https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/b107e891-f791-4050-9473-f0ec7830af9e.jpg

dany.armstrong90

Senior Blockchain Audior

An independent blockchain security researcher currently active in audit contests on platforms such as Code4rena, Sherlock, CodeHawks and Immunefi.

Contact Me

High

59

Total

Medium

1

Solo

78

Total

$35.71K

Total Earnings

#242 All Time

64x

Payouts

gold

1x

1st Places

bronze

4x

3rd Places

regular

21x

Top 10

All

Sherlock

Code4rena

CodeHawks

Feb '25

Liquidity Management

Liquidity Management

50.30 usdc • 2 total findings • CodeHawks • danielarmstrong

#43

low

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

low

Settlement Flow Can Be Disrupted When Market Decrease Order is Disabled

Jan '25

IQ AI

IQ AI

915.76 USDC • 1 total finding • Code4rena • DanielArmstrong

#5

medium

Attacker can DOS liquidity migration in LiquidityManager.sol

Part 2

Part 2

119.82 usdc • 3 total findings • CodeHawks • danielarmstrong

#41

medium

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

medium

Refund Underflow in Swap Refund Logic Leading to Locked Funds

medium

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

Aave v3.3

Aave v3.3

519.35 USDC • Sherlock • dany.armstrong90

#46

Dec '24

QuantAMM

QuantAMM

868.04 op • 4 total findings • CodeHawks • danielarmstrong

#15

high

Slight miscalculation in maxAmountsIn for Admin Fee Logic in UpliftOnlyExample::onAfterRemoveLiquidity Causes Lock of All Funds

medium

formula Deviation from White Paper and Weighted Pool `performUpdate` unintended revert

low

Inconsistent timestamp storage when the LPNFT is transferred.

low

Liquidity Removal Reverts in `onAfterRemoveLiquidity` Callback Triggered by `removeLiquidityProportional`

SecondSwap

SecondSwap

0.41 USDC • 3 total findings • Code4rena • DanielArmstrong

#64

high

Users can claim more that their actual allotment

medium

Incorrect listing type validation bypasses enforcement of minimum purchase amount

medium

Incorrect referral fee calculations

Nov '24

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • dany.armstrong90

gold

high

Malicious User Can Front-Run and Steal Token Claims in `VVVVCTokenDistributor.claim()` Function.

Debita Finance V3

Debita Finance V3

108.40 USDC • 4 total findings • Sherlock • dany.armstrong90

#26

medium

Malicious lender can delete all lend offers.

medium

Borrowers will overpay fees when extending loans.

medium

Extending loan will revert due to the unused variable.

medium

Rounding error in `DebitaIncentives.claimIncentives()` function.

Telcoin Update #2

Telcoin Update #2

52.88 USDC • Sherlock • dany.armstrong90

#25

Oct '24

Usual V1

Usual V1

1,013.20 USDC • 1 total finding • Sherlock • dany.armstrong90

bronze

high

Withdrawal fee for UsualX vault will be mis-calculated.

Ethos Network Social Contracts

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • dany.armstrong90

#6

medium

Deleted address can still perform actions allowed to undeleted addresses.

Kleidi

Kleidi

393.19 USDC • 1 total finding • Code4rena • DanielArmstrong

#9

medium

Wrong handling of call data check indices, forcing it sometimes to revert

AXION

AXION

50.94 USDC • 1 total finding • Sherlock • dany.armstrong90

#12

medium

Contracts of the codebase will not strictly compliant with the ERC-1504.

predict.fun lending market

predict.fun lending market

337.23 USDC • 1 total finding • Sherlock • dany.armstrong90

#6

medium

Users will pay less fee than it should be.

Sep '24

Liquid Staking

Liquid Staking

19.41 USDC • 1 total finding • CodeHawks • danielarmstrong

#39

medium

Remove splitter will always revert if there are some rewards left on splitter contract

Flayer

Flayer

2,014.22 USDC • 11 total findings • Sherlock • dany.armstrong90

#4

high

`Listings.relist()` function doesn't set `listing.created` as `block.timestamp`.

high

`TaxCalculator.calculateCompoundedFactor()` function inflate the compounded factor by 10 times.

high

User can avoid protected listing fee.

high

User can pay less protected listing fees.

high

Attacker can lock shutdown voters' collectionTokens forever.

high

User can unlock protected listing without paying any fee.

high

Attacker can take out user's repaid protected listing NFT with only `1 ether`.

high

Attacker can lock all ethers after shutdown executed and collection liquidation completed.

medium

Attacker can disable `CollectionShutdown.preventShutdown()` function.

medium

Beneficiary will lose unclaimed fees.

medium

User may lose fund when modify listings.

Aug '24

Chakra

Chakra

1.78 USDT • 2 total findings • Code4rena • DanielArmstrong

#58

high

Anyone can manipulate user nonce (nonce_manager) in settlement contract

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

410.78 USDC • Sherlock • dany.armstrong90

bronze
Phi

Phi

17.56 USDC • 2 total findings • Code4rena • DanielArmstrong

#40

high

`shareBalance` bloating eventually blocks curator rewards distribution

medium

Refunds sent to incorrect addresses in certain cases

ZeroLend One

ZeroLend One

591.12 USDC • 5 total findings • Sherlock • dany.armstrong90

#17

high

Wrong calculation of supply balance and debt balance when withdraw and repay.

high

The protocol considers shares as amount when liquidation.

medium

The protocol updates interest rates of collateral wrongly when liquidation.

medium

Partial repayment is reverted because of rounding error.

medium

Allocator will not be able to withdraw all assets from pool.

Fjord Token Staking

Fjord Token Staking

0.19 USDC • 1 total finding • CodeHawks • danielarmstrong

#20

medium

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Winnables Raffles

Winnables Raffles

6.39 USDC • 3 total findings • Sherlock • dany.armstrong90

#29

high

Ethers of refunded amount for canceled raffle will be locked for the next raffles.

high

Attacker can set prize manager address of CCIP message as whatever he wants.

medium

Admin can't revoke role.

Sentiment V2

Sentiment V2

10.58 USDC • 1 total finding • Sherlock • dany.armstrong90

#43

medium

SuperPool doesn't strictly comply with ERC-4626.

Tadle

Tadle

45.39 USDC • 4 total findings • CodeHawks • danielarmstrong

#67

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

TokenManager - Unlimited withdraw

high

Native token withdrawal fails until manually approved

high

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Jul '24

Reserve Core

Reserve Core

0 USDC • Code4rena • DanielArmstrong

#7

Zaros Part 1

Zaros Part 1

279.70 USDC • 2 total findings • CodeHawks • danielarmstrong

#26

high

`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected

high

Wrong parameter passed in `TradingAccount::deductAccountMargin` function that results in excess margin withdrawal

MakerDAO Endgame

MakerDAO Endgame

1,363.30 USDC • Sherlock • dany.armstrong90

#48

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

1,728.83 USDC • 9 total findings • Sherlock • dany.armstrong90

#4

high

A malicious user can use voting power doubly.

high

`Voting` is always reverted when it has `bribes` to notify.

high

Remained rewards for period which is not voted can be freezed to `BribeRewarder`.

high

Total LUM rewards may be distributed for exeeding the `_lumPerSecond`.

medium

`MlumStaking.sol#addToPosition` function has error in calculating the average lock duration.

medium

`MlumStaking.sol#harvestPositionsTo` function doesn't function properly.

medium

An attacker can acquire much share of rewards by sandwiching transaction which transfers rewards to `MlumStaking`.

medium

The `lockMultiplier` can be decreased unexpectedly by `renewLockPosition`.

medium

Anyone can create bribe rewarder.

Velocimeter

Velocimeter

758.73 USDC • 2 total findings • Sherlock • dany.armstrong90

#8

high

The claimable amount of Flow token for paused gauge will be locked forever.

medium

`Voter.sol#replaceFactory` function has errors in validity check.

Jun '24

Vultisig

Vultisig

196.77 USDC • 2 total findings • Code4rena • DanielArmstrong

#19

high

Vultisig whitelisting can be bypassed by anyone

medium

`claim` function lacks slippage controls for `amount0` and `amount1` returned by `pool.burn` function call

Size

Size

78.97 USDC • 4 total findings • Code4rena • DanielArmstrong

#44

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

May '24

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

252.25 USDC • 1 total finding • Sherlock • dany.armstrong90

#17

medium

The condition check of function `DrawManager.sol#canStartDraw` is wrong.

Elfi

Elfi

325.25 USDC • 4 total findings • Sherlock • dany.armstrong90

#16

high

User with two or more cross margin positions can update all positions from balance margin at a time.

high

Attacker can inflate stake rewards as he wants.

medium

Keeper couldn't recognize the loss of order execution fee.

medium

Depositor may deposit in excess of `collateralUserCap`.

Apr '24

Renzo

Renzo

1.52 USDC • 3 total findings • Code4rena • DanielArmstrong

#53

high

Incorrect withdraw queue balance in TVL calculation

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

medium

Lack of slippage and deadline during withdraw and deposit

NOYA

NOYA

13.14 USDC + NOYA stars • 4 total findings • Code4rena • DanielArmstrong

#91

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

medium

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Zivoe

Zivoe

1,181.47 USDC • 4 total findings • Sherlock • dany.armstrong90

#19

high

It may not be consistent in calculating the Reward compensation for LPs.

high

The 5% ZVE Token is not distributed to the ITO participants.

medium

`ZivoeTranches#rewardZVEJuniorDeposit` function miscalculates the reward when the ratio traverses lower/upper bound.

medium

The `OCL_ZVE.sol#pushToLockerMulti` function call can often fail.

Panoptic

Panoptic

3,189.89 USDC • 2 total findings • Code4rena • DanielArmstrong

#9

high

`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added

medium

Wrong leg `chunkKey` calculation in `haircutPremia` function

Mar '24

Ondo Finance

Ondo Finance

8.28 USDC • Code4rena • DanielArmstrong

#17

Revert Lend

Revert Lend

594.73 USDC • 2 total findings • Code4rena • DanielArmstrong

#23

medium

`DailyLendIncreaseLimitLeft` and `dailyDebtIncreaseLimitLeft` are not adjusted accurately.

medium

Users can lend and borrow above allowed limitations

Feb '24

Wise Lending

Wise Lending

940.15 USDC • 1 total finding • Code4rena • DanielArmstrong

#19

medium

User's attempt to deposit & withdraw reverts due to the calculation style inside `_calculateShares()`

Althea Liquid Infrastructure

Althea Liquid Infrastructure

32.91 USDC • 2 total findings • Code4rena • DanielArmstrong

#31

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

medium

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

AI Arena

AI Arena

2,441.52 USDC • 7 total findings • Code4rena • DanielArmstrong

#6

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

medium

Erroneous probability calculation in physical attributes can lead to significant issues

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

Covalent

Covalent

386.29 USDC • 1 total finding • Sherlock • dany.armstrong90

#7

medium

OperationalStaking.sol has rounding errors.

Flat Money

Flat Money

80.91 USDC • 1 total finding • Sherlock • dany.armstrong90

#17

high

Attacker can sell a position which is pending to close.

Avail

Avail

1,466.68 USDC • Sherlock • dany.armstrong90

bronze
LooksRare YOLO

LooksRare YOLO

17.38 USDC • 1 total finding • Sherlock • dany.armstrong90

#7

high

An attacker can steal other users' entries and dominate a round.

Salty.IO

Salty.IO

385.59 USDC • 4 total findings • Code4rena • DanielArmstrong

#36

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

THE USER WHO WITHDRAWS LIQUIDITY FROM A PARTICULAR POOL IS ABLE TO CLAIM MORE REWARDS THAN HE DULY DESERVES BY CAREFULLY SELECTING A `decreaseShareAmount` VALUE SUCH THAT THE `virtualRewardsToRemove` IS ROUNDED DOWN TO ZERO

medium

When forming POL the DAO will end up stucked with DAI and USDS tokens that cannot handle.

medium

DOS of proposals by abusing ballot names without important parameters

JOJO Exchange Update

JOJO Exchange Update

307.00 USDC • 2 total findings • Sherlock • dany.armstrong90

#6

medium

JUSDBankStorage.sol#accrueRate function has an error in calculating the tRate.

medium

Funding.sol#requestWithdraw function has an error.

Curves

Curves

5.35 USDC • 4 total findings • Code4rena • DanielArmstrong

#97

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

reNFT

reNFT

3.99 USDC • Code4rena • DanielArmstrong

#66

Truflation

Truflation

67.11 USDC • 1 total finding • Sherlock • dany.armstrong90

#10

medium

VotingEscrowTruf.sol#migrateVestingLock: does not recover user's unclaimed staking reword.

Dec '23

Footium Update

Footium Update

52.84 USDC • Sherlock • dany.armstrong90

#21

Revolution Protocol

Revolution Protocol

228.29 USDC • 3 total findings • Code4rena • DanielArmstrong

#28

medium

`ERC20TokenEmitter::buyToken` function mints more tokens to users than it should do

medium

MaxHeap.sol: Already extracted tokenId may be extracted again.

medium

Since buyToken function has no slippage checking, users can get less tokens than expected when they buy tokens directly

Ethereum Credit Guild

Ethereum Credit Guild

131.13 USDC • 3 total findings • Code4rena • DanielArmstrong

#62

high

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

medium

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

medium

Replay attack to suddenly offboard the re-onboarded lending term

Olympus RBS 2.0

Olympus RBS 2.0

9,054.48 USDC • 6 total findings • Sherlock • dany.armstrong90

bronze

high

OlympusPrice.v2.sol#storePrice: The moving average prices are used recursively for the calculation of the moving average price.

medium

Wrong calculation of ProtocolOwnedLiquidityOhm in BunnySupply.

medium

OlympusSupply.getReservesByCategory function always revert for some categories.

medium

Incorrect calculation of the BunniTokenPrice.

medium

The check for deviation in Deviation.sol is not valid.

medium

Price can be miscalculated.

Nov '23

Nouns Builder

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • dany.armstrong90

#5

high

The first founder is to be allocated less tokens than other founders.

high

It can be impossible to settle the auction.

Kelp DAO | rsETH

Kelp DAO | rsETH

112.05 USDC • 2 total findings • Code4rena • DanielArmstrong

#36

high

Protocol mints less rsETH on deposit than intended

medium

Update in strategy will cause wrong issuance of shares

Oct '23

NextGen

NextGen

35.61 USDC • 2 total findings • Code4rena • DanielArmstrong

#70

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.68 USDC • Code4rena • DanielArmstrong

#55

Allo V2

Allo V2

6.51 USDC • 3 total findings • Sherlock • dany.armstrong90

#61

high

The total amount of credits per `allocator` can be exceed `maxVoiceCreditsPerAllocator` in `QVSimpleStrategy`.

medium

Allocation can be set invalid by incorrect calculation for quadratic voting strategies in QVBaseStrategy.

medium

Function `_distribute` of `RFPSimpleStrategy.sol` would be reverted due to the coding error.

Aug '23

Dopex

Dopex

0.01 USDC • 1 total finding • Code4rena • DanielArmstrong

#129

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Good Entry

Good Entry

625.44 USDC • 1 total finding • Code4rena • DanielArmstrong

#17

high

V3Proxy swapTokensForExactETH does not send back to the caller the unused input tokens

Jul '23

Tokensoft

Tokensoft

66.79 USDC • 1 total finding • Sherlock • dany.armstrong90

#15

high

Malicious beneficiary will get more voting power than normal.

Index Update

Index Update

501.88 USDC • 1 total finding • Sherlock • dany.armstrong90

#6

medium

Change price calculation in BoundedStepwiseExponentialPriceAdapter.getPrice() is incorrect.