ami

Security Researcher

High

Total

Medium

Total

$1.80K

Total Earnings

#1059 All Time

5x

Payouts

1x

1st Places

1x

3rd Places

4x

Top 10

All

Sherlock

Feb '25

Rova

0.04 USDC • 1 total finding • Sherlock • ami

medium

Incorrect use of the `refundCurrencyAmount` variable in the `Launch.updateParticipation` function

Dec '24

Oku's New Order Types Contract Contest

117.43 OP • 5 total findings • Sherlock • ami

#17

high

Malicious attackers can steal funds from the protocol by creating same order ids

high

Malicious attackers can steal funds from `OracleLess` contract by calling `fillOrder` function with malicious contract as `target` variable

high

The `execute` functions should reset the allowance of the `tokenIn` token to 0 after execution of `target.call(txData)`

medium

Malicious attackers can cause out of gas to fill orders by creating a lot of orders in the `OracleLess` contract

medium

Filling stop limit order created with 'Swap-On-Fill' creates the new bracket order with incorrect `direction` value

Nov '24

Ethos Network Financial Contracts

1,011.36 USDC • 3 total findings • Sherlock • ami

high

Arbitrage attackers can steal funds from the reputation market.

high

In the `ReputationMarket.buyVotes` function, `marketFunds[profileId]` should not contain protocol entry fee and donation fee

medium

The `EthosVouch.applyFees` function calculates the protocol, donation and vouchersPool fee incorrectly

Nouns DAO - Auction Streams

578.45 USDC • Sherlock • ami

#10

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • ami

high

A malicious attacker can frontrun the `claim()` function