • 1 total finding • Immunefi • aman

#48

high

Finding not yet public.

Jan '25

Aave v3.3

Aave v3.3

116.85 USDC • Sherlock • aman

#74

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

59.69 USDC • Sherlock • aman

#38

Debita Finance V3

Debita Finance V3

0.47 USDC • 1 total finding • Sherlock • aman

#56

medium

A malicious lender can obstruct legitimate lenders from canceling or fully fulfilling their offers if the offer is not perpetual.

Sep '24

Liquid Staking

Liquid Staking

201.10 USDC • 5 total findings • CodeHawks • 0xaman

#27

medium

Remove splitter will always revert if there are some rewards left on splitter contract

low

Upgrading `OperatorVCS` Contract Will Fail

low

Upgrade Initialization Logic Will Never Execute Due to Incorrect Initializer Usage in CommunityVCS

low

No way to update unbonding and claim periods

low

Due To The `minWithdrawalAmount` check Users Who Want To Withdraw Wont Be Able To Queue Their Token Withdrawals On Some Amounts

Royco Protocol

Royco Protocol

42.34 USDC • 1 total finding • Cantina • 0xaman

#52

high

Finding not yet public.

symbioticfi-core

symbioticfi-core

1,211.51 USDC • 1 total finding • Cantina • 0xaman

#10

medium

Finding not yet public.

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

174.57 USDC • Sherlock • aman

#8

ZeroLend One

ZeroLend One

24.22 USDC • 2 total findings • Sherlock • aman

#42

medium

The `getAssetPrice` Staleness check will result in doS for a lot of oracles

medium

To withdraw the donation or Front running assets from market will result in DoS for `reallocation`

Winnables Raffles

Winnables Raffles

3.36 USDC • 1 total finding • Sherlock • aman

#35

high

The Attacker will Cancel the Raffle In PRIZE_LOCKED

Tadle

Tadle

162.88 USDC • 4 total findings • CodeHawks • 0xaman

#39

high

TokenManager - Unlimited withdraw

high

Native token withdrawal fails until manually approved

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

low

The user will be able to close Bid Offer even in case if marketplace is not in BidSettling

Jul '24

ArkProject: NFT Bridge

ArkProject: NFT Bridge

249.56 USDC • 3 total findings • CodeHawks • 0xaman

#28

high

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

low

Incorrect function signatures in `_callBaseUri` break `baseURI` functionality

low

function erc721Metadata returns empty base uri instead of token uris

Zaros Part 1

Zaros Part 1

20.64 USDC • 3 total findings • CodeHawks • 0xaman

#77

high

Market Disruption and Financial Loss Post-Liquidation

medium

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

low

Liquidation of accounts collateral not posible because some chainlink price feed doesn't exist or are marked as medium risk by chainlink

TempleGold

TempleGold

21.05 USDC • 1 total finding • CodeHawks • 0xaman

#35

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

567.63 USDC • 2 total findings • Sherlock • aman

#9

high

minPurchaseAmount check wil be bypassed in case of `borrowToken==DAI`

high

`WithdrawRequestBase:_splitWithdrawRequest` assigns a request ID of `0` to `_to` when `w.vaultShares == vaultShares` and the vault shares cannot be redeemed.

Pegasus

Pegasus

250 USDC • Cantina • 0xaman

#11

May '24

Tokensoft Distributor Contracts Update

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • aman

silver

medium

The `new bytes(0)` will result in revert for claim function

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

467.13 USDC • 1 total finding • Sherlock • aman

#15

medium

PUSH0 is not supported by Linea

Elfi

Elfi

400.37 USDC • 4 total findings • Sherlock • aman

#11

high

User will loss the Rewards for stacking if he redeem without claiming the reward

medium

The USer will receive less amount than user expected

medium

Loss Fee does not get added due to wrong calculation

medium

`isHoldAmountAllowed` and `isSubAmountAllowed` wrong subtraction will result in DoS

Sablier

Sablier

550.31 USDC • 3 total findings • CodeHawks • 0xaman

#11

medium

Use of CREATE method is suspicious of reorg attack

low

Cancelling a Merkle Lockup is only callable by `initialAdmin` even after `admin` had been modified

low

Stream sender is unable to cancel a stream with a pausable asset that is paused

Apr '24

Renzo

Renzo

13.53 USDC • 2 total findings • Code4rena • aman

#47

high

Incorrect withdraw queue balance in TVL calculation

high

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Teller Finance

Teller Finance

146.42 USDC • 2 total findings • Sherlock • aman

#22

high

After Claiming NFT the lender will not be able to close Loan

medium

Fee-on-Transfer Token will effect the complete accounting and result in DoS

Mar '24

Zap Protocol

Zap Protocol

9.97 USDC • 1 total finding • Sherlock • aman

#12

high

All the funds are at risk due to reentrancy attack

WOOFi Swap

WOOFi Swap

127.48 USDC • 1 total finding • Sherlock • aman

#9

medium

Fee will also got dedecuted in case of local swap and direct transfer

Feb '24

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

1,699 USDC • 1 total finding • Immunefi • aman

#7

medium

Finding not yet public.

Jan '24

Blast

Blast

528.81 USDC • 1 total finding • Cantina • 0xaman

#48

medium

Finding not yet public.

Salty.IO

Salty.IO

55.12 USDC • 2 total findings • Code4rena • aman

#87

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

medium

If there is only one USDS borrower, he can never be liquidated

Dec '23

The Standard

The Standard

0.07 USDC • 1 total finding • CodeHawks • 0xaman

#102

high

Rewards can be drained because of lack of access control

Sep '23

DittoETH

DittoETH

1,057.48 USDC • 2 total findings • CodeHawks • 0xaman

#14

high

Previous NFT owner can burn NFT from the new owner

low

`onERC721Received()` callback is never called when new tokens are minted in Erc721Facet.sol