https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/2ce7e487-d85f-4f3d-86f3-2544c137ac29.jpg

coffiasd

Security Researcher

Smart Contract Security | Web3 Full Stack Developer | Dm is Open

Contact Me

High

15

Total

Medium

10

Total

$6.59K

Total Earnings

#669 All Time

12x

Payouts

bronze

1x

3rd Places

regular

7x

Top 10

regular

8x

Top 25

All

Sherlock

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • coffiasd

bronze

medium

updateParticipation use currencyAmount instead of tokenAmount lead to calculation result error

Aug '24

ZeroLend One

ZeroLend One

182.51 USDC • 4 total findings • Sherlock • coffiasd

#31

high

The liquidation process did not pay back the borrowed assets

high

user can't repay assets due to BalanceMisMatch error

high

The `executeMintToTreasury` function incorrectly decreases the total supply of shares

medium

chainlink oracles that have different decimals will return the wrong prices

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

78.12 USDC • 6 total findings • Sherlock • coffiasd

#30

high

Incorrect owner check lead to protocol dos

high

user may not vote at the begining of each voting period can lead to reward token stuck in the briberewarder contract

high

current lock state is not checked lead to user can vote even if lock state is expired

medium

malicious can by pass the operator or owner check

medium

A malicious user can push in a malicious rewarder contract into voter contract

medium

the check of weather sender is current owner is incorrect

Velocimeter

Velocimeter

813.32 USDC • 3 total findings • Sherlock • coffiasd

#7

high

pause or kill gauge can lead to FLOW token stuck in voter

high

disable_max_lock function incorrectly sets the maxLockIdToIndex mapping when its length is one

medium

possible breakdown of the pair swap

Apr '24

Zivoe

Zivoe

40.03 USDC • 2 total findings • Sherlock • coffiasd

#50

high

Malicious users can deposit zero amount of reward tokens to manipulate the reward rate, leading to the loss of rewards for other users

high

User get less amount of pZVE than 5% of the total ZVE supply as expected

Jan '24

Notional Update #5

Notional Update #5

2,814.64 USDC • 1 total finding • Sherlock • coffiasd

#4

high

Lender transactions can be front-run, leading to lost funds

Dec '23

Footium Update

Footium Update

281.01 USDC • Sherlock • coffiasd

#9

Olympus RBS 2.0

Olympus RBS 2.0

424.43 USDC • 2 total findings • Sherlock • coffiasd

#14

medium

Use totalSupply to get the total supply of a specific pool

medium

The method of calculating deviation is incorrect

Nov '23

Nouns Builder

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • coffiasd

#5

high

The auction could break due to a rounding error

high

Update founders could lead to voting power calculation errors, due to the incorrect value of baseTokenId

Notional Update #4

Notional Update #4

712.57 USDC • 1 total finding • Sherlock • coffiasd

#5

high

Checking for an invalid reward token could potentially lead to a executeRewardTrades DOS

Oct '23

LooksRare

LooksRare

166.38 USDC • 1 total finding • Sherlock • coffiasd

#8

medium

Wound agent can't invoke heal in the next round

Sep '23

Allo V2

Allo V2

1.30 USDC • 2 total findings • Sherlock • coffiasd

#69

high

the of voiceCredits not record lead to a single allocator could allocate an unlimited amount of voice credits

medium

allocator voiceCreditsCastToRecipient value calculate twice resulting in an incorrect calculation