https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0952d988-affa-4ad9-abdc-6664580830ad.png

cryptomoon

Security Researcher

Contact Me

High

16

Total

Medium

18

Total

$5.71K

Total Earnings

#705 All Time

7x

Payouts

regular

4x

Top 10

regular

5x

Top 25

regular

7x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • cryptomoon

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Sep '24

symbioticfi-core

symbioticfi-core

3,555.42 USDC • 3 total findings • Cantina • cryptomoon

#6

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

Sentiment V2

Sentiment V2

22.76 USDC • 3 total findings • Sherlock • cryptomoon

#40

medium

No Enforcement of Pause Functionality in SuperPool contract

medium

DOS on reallocate function in SuperPool

medium

No one will liquidate the position if `liquidation discount` is less than `liquidation fee`

Tadle

Tadle

348.95 USDC • 11 total findings • CodeHawks • cryptomoon

#19

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

high

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

medium

`WrappedNativeToken` Can Only Work in `NativeToken` Mode

low

`listOffer` Unsafely References Fungible Identifiers

low

PreMarkets - Unable to withdraw platform rewards

Jul '24

TraitForge

TraitForge

160.73 USDC • 8 total findings • Code4rena • cryptomoon

#29

high

Number of entities in generation can surpass the 10k number

high

Incorrect Percentage Calculation in NukeFund and EntityForging when `taxCut` is Changed from Default Value

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

Pause and unpause functions are inaccessible

medium

NFTs mature too slowly under default settings.

medium

`Golden God` Tokens can be minted twice per generation

medium

TraitForgeNft: Generations without a golden god are possible

Zaros Part 1

Zaros Part 1

1,149.97 USDC • 15 total findings • CodeHawks • cryptomoon

#9

high

Inadequate Checking of `isIncreasing` when trader adjusts position size

high

`SettlementBranch._fillOrder` does not guarantee the collateral of a position is enough to pay the future liquidation fee.

high

Incorrect logic for checking isFillPriceValid

high

Market Disruption and Financial Loss Post-Liquidation

high

Wrong parameter passed in `TradingAccount::deductAccountMargin` function that results in excess margin withdrawal

medium

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

medium

Incorrect liquidatable checking for market order creation

medium

SEV 5: The getAccountMarginRequirementUsdAndUnrealizedPnlUsd function returns incorrect margin requirement values when a position is being changed

low

QA Report - 0xStalin - Low Severities

low

Functions calling `verifyReport` to verify offchain prices from chainlink will fail

low

Deleting CollateralTypes from the CollateralLiquidationPriority allows traders to be liquidated for free and getting back their full collateral as if they were not liquidated.

low

UpgradeBranch.sol does not use _disableInitializers()

low

Trading accounts can exceed the maximum number of allowed open positions.

low

Potential `EIP712` violation in multiple cases

low

Missing expiration check in `Data Streams` report validation allows the use of expired report data

TempleGold

TempleGold

470.93 USDC • 5 total findings • CodeHawks • cryptomoon

#9

medium

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

medium

Changes to vesting period is not handled inside `_getVestingRate`

low

Auction tokens cannot be recovered for the first ever spice auction

low

TempleGold tokens cannot be recovered when a `DaiGoldAuction` ends with 0 bids

low

Incorrect templeGold minting due to unresolved accumulation in `TempleGold::setVestingFactor`