anchabadze

Security Researcher

Father and husband Ex-concert promoter Currently learning Web3 security

Contact Me

High

Total

Medium

Total

$3.13K

Total Earnings

#980 All Time

14x

Payouts

1x

3rd Places

3x

Top 10

9x

Top 25

All

Sherlock

Code4rena

CodeHawks

Aug '25

Morpheus

2,305.65 USDC • 1 total finding • Code4rena • anchabadze

medium

Protocol doesn't Properly handle Aave Pool changes

Jul '25

Mellow Flexible Vaults

2.62 USDC • 1 total finding • Sherlock • anchabadze

#42

high

Signature uniqueness not enforced in consensus multisig validation

Notional Exponent

17.25 USDC • 1 total finding • Sherlock • anchabadze

#48

medium

Hardcoded chain ID check prevents contract deployment after ethereum hardfork and multichain expansion

May '25

LEND

212.74 USDC • 5 total findings • Sherlock • anchabadze

#19

high

Cross-chain operations lack decimal transformation causing fund loss

high

Cross-chain liquidation allows liquidators to seize collateral without repaying debt

high

Cross-chain collateral borrow calculation uses impossible filtering condition

medium

No incentive to liquidate small positions could result in accumulation of bad debt

medium

Mixing protocol-wide borrow value with token-specific index leads to inconsistent liquidation eligibility

Apr '25

Kinetiq

267.57 USDC • 1 total finding • Code4rena • anchabadze

#20

medium

Missing withdrawal pause check in `confirmWithdrawal` allows bypassing withdrawal restrictions

Mar '25

Crestal Network

2.38 USDC • 2 total findings • Sherlock • anchabadze

#10

high

Arbitrary from parameter in transferFrom allows unauthorized token transfers

medium

Unlimited request assignment and lack of the mechanism to revoke worker permissions enables protocol-wide DoS attack via malicious worker

Symmio, Staking and Vesting

39.69 USDC • 1 total finding • Sherlock • anchabadze

#15

medium

Incorrect initializer modifier in Vesting contract prevents proper initialization

Feb '25

Yieldoor

29.53 USDC • 1 total finding • Sherlock • anchabadze

#21

high

Incorrect tick parameter in collectFees() function leads to loss of vesting position fees or possible complete protocol lockup

THORWallet

0.35 USDC • 1 total finding • Code4rena • anchabadze

high

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Virtuals Protocol

33.96 USDC • 2 total findings • Code4rena • anchabadze

#57

medium

Attacker can prevent user from executing application registered through `initFromToken()` in `AgentFactoryV4`.

medium

`amountOutMin` passed in as 0 in `AgentToken::_swapTax` leads to loss of funds due to slippage

Liquidity Management

185.53 usdc • 3 total findings • CodeHawks • anchabadze

#25

high

Wrong refundExecutionFee in _handleReturn

medium

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

medium

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

Core Contracts

27.27 usdc • 2 total findings • CodeHawks • anchabadze

#226

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

medium

The endAuction function attempts to send native tokens to the StabilityPool, which does not support

Jan '25

IQ AI

3.58 USDC • 1 total finding • Code4rena • anchabadze

#16

medium

Ineffective proposal threshold validation allows setting arbitrary high values

Dec '24

SecondSwap

4.14 USDC • 1 total finding • Code4rena • anchabadze

#56

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step