https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_6.png

codexploder

Security Researcher

Contact Me

High

6

Total

Medium

19

Total

$11.34K

Total Earnings

#538 All Time

22x

Payouts

regular

2x

Top 10

regular

10x

Top 25

regular

21x

Top 50

All

Code4rena

Nov '22

Redacted Cartel contest

Redacted Cartel contest

53.49 USDC • Code4rena • codexploder

#46

Blur Exchange contest

Blur Exchange contest

66.81 USDC • 1 total finding • Code4rena • codexploder

#26

medium

Yul `call` return value not checked

SIZE contest

SIZE contest

5.6 USDC • 1 total finding • Code4rena • codexploder

#42

medium

Attacker may DOS auctions using invalid bid parameters

Debt DAO contest

Debt DAO contest

62.23 USDC • 3 total findings • Code4rena • codexploder

#50

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

247.53 USDC • 1 total finding • Code4rena • codexploder

#21

medium

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

Inverse Finance contest

Inverse Finance contest

58.23 USDC • 3 total findings • Code4rena • codexploder

#39

medium

Protocol withdrawals of collateral can be unexpectedly locked if governance sets the `collateralFactorBps` to 0.

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

3xcalibur contest

3xcalibur contest

2,212.25 USDC • Code4rena • codexploder

#5

Sep '22

Canto Dex Oracle contest

Canto Dex Oracle contest

39.22 CANTO • Code4rena • codexploder

#12

Aug '22

Rigor Protocol contest

Rigor Protocol contest

90.31 USDC • 1 total finding • Code4rena • codexploder

#45

medium

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

56.13 USDC • Code4rena • codexploder

#43

Golom contest

Golom contest

174.91 USDC • Code4rena • codexploder

#62

Fractional v2 contest

Fractional v2 contest

1,216.93 USDC • 6 total findings • Code4rena • codexploder

#18

high

Fund will be stuck if a buyout is started while there are pending migration proposals

high

Migration: no check that user-supplied `proposalId` and `vault` match

high

Malicious User Could Burn The Assets After A Successful Migration

medium

Migration.join() and Migration.leave() can still work after unsucessful migration.

medium

`fallback()` function can bypass permission/auth checks imposed in `execute()`

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

Juicebox V2 contest

713.69 USDC • 3 total findings • Code4rena • codexploder

#18

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

Use a safe transfer helper library for ERC20 transfers

medium

Unhandled chainlink revert would lock all price oracle access

Jun '22

Putty contest

Putty contest

110.36 USDC • 1 total finding • Code4rena • codexploder

#44

medium

Order duration can be set to 0 by Malicious maker

Nibbl contest

Nibbl contest

65.76 USDC • Code4rena • codexploder

#21

Nested Finance contest

Nested Finance contest

153.52 USDC • Code4rena • codexploder

#9

Badger-Vested-Aura contest

Badger-Vested-Aura contest

86.84 USDC • Code4rena • codexploder

#29

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

175.59 USDC • 2 total findings • Code4rena • codexploder

#36

high

Overpayment of native ETH is not refunded to buyer

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

Canto contest

Canto contest

2,153.79 USDC • 1 total finding • Code4rena • codexploder

#14

medium

Incorrect condition always bound to fail

Connext Amarok contest

Connext Amarok contest

2,598.13 USDC • 1 total finding • Code4rena • codexploder

#12

medium

Incorrect Adopted mapping on updating wrapper token

May '22

Backd Tokenomics contest

Backd Tokenomics contest

119.82 USDC • Code4rena • codexploder

#30

Velodrome Finance contest

Velodrome Finance contest

873.88 USDC • 1 total finding • Code4rena • codexploder

#14

medium

Rewards aren't updated before user's balance change in Gauge's withdrawToken