Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/d15a614c-2fce-4d61-965b-e1828650073e.jpg

deadrxsezzz

Security Researcher

fully dedicated to web3 | DM to get your code secured 🛡️

Contact Me

High

12

Total

Medium

24

Total

$62.16K

Total Earnings

#140 All Time

19x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

7x

Top 10

All

Sherlock

Code4rena

Aug '24

The Wildcat Protocol

The Wildcat Protocol

47,697.65 USDC • 5 total findings • Code4rena • deadrxsezzz

gold

high

User could withdraw more than supposed to, forcing last user withdraw to fail

medium

Users are incentivized to not withdraw immediately after the market is closed.

medium

Role providers can bypass intended restrictions and lower expiry set by other providers

medium

`FixedTermLoanHook` looks at `block.timestamp` instead of `expiry`

medium

Inconsistency across multiple repaying functions causing lender to pay extra fees.

Feb '24

AI Arena

AI Arena

0.33 USDC • 3 total findings • Code4rena • deadrxsezzz

#177

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

100x

100x

532.01 USDC • Sherlock • deadrxsezzz

#6

Findings not publicly available for private contests.

Sep '23

Venus Prime

Venus Prime

198.48 USDC • 1 total finding • Code4rena • deadrxsezzz

#20

high

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Aug '23

Cooler Update

Cooler Update

216.31 USDC • 4 total findings • Sherlock • deadrxsezzz

#8

high

If `claimDefaulted` is called before `claimRepaid` all of `loan.unclaimed` will be lost

high

If `loan.callback == true`, lender can force all repayments to revert and force loan into default

medium

Anyone can accept new terms by calling `rollLoan` due to lack of access control.

medium

Lender can front-run `rollLoan` and call `provideNewTermsForRoll` with unfavorable terms

Dopex

Dopex

1,918.25 USDC • 4 total findings • Code4rena • deadrxsezzz

#7

high

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

high

Improper precision of strike price calculation can result in broken protocol

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

medium

reLP() mintokenAAmount the calculations are wrong.

veRWA

veRWA

2,554.76 USDC • 4 total findings • Code4rena • deadrxsezzz

bronze

high

When adding a gauge, its initial value has to be set by an admin or all voting power towards it will be lost

high

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

high

If governance removes a gauge, user's voting power for that gauge will be lost.

medium

Users can front-run calls to `change_gauge_weight` to gain extra voting power

Jun '23

GLIF

GLIF

6,583.96 USDC • Sherlock • deadrxsezzz

bronze

Findings not publicly available for private contests.

May '23

Iron Bank

Iron Bank

1.76 USDC • 2 total findings • Sherlock • deadrxsezzz

#21

medium

Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer

medium

Oracle doesn't check if L2 Arbitrum sequencer is down

Ajna Protocol

Ajna Protocol

253.66 USDC • 1 total finding • Code4rena • deadrxsezzz

#33

medium

Calling `StandardFunding.screeningVote` function and `ExtraordinaryFunding.voteExtraordinary` function when `block.number` equals respective start block and when `block.number` is bigger than respective start block can result in different available votes

Footium

Footium

73.93 USDC • 3 total findings • Sherlock • deadrxsezzz

#26

medium

Use of unsafe `_mint` method

medium

USDT will get permanently stuck in `FootiumPrizeDistributor.sol` and `FootiumEscrow.sol`

medium

Usage of deprecated `transfer` method might lead to lose of funds

Apr '23

Blueberry Update

Blueberry Update

24.17 USDC • 2 total findings • Sherlock • deadrxsezzz

#14

medium

ChainlinkAdapterOracle's getPrice() doesn't check if Arbitrum L2 sequencer is down

medium

Possible stale values from Chainlink oracle

JOJO Exchange

JOJO Exchange

1,306.40 USDC • 1 total finding • Sherlock • deadrxsezzz

#13

medium

Uniswap getting the price from all available pools for certain token pair possesses a risk

Teller

Teller

19.13 USDC • 3 total findings • Sherlock • deadrxsezzz

#47

medium

Lender can steal all of liquidator's tokens

medium

Project breaks when a fee-on-transfer ERC20 is used as collateral

medium

Lenders can steal all of the borrowers tokens.

Frankencoin

Frankencoin

56.5 USDC • 2 total findings • Code4rena • deadrxsezzz

#54

medium

Challengers and bidders can collude together to restrict the minting of position owner

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Mar '23

Gitcoin

Gitcoin

165.25 USDC • Sherlock • deadrxsezzz

#24

Asymmetry contest

Asymmetry contest

13.13 USDC • Code4rena • deadrxsezzz

#110

Kairos Loan

Kairos Loan

519.56 USDC • 1 total finding • Sherlock • deadrxsezzz

#5

medium

If auction price goes to 0, NFT might become unclaimable/ stuck forever

Neo Tokyo contest

Neo Tokyo contest

29.67 USDC • Code4rena • deadrxsezzz

#21