https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/13000f41-683a-4aca-8c51-bd30ec53190d.jpg

bronze_pickaxe

Security Researcher

slaying goblins in lumbridge, training my mage lvl on the EVM

Contact Me

High

19

Total

Medium

23

Total

$120.30K

Total Earnings

#77 All Time

29x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Hats Finance

Feb '25

SEDA Protocol

SEDA Protocol

750.53 USDC • 1 total finding • Sherlock • bronze_pickaxe

#9

high

Malicious proposer can crash other nodes by bloating databases

Dec '24

aligned-layer

aligned-layer

10,514 USDC • 1 total finding • Cantina • bronzepickaxe

#4

high

Finding not yet public.

story-protocol

story-protocol

15,665.79 USDC • 6 total findings • Cantina • bronzepickaxe

#21

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Oct '24

Omni Network

Omni Network

55,608.3 USDC • 1 total finding • Cantina • bronzepickaxe

#9

high

Finding not yet public.

Sep '24

redstone-oracle

redstone-oracle

318.85 USDC • 1 total finding • Cantina • bronzepickaxe

#16

high

Finding not yet public.

Aug '24

Phi

Phi

0 USDC • Code4rena • bronze_pickaxe

#55

zetachain-protocol

zetachain-protocol

199.51 USDC • 1 total finding • Cantina • bronzepickaxe

#51

high

Finding not yet public.

Axelar Network

Axelar Network

0 USDC • Code4rena • bronze_pickaxe

#9

Jul '24

dappslap

dappslap

600 USDC • Hats • bronze_pickaxe

#5

Optimism Superchain

Optimism Superchain

5,412.07 OP • 1 total finding • Code4rena • bronze_pickaxe

#10

medium

Addresses can be pre-populated with bad data

Metrom backend

Metrom backend

6,000 USDC • Hats • bronze_pickaxe

silver
CCIP v1.5

CCIP v1.5

10,057.47 USDC • CodeHawks • bronzepickaxe

#8

Jun '24

grass

grass

304.07 USDC • 2 total findings • Cantina • bronzepickaxe

#9

high

Finding not yet public.

high

Finding not yet public.

May '24

Arbitrum BoLD

Arbitrum BoLD

0 USDC • Code4rena • bronze_pickaxe

#10

safe-extensions

safe-extensions

2,414.66 USDC • 2 total findings • Cantina • bronzepickaxe

#11

medium

Finding not yet public.

medium

Finding not yet public.

Feb '24

eigenlayer-contracts

eigenlayer-contracts

3,000 USDC • Cantina • bronzepickaxe

bronze
opal-contracts

opal-contracts

1,617.67 USDC • 9 total findings • Cantina • bronzepickaxe

#9

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '24

Decent

Decent

150.91 USDC • 1 total finding • Code4rena • bronze_pickaxe

#31

medium

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

lockbox-solana

lockbox-solana

657.58 USDC • 1 total finding • Cantina • bronzepickaxe

#8

medium

Finding not yet public.

Curves

Curves

2.47 USDC • 5 total findings • Code4rena • bronze_pickaxe

#115

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

high

Unauthorized Access to setCurves Function

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Nov '23

core-and-erc1155a

core-and-erc1155a

852.1 USDC • 1 total finding • Cantina • bronzepickaxe

#15

medium

Finding not yet public.

Kelp DAO | rsETH

Kelp DAO | rsETH

7.42 USDC • 1 total finding • Code4rena • bronze_pickaxe

#51

high

The price of rsEHT could be manipulated by the first staker

Oct '23

NextGen

NextGen

0.62 USDC • 3 total findings • Code4rena • bronze_pickaxe

#109

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Brahma

Brahma

3,025.06 USDC • 1 total finding • Code4rena • bronze_pickaxe

gold

medium

A safe that been created using version 1.40=< will not be compatible with Brahma

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.68 USDC • Code4rena • bronze_pickaxe

#55

Allo V2

Allo V2

26.66 USDC • 2 total findings • Sherlock • bronze_pickaxe

#55

high

Allocator can allocate more voiceCredits than maxVoiceCreditsPerAllocator.

medium

Lack of `receive()` function in QVSimpleStrategy breaks core functionality of the project

Aug '23

Livepeer Onchain Treasury Upgrade

Livepeer Onchain Treasury Upgrade

3,014.31 USDC • 1 total finding • Code4rena • bronze_pickaxe

bronze

high

Underflow in updateTranscoderWithFees can cause corrupted data and loss of winning tickets.

Sparkn

Sparkn

70.99 USDC • 2 total findings • CodeHawks • bronzepickaxe

#42

medium

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

low

If a winner is blacklisted on any of the tokens they can't receive their funds

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

7.19 USDC • 1 total finding • CodeHawks • bronzepickaxe

#76

gas

Reentrancy guard and nonReentrant modifier not required.