https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_2.png

brgltd

Security Researcher

Contact Me

High

5

Total

Medium

22

Total

$24.15K

Total Earnings

#313 All Time

56x

Payouts

bronze

1x

3rd Places

regular

7x

Top 10

regular

31x

Top 25

All

Sherlock

Code4rena

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • brgltd

#18

medium

Due to lack of access control in `notifyRewardAmount`, anyone can call this function with small values to disrupt the current reward rate

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

87.93 USDC • 1 total finding • Sherlock • brgltd

#13

high

Lack of slippage protection

May '24

Munchables

Munchables

0.01 USDC • 2 total findings • Code4rena • brgltd

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Oct '23

zkSync Era

zkSync Era

273.57 USDC • Code4rena • brgltd

#35

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

84.67 USDC • 1 total finding • Code4rena • brgltd

#62

medium

Lack of slippage protection can lead to significant loss of user funds

BASE

BASE

813.4 USDC • Code4rena • brgltd

bronze
Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

723.8 USDC • Code4rena • brgltd

#24

Apr '23

ENS Contest

ENS Contest

637.07 USDC • Code4rena • brgltd

#17

Rubicon v2

Rubicon v2

488.32 USDC • 3 total findings • Code4rena • brgltd

#29

high

DOS of market operations with malicious offers

medium

BathBuddy contract should implement methods to pause and unpause contract

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

Mar '23

Asymmetry contest

Asymmetry contest

118.64 USDC • 2 total findings • Code4rena • brgltd

#45

medium

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

medium

Lack of deadline for uniswap AMM

zkSync Era System Contracts contest

zkSync Era System Contracts contest

2,079.11 USDC • Code4rena • brgltd

#8

Neo Tokyo contest

Neo Tokyo contest

29.67 USDC • Code4rena • brgltd

#21

Wenwin contest

Wenwin contest

21.7 USDC • Code4rena • brgltd

#26

Aragon Protocol contest

Aragon Protocol contest

72.43 USDC • Code4rena • brgltd

#14

Feb '23

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • brgltd

#33

Jan '23

Timeswap contest

Timeswap contest

837.8 USDC • Code4rena • brgltd

#13

OpenSea Seaport 1.2 contest

OpenSea Seaport 1.2 contest

1,551.45 USDC • Code4rena • brgltd

#5

Reserve contest

Reserve contest

1,004.64 USDC • Code4rena • brgltd

#21

Dec '22

Papr contest

Papr contest

353.85 USDC • Code4rena • brgltd

#21

GoGoPool contest

GoGoPool contest

144.53 USDC • 1 total finding • Code4rena • brgltd

#52

medium

Coding logic of the contract upgrading renders upgrading contracts impractical

Tigris Trade contest

Tigris Trade contest

1,588.98 USDC • Code4rena • brgltd

#14

Nov '22

ParaSpace contest

ParaSpace contest

2,068.06 USDC • 1 total finding • Code4rena • brgltd

#14

high

NFTFloorOracle's asset and feeder structures can be corrupted

Redacted Cartel contest

Redacted Cartel contest

732.03 USDC • Code4rena • brgltd

#19

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

120.17 USDC • Code4rena • brgltd

#42

Blur Exchange contest

Blur Exchange contest

109.36 USDC • 1 total finding • Code4rena • brgltd

#24

medium

Yul `call` return value not checked

LooksRare Aggregator contest

LooksRare Aggregator contest

330.18 USDC • Code4rena • brgltd

#10

SIZE contest

SIZE contest

182.57 USDC • 1 total finding • Code4rena • brgltd

#20

medium

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack

Debt DAO contest

Debt DAO contest

673.39 USDC • 1 total finding • Code4rena • brgltd

#27

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oct '22

zkSync v2 contest

zkSync v2 contest

2,102.32 USDC • Code4rena • brgltd

#5

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

19.64 USDC • Code4rena • brgltd

#33

Inverse Finance contest

Inverse Finance contest

36.73 USDC • Code4rena • brgltd

#43

Holograph contest

Holograph contest

55.69 USDC • 1 total finding • Code4rena • brgltd

#36

medium

`_payoutToken[s]()` is not compatible with tokens with missing return value

3xcalibur contest

3xcalibur contest

34.98 USDC • Code4rena • brgltd

#33

Juicebox contest

Juicebox contest

1,298.66 USDC • 2 total findings • Code4rena • brgltd

#9

medium

The tier setting parameter are unsafely downcasted from type uint256 to type uint80 / uint48 / uint40 / uint16

medium

Iterations over all tiers in recordMintBestAvailableTier can render system unusable

Trader Joe v2 contest

Trader Joe v2 contest

279.81 USDC • Code4rena • brgltd

#19

The Graph L2 bridge contest

The Graph L2 bridge contest

602.12 USDC • Code4rena • brgltd

#11

Blur Exchange contest

Blur Exchange contest

416.82 USDC • 1 total finding • Code4rena • brgltd

#15

medium

Yul `call` return value not checked

Sep '22

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

396.25 USDC • 2 total findings • Code4rena • brgltd

#16

medium

A "FrontRunning attack" can be made to the `initialize` function

medium

`safeTransfer` function does not check for existence of ERC20 token contract

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

65.07 USDC • 1 total finding • Code4rena • brgltd

#39

medium

frxETHMinter: Non-conforming ERC20 tokens not recoverable

VTVL contest

VTVL contest

30.45 USDC • Code4rena • brgltd

#59

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • brgltd

#21

Y2k Finance contest

Y2k Finance contest

36.62 USDC • Code4rena • brgltd

#51

PartyDAO contest

PartyDAO contest

230.84 USDC • Code4rena • brgltd

#21

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

38.41 USDC • Code4rena • brgltd

#9

Nouns Builder contest

Nouns Builder contest

118.16 USDC • Code4rena • brgltd

#71

Aug '22

Olympus DAO contest

Olympus DAO contest

955.75 USDC • 2 total findings • Code4rena • brgltd

#22

medium

Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

52.34 USDC • Code4rena • brgltd

#34

FIAT DAO veFDT contest

FIAT DAO veFDT contest

44.85 USDC • Code4rena • brgltd

#61

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

370.15 USDC • 1 total finding • Code4rena • brgltd

#15

medium

FraxlendPair#setTimeLock: Allows the owner to reset TIME_LOCK_ADDRESS

Foundation Drop contest

Foundation Drop contest

74.97 USDC • 1 total finding • Code4rena • brgltd

#35

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

Mimo August 2022 contest

Mimo August 2022 contest

107 USDC • Code4rena • brgltd

#33

Rigor Protocol contest

Rigor Protocol contest

62.45 USDC • Code4rena • brgltd

#61

Jul '22

Golom contest

Golom contest

56.64 USDC • Code4rena • brgltd

#81

ENS contest

ENS contest

1,258.67 USDC • 1 total finding • Code4rena • brgltd

#11

high

It is possible to create fake ERC1155 NameWrapper token for subdomain, which is not owned by NameWrapper

Fractional v2 contest

Fractional v2 contest

37.55 USDC • Code4rena • brgltd

#98

Juicebox V2 contest

Juicebox V2 contest

128.02 USDC • Code4rena • brgltd

#47