https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/08210420-1781-4baa-ad72-0bf27e5e10be.jpg

broccolirob

Security Researcher

Blockchain @trailofbits

Contact Me

High

1

Total

Medium

8

Total

$7.20K

Total Earnings

#663 All Time

13x

Payouts

regular

2x

Top 10

regular

6x

Top 25

regular

10x

Top 50

All

Code4rena

Jul '24

TraitForge

TraitForge

63.24 USDC • 1 total finding • Code4rena • broccolirob

#53

medium

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Jun '23

Stader Labs

Stader Labs

2,676.76 USDC • 1 total finding • Code4rena • broccolirob

#9

high

`VaultProxy` implementation can be initialized by anyone and self-destructed

May '22

Rubicon contest

Rubicon contest

453.74 USDC • 2 total findings • Code4rena • broccolirob

#26

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

medium

No Storage Gap for Upgradeable Contracts

Enso Finance contest

Enso Finance contest

7.8 USDT • Code4rena • broccolirob

#60

FactoryDAO contest

FactoryDAO contest

19.18 DAI • 1 total finding • Code4rena • broccolirob

#61

medium

safeTransferFrom is recommended instead of transfer (1)

Cudos contest

Cudos contest

113.78 USDC • Code4rena • broccolirob

#42

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

276.82 USDC • 1 total finding • Code4rena • broccolirob

#28

medium

The owner can mint all of the NFTs.

Apr '22

Mimo DeFi contest

Mimo DeFi contest

1,119.44 USDC • 1 total finding • Code4rena • broccolirob

#11

medium

Decimal token underflow could produce loose of funds

AbraNFT contest

AbraNFT contest

72.64 MIM • Code4rena • broccolirob

#40

Dec '21

Yeti Finance contest

Yeti Finance contest

11.54 USDC • Code4rena • broccolirob

#25

Sublime contest

Sublime contest

845.03 USDC • 1 total finding • Code4rena • broccolirob

#13

medium

Ether can be locked in the `PoolFactory` contract without a way to retrieve it

Perennial contest

Perennial contest

0 USDC • Code4rena • broccolirob

#12

Kuiper contest

Kuiper contest

1,535.22 ETH • 1 total finding • Code4rena • broccolirob

#7

medium

Reentrancy vulnerability in `Basket` contract's `initialize()` method.