https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/432af721-6eac-446a-9149-60817f04b287.png

araj

Security Researcher

Solidity || Smart Contract Security Researcher

Contact Me

High

43

Total

Medium

23

Total

$13.85K

Total Earnings

#439 All Time

20x

Payouts

gold

1x

1st Places

bronze

1x

3rd Places

regular

8x

Top 10

All

Sherlock

Code4rena

CodeHawks

Apr '25

BitVault

BitVault

3,476.38 USDC • 2 total findings • Code4rena • araj

gold

medium

Non-whitelisted owner can also hold/own a troveNFT

medium

The current implementation is incompatible with `WBTC` as collateral token

Jan '25

Beraborrow

Beraborrow

1,216.04 USDC • Sherlock • araj

#8

Findings not publicly available for private contests.

Nov '24

Extra Finance

Extra Finance

1,665.90 OP • Sherlock • araj

bronze

Findings not publicly available for private contests.

Debita Finance V3

Debita Finance V3

8.36 USDC • 2 total findings • Sherlock • araj

#52

high

buyOrder:sellNFT() transfers NFT to contract itself instead of transferring to owner

medium

A malicious user can delete all the lendOrders in factory by repeatedly calling cancelOffer() & addFunds()

Sep '24

Liquid Staking

Liquid Staking

81.03 USDC • 2 total findings • CodeHawks • 0xaraj

#32

low

Wrong value emitted in Withdraw event

low

Due To The `minWithdrawalAmount` check Users Who Want To Withdraw Wont Be Able To Queue Their Token Withdrawals On Some Amounts

Flayer

Flayer

1,326.05 USDC • 11 total findings • Sherlock • araj

#10

high

Possible overflow in `quorumVotes` while starting a shutdown in CollectionShutdown.sol

high

Already `executed/sunset` collection can be `cancel()`, preventing users from claiming their `ETH`

high

Users can't reclaim votes due to arithmetic underflow if collection is cancelled

high

`listingCount` is not updated when floor token is directly relisted using `listing:relist()`

high

relist() can be used to `prevent` a tokenId from filling/selling with less than 0.15% of one collectionToken

high

`withdrawProtectedListing()` can be DoS, user will lost his NFT

high

`_listings` mapping is not deleted when a tokenId is reserved in `Listing:reserve()`

high

`_isLiquidation` mapping is not deleted in `listing:reserve()` when a liquidation tokenId is reserved

high

When a liquidationListing is relisted, owner receives taxRefund, which should not

high

`_distributeFees()` only checks for `donateThresholdMin` but not `donateThresholdMax`

medium

Previous `beneficiary` will not be able to claim `beneficiaryFees` if current beneficiary is a pool

Aug '24

Fjord Token Staking

Fjord Token Staking

113.49 USDC • 2 total findings • CodeHawks • 0xaraj

#13

medium

[H-01] Auction tokens will be lost forever when auction ends without bids

medium

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

Winnables Raffles

Winnables Raffles

9.76 USDC • 4 total findings • Sherlock • araj

#25

high

`createRaffle()` can be DoS using `cancelRaffle()`

high

`refundPlayers()` doesn't update the `lockedETH`

high

Malicious user can pass different `prizeManager` address to cancelRaffle(), successfully trapping ETH/NFT/token in prizeManager.sol

medium

`Roles::setRole()` doesn't work properly as admin `can't` remove users from their existing roles

Tadle

Tadle

293.18 USDC • 13 total findings • CodeHawks • 0xaraj

#22

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

TokenManager - Unlimited withdraw

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Token withdrawal fails until someone manually approves spending

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

high

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

low

`listOffer` Unsafely References Fungible Identifiers

low

Trade tax and settled collateral amount are not updated in offer struct

Jul '24

Munchables

Munchables

317.1 USDC • 7 total findings • Code4rena • araj

#20

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

277.57 USDC • 6 total findings • Sherlock • araj

#12

high

Funds are `locked` forever in BribeRewarder, when `no` user voted for that pool

high

Wrong input validation while checking for locked position in Voter.sol

high

Voting will revert/DoS due to wrong input validation in BribeRewarder::deposit()

high

Subsequent user receives less reward while claiming in BribeRewarder::claim() due to wrong `_lastUpdateTimestamp`

medium

Malicious user can take advantage of emergencyWithdraw() while voting

medium

Malicious user can `DoS` honest BribeRewarder by `creating` MAX_BRIBES_PER_POOL with very `small` amount

Jun '24

Vultisig

Vultisig

15.51 USDC • 2 total findings • Code4rena • araj

#27

high

Vultisig whitelisting can be bypassed by anyone

medium

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

May '24

Munchables

Munchables

823.83 USDC • 7 total findings • Code4rena • araj

#5

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Sophon Farming Contracts

Sophon Farming Contracts

16.89 USDC • 1 total finding • Sherlock • araj

#5

medium

Updating `startBlock` in `SophonFarming::setStartBlock()` leads to wrong rewardPoints calculation

Apr '24

Renzo

Renzo

13.57 USDC • 3 total findings • Code4rena • araj

#46

high

Incorrect withdraw queue balance in TVL calculation

high

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Zivoe

Zivoe

10.48 USDC • 2 total findings • Sherlock • araj

#52

high

Vesting schedule can't be `revoked` if user has `withdrawn` any stakingToken

high

`rewardRate` in `ZivoeRewards` can be manipulated

Mar '24

M^0

M^0

3,912.02 USDC • 1 total finding • Sherlock • araj

#4

medium

`ApprovedEarner` can still earn `EarnerRate` even after removal from `EARNERS_LIST`

Feb '24

Rio Network

Rio Network

180.37 USDC • 1 total finding • Sherlock • araj

#24

medium

Attacker can frontrun `rewardDistribution` to steal other stakers reward

Jan '24

Telcoin Platform Audit

Telcoin Platform Audit

2.64 USDC • 1 total finding • Sherlock • araj

#9

high

Burning of a member NFT stops further minting of member NFT

Dec '23

The Standard

The Standard

94.76 USDC • 5 total findings • CodeHawks • 0xaraj

#25

high

Rewards can be drained because of lack of access control

medium

Users can not remove some amount of collateral from contract because of wrong implementation of "canRemoveCollateral()"

medium

Missing deadline check allow pending transactions to be maliciously executed

medium

Incorrect calculation of amount of EURO to burn during liquidation

low

Removal of approved token from token manager can lead to unintended liquidation of vaults