https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/89ee3e52-1ad9-409e-b58f-a3c40be892f0.jpg

calc1f4r

Security Researcher

Bugs eating me alive

Contact Me

High

7

Total

Medium

14

Total

$574.00

Total Earnings

#1439 All Time

8x

Payouts

regular

4x

Top 10

regular

5x

Top 25

regular

7x

Top 50

All

Sherlock

Code4rena

CodeHawks

Apr '25

Staking Part 2

Staking Part 2

28.91 usdc • CodeHawks • calc1f4r

#20

Mar '25

Nudge.xyz

Nudge.xyz

0 USDC • Code4rena • calc1f4r

#9

Crestal Network

Crestal Network

21.72 USDC • 1 total finding • Sherlock • calc1f4r

#9

medium

Signature Replay Vulnerability in Crestal Network Deployment System

Feb '25

Core Contracts

Core Contracts

206.54 usdc • 20 total findings • CodeHawks • calc1f4r

#101

high

`BaseGauge` users can claim rewards without staking

high

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

high

RToken's transfer function lead to loss of funds due to incorrect math

high

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

high

Incorrect Debt Scaling Leading to Protocol Solvency Risk

high

Attackers can double voting power and veToken amount by locking and increasing

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

medium

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

Missing Boost State Update in extend() and withdraw()

medium

Permanent boost inflation through delegation removal in Boostcontroller.sol

medium

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

medium

RAACToken burns less tokens than expected when feeCollector is unset

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

medium

Inconsistent Fee Collector Address Validation in RAACMinter: Denial of Service for Disabling Fee Collection

low

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

low

`DebtToken::burn`'s Return Values are wrong

low

Wrong event emitted in `LendingPool::_repay`

low

`Auction::checkAuctionEnded()` function fails to handle early auction completion when all ZENO tokens are sold, potentially blocking critical post-auction processes

Nov '24

Telcoin Update #2

Telcoin Update #2

14.11 USDC • Sherlock • calc1f4r

#41

Oct '24

AXION

AXION

111.80 USDC • 1 total finding • Sherlock • calc1f4r

#10

medium

Role Revocation in initialize Function in `solidityAmo.sol`

Sep '24

WOOFi Swap on Solana

WOOFi Swap on Solana

101.15 USDC • 1 total finding • Sherlock • calc1f4r

#6

medium

Arbitrary permission initialization of wooracle contract

Aug '24

Chakra

Chakra

89.78 USDT • 2 total findings • Code4rena • calc1f4r

#29

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

medium

Wrong usage of transaction originator address instead of caller address