https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/6fdb7589-cb84-44b0-871c-087cbb2e03e2.jpg

castle_chain

Security Researcher

Rust/Solana Auditoor. Rust-Based ecosystems 🦀: Solana , CosmWasm ,Polkadot | +30 Rust Audits | +20 Solana Audits | +120 criticals/highs found.

Contact Me

High

4

Total

Medium

10

Total

$23.80K

Total Earnings

#317 All Time

15x

Payouts

silver

1x

2nd Places

regular

1x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

CodeHawks

Jul '24

MakerDAO Endgame

MakerDAO Endgame

141.35 USDC • Sherlock • castle_chain

#97

Biconomy: Nexus

Biconomy: Nexus

134.97 USDC • 1 total finding • CodeHawks • castleChain

#16

high

User may lose funds when creating Nexus account or executing user operations

Feb '24

HydraDX

HydraDX

21,555.12 USDC • 3 total findings • Code4rena • castle_chain

silver

high

An attacker possesses the capability to exhaust the entirety of liquidity within the stable swap pools by manipulating the buy function, specifically by setting the asset_in parameter equal to the asset_out parameter

medium

a huge loss of funds for all the users who try to remove liquidity after swapping got disabled at manipulated price .

medium

complete liquidity removal will result in permanent disable of the liquidity addition and prevent minting shares for the liquidity providers .

Oct '23

Ethena Labs

Ethena Labs

130.12 USDC • 1 total finding • Code4rena • castle_chain

#24

medium

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

Brahma

Brahma

14.47 USDC • Code4rena • castle_chain

#14

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

11.47 USDC • Code4rena • castle_chain

#60

Centrifuge

Centrifuge

1,154.53 USDC • 2 total findings • Code4rena • castle_chain

#11

medium

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

medium

onlyCentrifugeChainOrigin() can't require msg.sender equal axelarGateway

Ondo Finance

Ondo Finance

116.18 USDC • Code4rena • castle_chain

#24

Aug '23

Cooler Update

Cooler Update

187.03 USDC • 3 total findings • Sherlock • castle_chain

#11

high

allowing the transfer of ownership of the loans , which the callback is activated , to an EOA (externally owned account) will force the loan become default

medium

malicious lender can force the borrower to pay a much more debt amount to take his collateral , otherwise the Lender force Loan become default

medium

calling `claimDefault` function from the cooler contract of the clearingHouse loans will cause the `gOHM` tokens to be locked forever .

Sparkn

Sparkn

87.85 USDC • 7 total findings • CodeHawks • castleChain

#28

medium

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

low

If a winner is blacklisted on any of the tokens they can't receive their funds

low

Owner can incorrectly pull funds from contests not yet expired

low

Lack of checking the existence of the Proxy contract

low

Precision loss/Rounding to Zero in `_distribute()`

low

DAI Tokens at Risk Due to Lack of address(0) Check in distribute

low

Using basis points for percentage is not precise enough for realistic use-cases

veRWA

veRWA

9.82 USDC • Code4rena • castle_chain

#52

Tangible Caviar

Tangible Caviar

206.8 USDC • Code4rena • castle_chain

#40

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

40.36 USDC • 15 total findings • CodeHawks • castleChain

#80

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

medium

No expiration deadline leads to losing a lot of funds

medium

Single-step process for critical ownership transfer is risky

low

Zero address leads to transaction reverts

low

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

gas

Multiple accesses of a mapping/array should use a local variable cache.

gas

+= and -= are more expensive

gas

The `for loops` inside the borrow(), repay(), giveLoan() & startAuction() functions in Lender contract are probably gas-guzzlers

gas

Uncheck Arithmetic where overflow/underflow impossible

gas

Using Private Rather Than Public For Constants,Saves Gas

gas

Use of magic numbers

gas

For the borrow(), repay() & startAuction() functions in Lender.sol the public visibility modifiers should be changed to external, to help optimize gas usage

gas

caching variable of struct in one slot

gas

save storage slot

gas

an important value does not been returned

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

3.24 USDC • 5 total findings • CodeHawks • castleChain

#105

low

Lack of events for critical actions

low

Precision loss when calculating the health factor

gas

using x=x+y /x=x-y is more gas efficient than x+=y / x-=y

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

gas

Constants should be be used for hardcoded values

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

8.15 USDC • 3 total findings • CodeHawks • castleChain

#73

low

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

gas

Contract Can Be Deployed Without Funds.

gas

Use predefined address instead of `address(this)`