https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/74ec3f9d-d643-470f-9099-446f086b6ec4.png

blackhole

Security Researcher

Contact Me

High

10

Total

Medium

11

Total

$2.90K

Total Earnings

#912 All Time

15x

Payouts

silver

1x

2nd Places

regular

4x

Top 10

regular

8x

Top 25

All

Sherlock

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

66.56 USDC • Sherlock • blackhole

#19

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

32.89 USDC • 4 total findings • Sherlock • blackhole

#45

high

DoS Vulnerability in the `deposit` Function of `BribeRewarder` contract

high

Incorrect validation in the vote function allows users to vote if the remaining lock time is less than the epoch time

medium

Incorrect validation in the _requireOnlyOperatorOrOwnerOf function of the MlumStaking contract allows unauthorized access

medium

Incorrect validation logic in `harvestPositionsTo` function restricts functionality in `MlumStaking`

Velocimeter

Velocimeter

13.20 USDC • 2 total findings • Sherlock • blackhole

#51

high

Claimable gauge distributions are locked when killGaugeTotally or pauseGauge is called

medium

First liquidity provider of a stable pair can DOS the pool

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

655.57 USDC • 3 total findings • Sherlock • blackhole

#7

high

Missing check for slippage in the _sellStakedUSDe function will result in a loss of funds

high

Missing check for slippage in the _executeInstantRedemption function will result in a loss of funds

high

Incorrect value calculation in `_getValueOfSplitFinalizedWithdrawRequest` due to missing decimals conversion

May '24

Sophon Farming Contracts

Sophon Farming Contracts

16.89 USDC • 1 total finding • Sherlock • blackhole

#5

medium

The `pool.lastRewardBlock` should be updated in the `setStartBlock` function

Elfi

Elfi

342.39 USDC • 4 total findings • Sherlock • blackhole

#15

high

Unauthorized access to `batchUpdateAccountToken` function allows arbitrary token updates in AccountFacet

high

The `redeemFee` is not properly deducted in `_executeRedeemStakeToken` Function

medium

Keepers can steal additional execution fee from users in `processExecutionFee` function

medium

The `minRedeemAmount` validation check does not consider the actual redeem amount

Napier Finance - LST/LRT Integrations

Napier Finance - LST/LRT Integrations

31.53 USDC • 1 total finding • Sherlock • blackhole

#15

medium

The `recipient` parameter is missing in the call to the `depositStETH` function in the PufETHAdapter.

Kwenta x Perennial Integration Update

Kwenta x Perennial Integration Update

32.21 USDC • Sherlock • blackhole

#8

Apr '24

Arcadia - Aerodrome integrations

Arcadia - Aerodrome integrations

1,446.42 USDC • 1 total finding • Sherlock • blackhole

silver

medium

`decreaseLiquidity` function can fail on zero amount transfer if `fee0Position` is set to zero.

TITLES Publishing Protocol

TITLES Publishing Protocol

71.98 USDC • 1 total finding • Sherlock • blackhole

#26

medium

The `TitlesGraph` contract doesn't have an external initializer

Zivoe

Zivoe

1.88 USDC • 1 total finding • Sherlock • blackhole

#56

medium

The pushToLockerMulti function will revert upon calling the addLiquidity function.

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

7.86 USDC • Sherlock • blackhole

#36

Jan '24

SYMM IO

SYMM IO

10.63 USDC • Sherlock • blackhole

#27

Jul '23

Tokensoft

Tokensoft

173.03 USDC • 1 total finding • Sherlock • blackhole

#12

medium

The `_setTotal` function will consistently revert in `CrosschainDistributor`

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 2 total findings • Sherlock • blackhole

#103

high

Anyone can call the `mintRebalancer`/`burnRebalancer` function and mint/burn the token

high

The `deadline` of ExactInputParams is commented out.