https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/bf2bbbbb-67fc-4fd3-856b-474c4d108a1e.jpg

berndartmueller

Security Researcher

I hunt bugs on-chain Lead Auditor @SecurityOak, SR @SpearbitDAO, https://t.co/LWCkCaqoY7 🏅Judge @Code4rena | DM for audits

Contact Me

High

1

Solo

87

Total

Medium

5

Solo

147

Total

$294.75K

Total Earnings

#27 All Time

66x

Payouts

gold

4x

1st Places

silver

3x

2nd Places

bronze

5x

3rd Places

All

Sherlock

Code4rena

Cantina

Mar '25

IOTA EVM

IOTA EVM

Collaborative Audit • Sherlock • berndartmueller

Feb '25

Initia Cosmos

Initia Cosmos

41,485.57 USDC • 10 total findings • Code4rena • berndartmueller

gold

high

minievm fails to charge intrinsic gas costs for EVM transactions, allowing the abuse of the accesslist to consume computational resources without proper compensation

high

A regular Cosmos SDK message can be disguised as an EVM transaction, causing `ListenFinalizeBlock` to error which prevents the block from being indexed

high

Explicit gas limit on low-level Solidity calls can be bypassed by dispatched EVM calls via the custom Cosmos precompile

high

EVM stack overflow error leads to no gas being charged, which can be exploited to DoS the chain by dispatching EVM calls via the cosmos precompile

high

`ExecuteRequest`'s are not properly removed from the context queue

high

Precompiles fail to charge gas in case of an error leading to a DOS vector

high

JSON-RPC `FilterCriteria.Addresses` are unbound and can be used to DoS the RPC

medium

Contract deployment restriction can be bypassed

medium

`COINBASE` opcode returns an empty address instead of the block proposer resulting in incompatibility with the EVM

medium

`GASLIMIT` opcode returns transaction gas limit instead of block gas limit resulting in incompatibility with the EVM

Jan '25

IOTA

IOTA

Collaborative Audit • Sherlock • berndartmueller

Nov '24

MANTRA Chain

MANTRA Chain

31,416.55 USDC • 6 total findings • Code4rena • berndartmueller

gold

high

Potentially sensitive issue - disclosed privately

high

Multiplier is calculated using denom and not coin.Denom

high

Unspent gas fees are always refunded to the `FeePayer()` which leads to incorrect refunds if the `FeeGranter()` paid for the fees

medium

Fee market post handler misses to account for gas consumed after taking the gas snapshot, leading to higher refunds and unpaid gas

medium

Block gas utilization is slightly lower than the actual gas utilization due to the gas snapshot being taken too early resulting in an inaccurate base fee calculation

medium

`xfeemarket` module is not wired up, resulting in non-working CLI commands, message server, genesis export

May '24

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

3,788.40 USDC • 3 total findings • Sherlock • berndartmueller

#7

high

Draw auction rewards likely exceed the available rewards, resulting in overpaying rewards or running into an `InsufficientReserve` error

medium

The RNG finish draw auction rewards are overpaid due to missing to account for the time it takes to fulfill the Witnet randomness request

medium

`DrawManager.canStartDraw` does not consider retried RNG requests when determining if a new draw auction can be started

Feb '24

curvance

curvance

37,642.2 USDC • 18 total findings • Cantina • bernd

bronze

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '23

ZetaChain

ZetaChain

41,909.65 USDC • 25 total findings • Code4rena • berndartmueller

gold

high

Using unconfirmed UTXOs as inputs for transactions is vulnerable to griefing attacks

high

Tombstoned observer can maliciously add a duplicate observer address resulting in forfeiting voting rewards of targeted observers

high

Outbound transactions that can not be broadcasted to an external EVM chain cause a Denial of Service of all outgoing transactions to this chain

high

zEVM cross-chain messages ignore the user-specified message and prevent calling the destination contract

high

Disabling outbound transactions is ineffective and allows for Zeta token theft

high

A malicious inbound transaction can prevent subsequent events from being processed by observers

high

Fake `ZetaReceived` events cause the outbound cctx to remain pending resulting in a blocked outbound EVM transaction queue

medium

`ZetaSupplyChecker` calculation error

medium

When updating gas, if one chain fails, the others should continue to be updated instead of being skipped.

medium

An already executed InTxTracker can still be added

medium

ZRC20 Token Pause Check Bypass

medium

Incorrect genesis initialization of pending nonces

medium

Lagging median gas price when the set of observers changes

medium

Inability to reliably verify inbound transactions may result in missed inbound transactions

medium

Lack of message ordering may lead to failed transactions

medium

Inbound transactions submitted to the `InTxTracker` that contain multiple `ZetaSent` and `Deposited` events are not processed correctly by the observers resulting in a loss of funds

medium

A single malicious observer can fill the block space with `MsgGasPriceVoter` messages without proper gas compensation resulting in griefing blocks

medium

Zeta token supply checker incorrectly classifies in-transit cctxs as settled resulting in misleading checks

medium

Arbitrary destination gas limit for `CoinType_Zeta` cctxs results in paying lower gas fees

medium

Observer can halt outbound cctxs and steal funds

medium

Outbound zEVM cross-chain messages ignore the user-specified gas limit and may fail with an out-of-gas error

medium

The `Sender` of an outbound cctx originating from the zEVM is potentially set to an incorrect sender address resulting in lost assets during a refund

medium

ERC-20 deposit cctxs are refunded to the EOA instead of an intermediary contract

medium

The outbound transaction tracker only keeps track of a maximum of two different transaction hashes, preventing cctxs from being efficiently confirmed and blocking the outbound transaction queue

medium

A single malicious observer can exploit the infinite gas meter to grief ZetaChain blocks without proper gas compensation

Jul '23

Tokemak

Tokemak

6,300.71 USDC • 10 total findings • Sherlock • berndartmueller

#5

high

Risk-free profits for an attacker due to outdated debt reporting during `LMPVault` deposits

high

Consecutively queueing new rewards transfers more tokens than anticipated

high

Performing the liquidation process reverts due to failing to swap the reward tokens

high

Claimed destination vault base asset rewards are potentially lost during `LMPVault` withdrawals

high

`MainRewarder` staking rewards are diluted by new stakers resulting in less rewards for existing stakers

high

Potentially overpaying for vault shares due to the lack of incorporating native ETH into the required `assets` amount

high

Destination vault debt can be selectively updated to collect fees on "profits" while ignoring the losses from other destination vaults

medium

Users are unable to withdraw from `LMPVault` if the accumulated `TOKE` rewards are below the `MIN_STAKE_AMOUNT` threshold

medium

Edge case scenario during `LMPVault` withdrawals results in the inability to withdraw

medium

Protocol fees are not collected for a while after the `LMPVault` got emptied

Bond Options

Bond Options

2,421.17 USDC • 7 total findings • Sherlock • berndartmueller

silver

high

Option token receiver can steal funds by repeatedly reclaiming expired options

high

A malicious option token deployer can drain quote token funds from the `FixedStrikeOptionTeller` contract

medium

Claiming epoch rewards at the time of the options expiry will mint options that are immediately expired and thus unable to get exercised

medium

A malicious user can prevent reward accrual

medium

Depositing staking tokens at a later epoch requires claiming rewards for all epochs since the very first epoch

medium

If the `receiver` is prevented from receiving exercised proceed tokens, exercising options is not possible

medium

Funds can be stolen from the `FixedStrikeOptionTeller` contract by creating put option tokens without providing collateral

Jun '23

Symmetrical

Symmetrical

3,473.66 USDC • 11 total findings • Sherlock • berndartmueller

#6

high

Expired signatures with outdated prices can be used to liquidate Party A's positions

high

Emergency position closing can be griefed by Party A

high

Depositing and allocating funds for Party B potentially allocates less than anticipated

medium

Liquidating a turned solvent Party A does not credit the profits to Party A

medium

Consecutive symbol price updates can be exploited to drain protocol funds

medium

Inaccurate solvency check during position opening can lead to immediate insolvency

medium

Party B liquidation can expire, causing the liquidation to be stuck

medium

Party B can grief Party A by filling the close request for a limit order with a zero amount

medium

Party B liquidations are not incentivized if the losses exceed the locked liquidation possibly resulting in not liquidating Party B and Party A not receiving the liquidation proceeds

medium

Fully opening a limit quote with down-adjusted locked values could lead to a quote value smaller than the enforced minimum

medium

Fee collector can grief the protocol by withdrawing trading fees that could still need to be returned to Party A

Mar '23

Y2K

Y2K

2,890.20 USDC • 8 total findings • Sherlock • berndartmueller

#4

high

Entitled asset shares are not withdrawn and are lost when minting rollovers

high

Delisting a rollover queue item reorders an item and prevents the reordered item from being rolled over in the next epoch

high

Updating carousel vault rollover queue item sets the wrong index

medium

Adversary can trigger a regular end epoch for a null epoch and cause premium vault users to lose funds

medium

`Carousel.mintRollovers` potentially mints `0` shares and can grief rollover queue

medium

Null epoch prevents carousel rollover

medium

Risk-free hedge if depeg is triggered at the start of the epoch

medium

Arbitrum sequencer downtime lasting before and beyond epoch expiry prevents triggering depeg

Feb '23

GMX

GMX

5,297.58 USDC • 5 total findings • Sherlock • berndartmueller

#7

high

Inability to claim collateral

high

Decreasing a position without a swap path is susceptible to slippage

high

Underestimated gas estimation for executing withdrawals leads to insufficient keeper compensation

high

The claimable collateral factor with the key `Keys.claimableCollateralFactorKey` remains unchanged and results in a claimable collateral amount of zero

medium

Depositing in a market with the same long and short tokens will revert

Blueberry

Blueberry

4,099.99 USDC • 9 total findings • Sherlock • berndartmueller

#4

high

Too few `ICHI` v2 farming reward tokens transferred to the user due to incorrect decimal precision

high

Failure to withdraw Ichi vault LP tokens to the user

high

Failure to refund `ICHI` v2 farming reward tokens upon increasing farming position

high

`SoftVault` accrued interest is not refunded and stuck forever

high

A liquidator can repay the smaller debt position to fully liquidate a position and receive the full collateral

medium

The maximum size of an `ICHI` vault spell position can be arbitrarily surpassed

medium

Closing an `IchiVaultSpell` position is susceptible to slippage when swapping tokens

medium

Rebase/FoT tokens are not supported as isolated collateral

medium

The total lent amount of a bank is not decremented when a position is liquidated

Jan '23

Drips Protocol contest

Drips Protocol contest

9,286.11 USDC • 1 total finding • Code4rena • berndartmueller

bronze

medium

Squeezing drips from a sender can be front-run and prevented by the sender

Cooler

Cooler

328.55 USDC • 2 total findings • Sherlock • berndartmueller

#10

high

Fully repaying a loan transfers debt tokens to zero-address

medium

Repaying loans with small amounts of debt tokens can lead to underflowing in the `roll` function

Ajna

Ajna

7,671.91 USDC • 5 total findings • Sherlock • berndartmueller

bronze

high

Executing funded standard proposals can be prevented by a proposal slate with duplicate proposals

medium

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

medium

Calculating new rewards is susceptible to precision loss due to division before multiplication

medium

Claiming rewards from a future not yet existing epoch prevents claiming rewards for those epochs later on

medium

Extraordinary proposals can receive more tokens than eligible

UXD Protocol

UXD Protocol

2,711.96 USDC • 7 total findings • Sherlock • berndartmueller

#4

high

Anyone can use the token spending allowance from another address to rebalance negative Perp PnL

high

Calculating the Perp short position value uses a potentially unsafe TWAP interval

medium

Redeeming all UXD tokens is not possible if some have been minted via Perp quote minting

medium

Rebalancing a negative Perp PnL via a Uniswap V3 token swap is broken due to the lack of token spending allowance

medium

Rebalancing a negative Perp PnL will fail to deposit to the vault due to decimal precision inconsistencies

medium

Fee accounting for Perp positions is incorrect

medium

Inaccurate Perp debt calculation

Nov '22

Debt DAO contest

Debt DAO contest

7,817.37 USDC • 7 total findings • Code4rena • berndartmueller

#5

high

Non-existing revenue contract can be passed to claimRevenue to send all tokens to treasury

high

addCredit / increaseCredit cannot be called by lender first when token is ETH

high

Borrower can close a credit without repaying debt

high

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

medium

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

medium

Lender can reject closing a position

Chainlink Staking contest

Chainlink Staking contest

7,667.55 USDC • Code4rena • berndartmueller

#5

Oct '22

Juicebox contest

Juicebox contest

3,520.32 USDC • 1 total finding • Code4rena • berndartmueller

#4

medium

The tier reserved rate is not validated and can surpass `JBConstants.MAX_RESERVED_RATE`

Mover

Mover

2,594.88 USDC • 1 total finding • Sherlock • berndartmueller

silver

high

Collected fees can be used by anyone to top-up

Merit Circle

Merit Circle

118.03 USDC • 2 total findings • Sherlock • berndartmueller

#10

medium

Claiming rewards with a pool that has an escrow portion but no escrow pool set will render the escrowed rewards lost

medium

Curve points are not validated to be continuously increasing

Mycelium

Mycelium

758.21 USDC • 3 total findings • Sherlock • berndartmueller

bronze

high

A malicious early depositor can manipulate the vault's share price

medium

A paused Aave lending pool will cause a serious denial of service

medium

Duplicate plugins cause multiple counting of `LINK` token balance

Sep '22

Knox Finance

Knox Finance

20.77 USDC • 1 total finding • Sherlock • berndartmueller

#12

medium

Chainlink's `latestRoundData` might return stale or incorrect results

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

875.89 USDC • 3 total findings • Code4rena • berndartmueller

#10

medium

Vault set to the zero-address will break swaps and flash loans in all deployed pools

medium

A "FrontRunning attack" can be made to the `initialize` function

medium

`safeTransfer` function does not check for existence of ERC20 token contract

VTVL contest

VTVL contest

51.69 USDC • 1 total finding • Code4rena • berndartmueller

#48

medium

not able to create claim

Art Gobblers contest

Art Gobblers contest

525.56 USDC • 1 total finding • Code4rena • berndartmueller

#17

medium

The reveal process could brick if `randProvider` stops working

Nouns Builder contest

Nouns Builder contest

1,077.28 USDC • 3 total findings • Code4rena • berndartmueller

#21

high

Multiple vote checkpoints per block will lead to incorrect vote accounting

high

`ERC721Votes`: Token owners can double voting power through self delegation

medium

Creating a new governance proposal can be prevented by anyone

Aug '22

Sentiment

Sentiment

2,235.34 USDC • 4 total findings • Sherlock • berndartmueller

#9

high

First `ERC4626` deposit can break share calculation

high

`ERC4626Oracle` oracle calculates the wrong price for vaults with different decimals than their underlying asset

high

Chainlink oracle calculates the wrong price for ETH nominated pairs

medium

Account liquidation can fail in certain situations

Olympus DAO contest

Olympus DAO contest

1,107.27 USDC • 2 total findings • Code4rena • berndartmueller

#20

high

In `Governance.sol`, it might be impossible to activate a new proposal forever after failed to execute the previous active proposal.

high

TRSRY: front-runnable `setApprovalFor`

Nouns DAO contest

Nouns DAO contest

1,718.74 USDC • 1 total finding • Code4rena • berndartmueller

#5

high

ERC721Checkpointable: delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

4,184.7 USDC • 3 total findings • Code4rena • berndartmueller

bronze

medium

Owner of `FraxlendPair` can set arbitrary time lock contract address to circumvent time lock

medium

Fraxlend pair deployment can be front-run by a custom pair deployment

medium

FraxlendPair.sol is not fully EIP-4626 compliant

Foundation Drop contest

Foundation Drop contest

1,240.78 USDC • 2 total findings • Code4rena • berndartmueller

#7

medium

NFT creator sales revenue recipients can steal gas

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

Rigor Protocol contest

Rigor Protocol contest

955.27 USDC • 3 total findings • Code4rena • berndartmueller

#13

medium

Anyone can create disputes if `contractor` is not set

medium

Possible DOS in `lendToProject()` and `toggleLendingNeeded()` function because unbounded loop can run out of gas

medium

Owner of project NFT has no purpose

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

60.77 USDC • Code4rena • berndartmueller

#38

Golom contest

Golom contest

1,393.26 USDC • Code4rena • berndartmueller

#11

ENS contest

ENS contest

250.36 USDC • 2 total findings • Code4rena • berndartmueller

#27

medium

transfer() depends on gas consts

medium

The `unwrapETH2LD` use `transferFrom` instead of `safeTransferFrom` to transfer ERC721 token

Fractional v2 contest

Fractional v2 contest

2,207.05 USDC • 5 total findings • Code4rena • berndartmueller

#11

high

Migration can permanently fail if user specifies different lengths for `selectors` and `plugins`

high

Steal NFTs from a Vault, and ETH + Fractional tokens from users.

high

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

medium

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

medium

Delegate call in `Vault#_execute` can alter Vault's ownership

Juicebox V2 contest

Juicebox V2 contest

14,020.84 USDC • 6 total findings • Code4rena • berndartmueller

gold

high

Token Change Can Be Frontrun, Blocking Token

medium

Use a safe transfer helper library for ERC20 transfers

medium

Discounted fee calculation is imprecise and calculates less fees than anticipated

medium

Locked splits can be updated

medium

More outstanding reserved tokens are distributed than anticipated leading to less redeemable assets and therefore loss of user funds

medium

Unhandled chainlink revert would lock all price oracle access

Jun '22

Putty contest

Putty contest

2,078.11 USDC • 7 total findings • Code4rena • berndartmueller

#5

high

Fee is being deducted when Put is expired and not when it is exercised.

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

medium

Options with a small strike price will round down to 0 and can prevent assets to be withdrawn

medium

Put options are free of any fees

medium

[Denial-of-Service] Contract Owner Could Block Users From Withdrawing Their Strike

medium

Putty position tokens may be minted to non ERC721 receivers

medium

`fee` can change without the consent of users

Nibbl contest

Nibbl contest

37.14 USDC • Code4rena • berndartmueller

#52

Yieldy contest

Yieldy contest

1,960.72 USDC • 3 total findings • Code4rena • berndartmueller

#9

medium

Sending batch withdrawal requests can possibly DoS

medium

Functions in the `BatchRequests` contract revert for removed contract addresses

medium

Users of Migration.sol may forfeit rebase rewards

Badger-Vested-Aura contest

Badger-Vested-Aura contest

2,059.54 USDC • 3 total findings • Code4rena • berndartmueller

#4

medium

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

medium

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

medium

Withdrawing all funds at once to vault can be DoS attacked by frontrunning and locking dust

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

315.71 USDC • 4 total findings • Code4rena • berndartmueller

#27

high

Overpayment of native ETH is not refunded to buyer

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

medium

Malicious governance can use `updateWethTranferGas` to steal WETH from buyers

medium

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Notional x Index Coop

Notional x Index Coop

5,204.37 USDC • 2 total findings • Code4rena • berndartmueller

#6

high

Rounding Issues In Certain Functions

medium

Users Might Not Be Able To Purchase Or Redeem SetToken

May '22

Backd Tokenomics contest

Backd Tokenomics contest

352.96 USDC • Code4rena • berndartmueller

#20

veToken Finance contest

veToken Finance contest

203.03 USDT • 1 total finding • Code4rena • berndartmueller

#36

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Velodrome Finance contest

Velodrome Finance contest

178.88 USDC • 1 total finding • Code4rena • berndartmueller

#31

medium

Malicious user can populate `rewards` array with tokens of their interest reaching limits of `MAX_REWARD_TOKENS`

Rubicon contest

Rubicon contest

2,844.65 USDC • 11 total findings • Code4rena • berndartmueller

#4

high

First depositor can break minting of shares

high

RubiconRouter.swapEntireBalance() doesn't handle the slippage check properly

medium

USDT is not supported because of approval mechanism

medium

Inconsistent Order Book Accounting When Working With Transfer-On-Fee or Deflationary Tokens

medium

RubiconRouter: Excess ether did not return to the user

medium

No cap on fees can result in a DOS in BathToken.withdraw()

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

medium

`RubiconMarket` buys can not be disabled if offer matching is disabled

medium

`RubiconMarket.feeTo` set to zero-address can DoS `buy` function

medium

Changing `matchingEnabled` in `RubiconMarket` breaks protocol

medium

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

Sturdy contest

Sturdy contest

3,253.78 USDC • 4 total findings • Code4rena • berndartmueller

silver

high

hard-coded slippage may freeze user funds during market turbulence

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

medium

Possible lost msg.value

medium

Withdrawing ETH collateral with max uint256 amount value reverts transaction

Aura Finance contest

Aura Finance contest

151.97 USDC • Code4rena • berndartmueller

#44

Cally contest

Cally contest

67.64 USDC • 4 total findings • Code4rena • berndartmueller

#57

medium

Use safeTransferFrom instead of transferFrom for ERC721 transfers

medium

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

medium

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

medium

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Enso Finance contest

Enso Finance contest

9,224.02 USDT • Code4rena • berndartmueller

#4

FactoryDAO contest

FactoryDAO contest

117.61 DAI • 2 total findings • Code4rena • berndartmueller

#40

medium

safeTransferFrom is recommended instead of transfer (1)

medium

amount requires to be updated to contract balance increase (1)

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

83.61 USDC • 1 total finding • Code4rena • berndartmueller

#41

medium

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

Apr '22

PoolTogether Aave v3 contest

PoolTogether Aave v3 contest

810 USDC • 2 total findings • Code4rena • berndartmueller

#7

high

[WP-H1] A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

medium

_depositAmount requires to be updated to contract balance increase

Mimo DeFi contest

Mimo DeFi contest

400.55 USDC • 1 total finding • Code4rena • berndartmueller

#15

medium

SuperVault's leverageSwap and emptyVaultOperation can become stuck

AbraNFT contest

AbraNFT contest

748.73 MIM • 1 total finding • Code4rena • berndartmueller

#14

high

The return value `success` of the get function of the INFTOracle interface is not checked

Backd contest

Backd contest

333.16 USDC • 2 total findings • Code4rena • berndartmueller

#27

medium

Chainlink's latestRoundData might return stale or incorrect results

medium

`call()` should be used instead of `transfer()` on an `address payable`

Phuture Finance contest

Phuture Finance contest

22.05 USDC • 1 total finding • Code4rena • berndartmueller

#35

medium

Chainlink's latestRoundData might return stale or incorrect results

Badger Citadel contest

Badger Citadel contest

3,471.6 USDC • 2 total findings • Code4rena • berndartmueller

#9

high

StakedCitadel depositors can be attacked by the first depositor with depressing of vault token denomination

high

StakedCitadel: wrong setupVesting function name

JPEG'd contest

JPEG'd contest

3,422.65 USDC • 3 total findings • Code4rena • berndartmueller

#7

high

yVault: First depositor can break minting of shares

medium

Wrong calculation for yVault price per share if decimals != 18

medium

Chainlink pricer is using a deprecated API

Backed Protocol contest

Backed Protocol contest

235.69 USDC • 1 total finding • Code4rena • berndartmueller

#18

medium

`sendCollateralTo` is unchecked in `closeLoan()`, which can cause user's collateral NFT to be frozen

Mar '22

Volt Protocol contest

Volt Protocol contest

124.98 USDC • Code4rena • berndartmueller

#27

prePO contest

prePO contest

130.66 USDC • Code4rena • berndartmueller

#19

Rolla contest

Rolla contest

881.03 USDC • Code4rena • berndartmueller

#10

Maple Finance contest

Maple Finance contest

728.94 USDC • Code4rena • berndartmueller

#5

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

183.85 USDT • Code4rena • berndartmueller

#36