bube

Security Researcher

Contact Me

High

Total

Medium

Total

$7.90K

Total Earnings

#605 All Time

21x

Payouts

3x

Top 10

8x

Top 25

13x

Top 50

All

Sherlock

Code4rena

CodeHawks

Mar '25

Crestal Network

0.01 USDC • 1 total finding • Sherlock • bube

#12

high

Anyone can call `Payment::payWithERC20` function

Jan '25

Part 2

425.37 usdc • 5 total findings • CodeHawks • bube

#28

high

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

medium

`_Ownable_init()` is not called in `MarketMakingEngineConfigurationBranch` contract

low

Protocol not fully compliant with ERC-7201

low

BaseAdapter::__BaseAdapter_init Should Use onlyInitializing, Not initializer

low

Issues when handling tokens in `fulfillSwap()` function

Plaza Finance

1.98 USDC • 1 total finding • Sherlock • bube

#92

high

The fee beneficiary will claim less fees than the intended fees for him

Nov '24

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • bube

#33

high

The funds assigned to the `marketFunds[profileId]` in `ReputationMarket::buyVotes` are incorrect

Sep '24

Liquid Staking

798.43 USDC • 1 total finding • CodeHawks • bube

#14

medium

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

Aug '24

Tadle

4.97 USDC • 3 total findings • CodeHawks • bube

#114

medium

Unnecessary balance checks and precision issues in TokenManager::_transfer

low

`listOffer` Unsafely References Fungible Identifiers

low

Incorrect Check in closeBidOffer function

Jul '24

Zaros Part 1

27.27 USDC • 2 total findings • CodeHawks • bube

#71

high

Incorrect logic for checking isFillPriceValid

medium

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

May '24

Beanstalk: The Finale

258.66 USDC • 3 total findings • CodeHawks • bube

#24

medium

LibUsdOracle is completely broken for the to-deploy L2 chain

low

The `LibWeth` hardcodes the `WETH` address which makes it incompatible on the to-deploy L2 chain

low

Permit functions will not work with certain tokens

Sablier

412.97 USDC • 1 total finding • CodeHawks • bube

#15

medium

Use of CREATE method is suspicious of reorg attack

Mar '24

DittoETH

511.48 USDC • 1 total finding • Code4rena • Bube

#10

medium

The `colRedeemed` variable is wrongly retrieved in `LibBytes::readProposalData` function

Feb '24

Beanstalk Part 1

4,934.04 USDC • 1 total finding • CodeHawks • bube

medium

`Chainlink` oracle returns stale price due to `CHAINLINK_TIMEOUT` variable in `LibChainlinkOracle` being set to 4 hours

AI Arena

8.81 USDC • Code4rena • Bube

#129

Jan '24

MorpheusAI

2.82 USDC • 1 total finding • CodeHawks • bube

#27

low

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Dec '23

The Standard

340.31 USDC • 3 total findings • CodeHawks • bube

medium

Missing deadline check allow pending transactions to be maliciously executed

low

`costInEuros` calculation will incur precision loss due to division before multiplication

low

Potential zero swap fee in `SmartVaultV3::swap` function

Oct '23

NextGen

0 USDC • 1 total finding • Code4rena • Bube

#115

high

Attacker can reenter to mint all the collection supply

Brahma

113.54 USDC • Code4rena • Bube

#11

Sep '23

DittoETH

33.23 USDC • 1 total finding • CodeHawks • bube

#49

low

`Errors.InvalidTwapPrice()` is never invoked when `if (twapPriceInEther == 0)` is true

Ondo Finance

18.85 USDC • Code4rena • Bube

#29

Aug '23

Sparkn

1.32 USDC • 1 total finding • CodeHawks • bube

#84

low

Lack of checking the existence of the Proxy contract

veRWA

4.23 USDC • Code4rena • Bube

#53

Jul '23

Beedle - Oracle free perpetual lending

0.00 USDC • 1 total finding • CodeHawks • bube

#235

low

Zero address leads to transaction reverts