https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/d4c4c356-11e0-4cfa-a940-9f2a1169193e.jpg

b0g0

Security Researcher

30+ vulnerabilities found across more than 15 protocols | https://b0g0.xyz

Contact Me

High

23

Total

Medium

17

Total

$82.42K

Total Earnings

#115 All Time

16x

Payouts

gold

1x

1st Places

regular

7x

Top 10

regular

10x

Top 25

All

Sherlock

Code4rena

Cantina

Immunefi

Jan '25

infrared-contracts

infrared-contracts

92.62 USDC • 1 total finding • Cantina • b0g0

#55

high

Finding not yet public.

farcasterattestation-monorepo

farcasterattestation-monorepo

3,165.31 OP • 6 total findings • Cantina • b0g0

#8

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '24

story-protocol

story-protocol

24,340.66 USDC • 5 total findings • Cantina • b0g0

#13

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Aug '24

Chakra

Chakra

542.79 USDT • 7 total findings • Code4rena • b0g0

#16

high

Malicious actors can manipulate the `cross_chain_callback` callback

high

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

high

settlement.cairo doesn't process callback correctly leading to CrossChainMsgStatus marked as SUCCESS even if it failed on destination chain

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

high

In Starknet already processed messages can be re-submitted and by anyone

high

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

medium

inconsistency in sender address when creating cross chain messages on Starknet can lead to loss of funds

Jul '24

MakerDAO Endgame

MakerDAO Endgame

1,203.75 USDC • Sherlock • b0g0

#50

May '24

YOLO Games

YOLO Games

606.28 USDC • 2 total findings • Cantina • b0g0

#9

medium

Finding not yet public.

medium

Finding not yet public.

Apr '24

Renzo

Renzo

0.04 USDC • 2 total findings • Code4rena • b0g0

#57

high

Incorrect withdraw queue balance in TVL calculation

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Audit Comp | Alchemix

Audit Comp | Alchemix

50 USDC • 1 total finding • Immunefi • b0g0

#54

high

Finding not yet public.

Mar '24

Ondo Finance

Ondo Finance

114.24 USDC • Code4rena • b0g0

#13

Smart-contracts

Smart-contracts

1,839.63 USDC • 4 total findings • Cantina • b0g0

#9

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Revert Lend

Revert Lend

6,184.78 USDC • 3 total findings • Code4rena • b0g0

gold

high

V3Vault::transform does not validate the `data` input and allows a depositor to exploit any position approved on the transformer

high

Risk of reentrancy `onERC721Received` function to manipulate collateral token configs shares

medium

V3Oracle susceptible to price manipulation

Feb '24

Jala Swap

Jala Swap

363.37 USDC • 1 total finding • Sherlock • b0g0

#5

medium

Permit functions inside JalaRouter02 will not work

Jan '24

Blast

Blast

43,404.65 USDC • 2 total findings • Cantina • b0g0

#8

high

Finding not yet public.

medium

Finding not yet public.

Salty.IO

Salty.IO

119.16 USDC • 4 total findings • Code4rena • b0g0

#64

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

formPOL lacks slippage and deadline protection

medium

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

medium

If there is only one USDS borrower, he can never be liquidated

Ubiquity

Ubiquity

371.99 USDC • 1 total finding • Sherlock • b0g0

#7

medium

User can mint dollars even if the price is beyond the mintPriceThreshold

Oct '23

The Wildcat Protocol

The Wildcat Protocol

16.66 USDC • 1 total finding • Code4rena • b0g0

#62

medium

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range