https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_2.png

c3phas

Security Researcher

Contact Me

High

11

Total

Medium

9

Total

$26.59K

Total Earnings

#360 All Time

99x

Payouts

gold

2x

1st Places

regular

9x

Top 10

regular

46x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Aug '25

Neutrl Protocol

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • c3phas

gold

medium

Users with the FULL_RESTRICTED_STAKER_ROLE can still stake whenever receiver is not restricted

Jul '25

Audit Comp | Folks Smart Contract Library

Audit Comp | Folks Smart Contract Library

75 USDC • 1 total finding • Immunefi • c3phas

#18

low

Finding not yet public.

May '25

mystic-monorepo

mystic-monorepo

135.95 USDC • 6 total findings • Cantina • c3phas

#23

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Apr '25

mighty-contracts

mighty-contracts

12.18 USDC • 2 total findings • Cantina • c3phas

#69

high

Finding not yet public.

medium

Finding not yet public.

Mar '25

Crestal Network

Crestal Network

0.01 USDC • 1 total finding • Sherlock • c3phas

#12

high

Attacker can steal all tokens as a result of the payWithERC20() function being public

Jan '25

daao-contracts

daao-contracts

106.11 USDC • 2 total findings • Cantina • c3phas

#38

high

Finding not yet public.

high

Finding not yet public.

Dec '24

Mach Finance

Mach Finance

615.38 USDC • 1 total finding • Sherlock • c3phas

gold

medium

Using Stale price in pyth network

Jan '24

Curves

Curves

67.43 USDC • 2 total findings • Code4rena • c3phas

#54

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Oct '23

NextGen

NextGen

120.11 USDC • 2 total findings • Code4rena • c3phas

#55

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

0.00 USDC • 1 total finding • CodeHawks • c3phas

#233

gas

Uncheck Arithmetic where overflow/underflow impossible

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

113.94 USDC • 1 total finding • Code4rena • c3phas

#38

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Jul '22

ENS contest

ENS contest

129.23 USDC • 1 total finding • Code4rena • c3phas

#37

medium

transfer() depends on gas consts

Fractional v2 contest

Fractional v2 contest

174.66 USDC • 1 total finding • Code4rena • c3phas

#51

medium

Use of `payable.transfer()` may lock user funds