https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_3.png

circlelooper

Security Researcher

Contact Me

High

17

Total

Medium

14

Total

$1.91K

Total Earnings

#1035 All Time

14x

Payouts

silver

1x

2nd Places

regular

2x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

CodeHawks

Nov '23

Nouns Builder

Nouns Builder

21.94 USDC • 1 total finding • Sherlock • circlelooper

#9

high

tokenRecipient mapping maps invalid baseTokenId to founder info

Kelp DAO | rsETH

Kelp DAO | rsETH

490.08 USDC • 2 total findings • Code4rena • circlelooper

#14

high

Possible arbitrage from Chainlink price discrepancy

high

Protocol mints less rsETH on deposit than intended

Oct '23

NextGen

NextGen

96.2 USDC • 3 total findings • Code4rena • circlelooper

#60

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Vulnerability in burnToMint function allowing double use of NFT

medium

Auction winner can prevent payments via `safeTransferFrom` callback

The Wildcat Protocol

The Wildcat Protocol

91.3 USDC • 2 total findings • Code4rena • circlelooper

#48

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

medium

Blocked accounts keep earning interest contrary to the WhitePaper

Aug '23

Dopex

Dopex

192.67 USDC • 3 total findings • Code4rena • circlelooper

#58

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

Improper precision of strike price calculation can result in broken protocol

high

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

29.26 USDC • 8 total findings • CodeHawks • CircleLooper

#96

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Forcing a borrower to pay a huge debt via the giveLoan()

high

Lender can Sandwich a borrower to seize his collateral

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Fixed fee level is used when swap tokens on Uniswap

low

Interest calculation error if L2 sequencer go down

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.70 USDC • 2 total findings • CodeHawks • CircleLooper

#119

high

Theft of collateral tokens with fewer than 18 decimals

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

Tokensoft

Tokensoft

173.03 USDC • 1 total finding • Sherlock • circlelooper

#12

medium

SetTotal revert due to allowance being set from non-zero value to non-zero value

Bond Options

Bond Options

99.50 USDC • 1 total finding • Sherlock • circlelooper

#17

high

Funds can be drained from FixedStrikeOptionTeller

Jun '23

Symmetrical

Symmetrical

445.93 USDC • 5 total findings • Sherlock • circlelooper

#22

high

PartyA can deny liquidations

medium

PartyA and PartyB can collude together to get funds out of a suspended account

medium

Charged trading fee and returned trading fee may be different for a quote

medium

Invalid symbol can be used in a open quote

medium

Quote value can be less than minAcceptableQuoteValue

Unitas Protocol

Unitas Protocol

97.80 USDC • 1 total finding • Sherlock • circlelooper

#17

medium

`Swap` function exposes users to unlimited slippage

May '23

DODO Margin Trading

DODO Margin Trading

116.10 USDC • 1 total finding • Sherlock • circlelooper

silver

high

MarginTrading could be drained of funds by malicious user

Ajna Protocol

Ajna Protocol

54.07 USDC • 1 total finding • Code4rena • circlelooper

#47

medium

It is possible to steal the unallocated part of every delegation period budget

Apr '23

Frankencoin

Frankencoin

0.07 USDC • 1 total finding • Code4rena • circlelooper

#69

medium

function `restructureCapTable()` in Equity.sol not functioning as expected