Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/f17bf53b-0ac8-4d56-93cd-36a9ebb5a97d.jpg

curiousapple

Security Researcher

Exploring Ideas • Hunting In Wild • Freelancing Auditor • Previously Lead Auditor at @0xMacroSecurity

Contact Me

High

10

Total

Medium

3

Total

$38.44K

Total Earnings

#222 All Time

7x

Payouts

gold

2x

1st Places

regular

5x

Top 10

regular

7x

Top 25

All

Sherlock

Code4rena

Hats Finance

Jun '23

VMEX

VMEX

13,700 USDC • Hats • curiousapple

gold

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

3,746.2 USDC • Code4rena • curiousapple

#15

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

193.34 USDC • 6 total findings • Sherlock • curiousapple

#11

high

Incorrect ``staticOracleUniV3`` configuration for ``StableOracleWBGL`` would revert all protocol actions

high

Anybody can call ``mintRebalancer`` or ``burnRebalancer`` and manipulate ``totalSupply``

high

Rebalance swaps executed from USSD contract, could be sandwiched

high

`SellUSSDBuyCollateral` would revert in case of ``collateralval(DAI) * 1e18 / ownval < collateral[DAI].ratios[flutter]`` due to incorrect check

high

PEG could never be restored completely due incorrect derivation for amount to be swapped

medium

Chainlink's `latestRoundData()` can return stale or incorrect result

Raft

Raft

18,500 USDC • Hats • curiousapple

gold
DODO Margin Trading

DODO Margin Trading

90.81 USDC • 1 total finding • Sherlock • curiousapple

#7

high

Anyone can drain all of the user funds from margin account using external flashloan

Nov '22

Bull v Bear

Bull v Bear

598.26 USDC • 2 total findings • Sherlock • curiousapple

#5

high

[High-1] Any bull can override the already matched order with the new bear, resulting in a loss for the previous bear instantly.

high

[Medium-1] Due to external call done before state updates, bulls can add extra gas overhead for bears to settle.

FrankenDAO

FrankenDAO

1,614.45 USDC • 4 total findings • Sherlock • curiousapple

#4

high

[High-1] Lack of check on unlockTime allows any staker to inflate stakedTimeBonus to any amount

high

[High-2] Total voting power and thereby quorum would be calculated incorrectly due to missing updates for total community voting power in the delegation edge case.

medium

[Medium-1] Hardcoded `monsterMultiplier` in case of `stakedTimeBonus` disregards the updates done to `monsterMultiplier` through `setMonsterMultiplier()`

medium

[Low-1] Due to lock on actions of delegator, if the delegatee has participated in active proposals, the delegatee can stop its delegators from changing their delegation or doing unstake