https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/2ce7e487-d85f-4f3d-86f3-2544c137ac29.jpg

coffiasd

Security Researcher

Smart Contract Security | Web3 Full Stack Developer | Dm is Open

Contact Me

High

Total

Medium

Total

$6.85K

Total Earnings

#737 All Time

15x

Payouts

1x

3rd Places

8x

Top 10

10x

Top 25

All

Sherlock

Sep '25

Summer.fi - governance v2

66.98 USDC • 1 total finding • Sherlock • coffiasd

medium

notifyRewardAmount an removed old token can lead to calculation error

Jul '25

DeBank

165.13 USDC • Sherlock • coffiasd

#21

Notional Exponent

23.96 USDC • 2 total findings • Sherlock • coffiasd

#45

medium

Migration DoS can occur if a user has not borrowed any assets in the previous LendingRouter

medium

initializeMarket can be frontrun lead to transaction revert

Feb '25

Rova

0.04 USDC • 1 total finding • Sherlock • coffiasd

medium

updateParticipation use currencyAmount instead of tokenAmount lead to calculation result error

Aug '24

ZeroLend One

182.51 USDC • 4 total findings • Sherlock • coffiasd

#31

high

The liquidation process did not pay back the borrowed assets

high

user can't repay assets due to BalanceMisMatch error

high

The `executeMintToTreasury` function incorrectly decreases the total supply of shares

medium

chainlink oracles that have different decimals will return the wrong prices

Jul '24

MagicSea - the native DEX on the IotaEVM

78.12 USDC • 6 total findings • Sherlock • coffiasd

#30

high

Incorrect owner check lead to protocol dos

high

user may not vote at the begining of each voting period can lead to reward token stuck in the briberewarder contract

high

current lock state is not checked lead to user can vote even if lock state is expired

medium

malicious can by pass the operator or owner check

medium

A malicious user can push in a malicious rewarder contract into voter contract

medium

the check of weather sender is current owner is incorrect

Velocimeter

813.32 USDC • 3 total findings • Sherlock • coffiasd

high

pause or kill gauge can lead to FLOW token stuck in voter

high

disable_max_lock function incorrectly sets the maxLockIdToIndex mapping when its length is one

medium

possible breakdown of the pair swap

Apr '24

Zivoe

40.03 USDC • 2 total findings • Sherlock • coffiasd

#50

high

Malicious users can deposit zero amount of reward tokens to manipulate the reward rate, leading to the loss of rewards for other users

high

User get less amount of pZVE than 5% of the total ZVE supply as expected

Jan '24

Notional Update #5

2,814.64 USDC • 1 total finding • Sherlock • coffiasd

high

Lender transactions can be front-run, leading to lost funds

Dec '23

Footium Update

281.01 USDC • Sherlock • coffiasd

Olympus RBS 2.0

424.43 USDC • 2 total findings • Sherlock • coffiasd

#14

medium

Use totalSupply to get the total supply of a specific pool

medium

The method of calculating deviation is incorrect

Nov '23

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • coffiasd

high

The auction could break due to a rounding error

high

Update founders could lead to voting power calculation errors, due to the incorrect value of baseTokenId

Notional Update #4

712.57 USDC • 1 total finding • Sherlock • coffiasd

high

Checking for an invalid reward token could potentially lead to a executeRewardTrades DOS

Oct '23

LooksRare

166.38 USDC • 1 total finding • Sherlock • coffiasd

medium

Wound agent can't invoke heal in the next round

Sep '23

Allo V2

1.30 USDC • 2 total findings • Sherlock • coffiasd

#69

high

the of voiceCredits not record lead to a single allocator could allocate an unlimited amount of voice credits

medium

allocator voiceCreditsCastToRecipient value calculate twice resulting in an incorrect calculation