https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_5.png

ck

Security Researcher

Contact Me

High

14

Total

Medium

21

Total

$34.58K

Total Earnings

#239 All Time

33x

Payouts

silver

1x

2nd Places

bronze

2x

3rd Places

regular

13x

Top 10

All

Sherlock

Code4rena

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

135.63 USDC • Sherlock • ck

#12

Jan '25

Peapods

Peapods

655.45 USDC • 3 total findings • Sherlock • ck

#14

medium

`LeverageManager._acquireBorrowTokenForRepayment` will revert due to `_props.sender` not being when removing leverage

medium

The amount of shares needed for redemption of borrow tokens is underquoted during the removal of leverage process leading to reverting.

medium

`_closeFeeAmt` is bypassed when removing leverage if borrow tokens need to be acquired

Aave v3.3

Aave v3.3

1,472.93 USDC • Sherlock • ck

#26

Nov '24

Extra Finance

Extra Finance

575.86 OP • Sherlock • ck

#5

Findings not publicly available for private contests.

Jul '24

MakerDAO Endgame

MakerDAO Endgame

2,812.26 USDC • Sherlock • ck

#33

Jun '24

Orderly Network

Orderly Network

7,266.79 USDC • Sherlock • ck

#4

Findings not publicly available for private contests.

dHEDGE

dHEDGE

1,187.34 USDC • Sherlock • ck

#10

Findings not publicly available for private contests.

Apr '24

FairSide Network

FairSide Network

3,706.89 USDC • Sherlock • ck

bronze

Findings not publicly available for private contests.

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

173.57 USDC • Sherlock • ck

#13

Feb '24

Stealth

Stealth

2,000 USDC • Sherlock • ck

silver

Findings not publicly available for private contests.

100x

100x

532.01 USDC • Sherlock • ck

#6

Findings not publicly available for private contests.

Jan '24

Olympus On-Chain Governance

Olympus On-Chain Governance

971.21 USDC • 1 total finding • Sherlock • ck

#4

medium

`Timelock::setDelay` and `Timelock::setPendingAdmin` are highly sensitive but haven't been included in the high risk quorum requirements

Avail

Avail

242.07 USDC • Sherlock • ck

#9

Nov '23

Kelp DAO | rsETH

Kelp DAO | rsETH

144.91 USDC • 2 total findings • Code4rena • ck

#26

high

The price of rsEHT could be manipulated by the first staker

medium

Lack of slippage control on LRTDepositPool.depositAsset

Jul '23

Tokemak

Tokemak

1,396.57 USDC • 3 total findings • Sherlock • ck

#17

high

A malicious user can prevent the liquidator role receiving rewards

high

`LMPVaultRouterBase::mint` and `LMPVaultRouterBase::deposit` transfer extra assets from the user when ETH is provided

medium

`LMPDebt::flashrebalance` passes the wrong amount to `_handleRebalanceIn`

Beam

Beam

240.05 USDC • Sherlock • ck

#6

Tapioca DAO

Tapioca DAO

46.37 USDC • 1 total finding • Code4rena • ck

#86

medium

BigBang and Singularity should not pause repay() and liquidate()

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 1 total finding • Sherlock • ck

#100

high

`IStaticOracle` references the wrong addresses

Apr '23

Teller

Teller

40.01 USDC • 3 total findings • Sherlock • ck

#44

medium

Protocol does not support fee on transfer tokens

medium

Market owners can either profit from borrowers or grief them by frontrunning bid submissions

medium

Protocol owner can steal funds by setting a high protocol fee just before a bid is accepted

Notional Update #3

Notional Update #3

2,572.61 USDC • Sherlock • ck

bronze

Findings not publicly available for private contests.

Caviar Private Pools

Caviar Private Pools

5.98 USDC • 1 total finding • Code4rena • ck

#73

medium

`changeFeeQuote` will fail for low decimal ERC20 tokens

Mar '23

Gitcoin

Gitcoin

205.57 USDC • Sherlock • ck

#22

Asymmetry contest

Asymmetry contest

24.89 USDC • 2 total findings • Code4rena • ck

#96

high

An attacker can manipulate the preDepositvePrice to steal from other users.

medium

DoS due to external call failure

Y2K

Y2K

330.03 USDC • 3 total findings • Sherlock • ck

#38

high

`ownerToRollOverQueueIndex` is incorrectly updated if user already in queue

medium

Malicious depositos and relayers can cause denial of service in `mintDepositInQueue`

medium

`mintRollovers` can fail if too many roll overs don't have adequate shares

Taurus

Taurus

183.09 USDC • 1 total finding • Sherlock • ck

#10

high

Protocol does not handle tokens that don't use 18 decimals

Feb '23

Surge

Surge

3.65 USDC • 1 total finding • Sherlock • ck

#22

high

A malicious early depositor can manipulate share price and profit from future depositors

Fair Funding by Alchemix & Unstoppable

Fair Funding by Alchemix & Unstoppable

34.48 USDC • 1 total finding • Sherlock • ck

#8

medium

Auction can be started without previous one being settled

Carapace

Carapace

773.93 USDC • 1 total finding • Sherlock • ck

#15

high

Withdrawal cycle restriction can be bypassed

OpenQ

OpenQ

1,663.54 USDC • 2 total findings • Sherlock • ck

#10

high

`_claimOngoingBounty` only claims the `payoutToken` but allows NFT deposits

medium

Array mismatch can happen when setting a new payout schedule

Jan '23

Optimism

Optimism

4,575.94 USDC • Sherlock • ck

#15

Cooler

Cooler

55.05 USDC • 2 total findings • Sherlock • ck

#26

high

No check on `transfer()` and `transferFrom()` return values

medium

Rounding issues will affect the repayment of loans

UXD Protocol

UXD Protocol

248.03 USDC • 2 total findings • Sherlock • ck

#20

high

`PerpDepository::rebalance` does not check if caller is authorized to use another user's account for shortfall transactions.

high

`PerpDepository::rebalanceLite` does not check if caller is authorized to use another user's account for rebalancing

Dec '22

GoGoPool contest

GoGoPool contest

299.96 USDC • 5 total findings • Code4rena • ck

#44

high

Inflation of ggAVAX share price by first depositor

medium

Users may not be able to redeem their shares due to underflow

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

medium

slashing fails when node operator doesn't have enough staked `GGP`

medium

Bypass `whenNotPaused` modifier