https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/93f4c67e-bfb2-4072-8843-ca9b4c903d3d.jpg

denzi_

Security Researcher

Security Researcher

Contact Me

High

17

Total

Medium

14

Total

$5.46K

Total Earnings

#725 All Time

14x

Payouts

bronze

2x

3rd Places

regular

3x

Top 10

regular

8x

Top 25

All

Sherlock

Code4rena

Cantina

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

43.88 USDC • Sherlock • denzi_

#29

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • denzi_

bronze

medium

Token Accounting Mismatch in updateParticipation() function

Dec '24

story-protocol

story-protocol

1,567.86 USDC • 2 total findings • Cantina • Denzi

#51

high

Finding not yet public.

medium

Finding not yet public.

Oct '24

mev-commit

mev-commit

1,933.58 USDC • 6 total findings • Cantina • Denzi

#10

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

421.97 USDC • 2 total findings • Sherlock • denzi_

#11

medium

Weak PRNG in `ERC20Incentive::drawRaffle()`

medium

The incentive contracts are not compatible with rebasing/deflationary/inflationary tokens

Aug '24

ZeroLend One

ZeroLend One

497.81 USDC • 3 total findings • Sherlock • denzi_

#20

high

Incorrect Calculation of Assets in `getSupplyBalance()` and `getDebtBalance()` inside `PositionBalanceConfiguration.sol`

medium

Repaying function will revert in most cases

medium

setReserveFactor() does not call updateState() before setting new reserveFactor

Winnables Raffles

Winnables Raffles

4.13 USDC • 2 total findings • Sherlock • denzi_

#33

high

Denial of Service Vulnerability in Raffle Cancellation Logic

medium

Irreversible Role Assignment in Roles.sol

Jul '24

TraitForge

TraitForge

0.01 USDC • 2 total findings • Code4rena • denzi_

#88

high

Number of entities in generation can surpass the 10k number

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

159.16 USDC • 2 total findings • Sherlock • denzi_

#11

high

Usage of hardcoded 0 as limit in _sellStakedUSDe() function allows for sandwich opportunities.

high

`minAmountOut` set to 0 in `_redeemPT()` can cause loss of funds through redemption

May '24

Gamma - Locked Staking Contract

Gamma - Locked Staking Contract

133.81 USDC • 1 total finding • Sherlock • denzi_

bronze

medium

No deadline protection in functions `earlyExitById()` amd `exitLateById()` can cause bigger penalties or cooldown periods for the user.

Apr '24

Zivoe

Zivoe

685.58 USDC • 3 total findings • Sherlock • denzi_

#18

high

Incorrect Updation of _checkpoints[account] in `ZivoeRewardsVesting::revokeVestingSchedule()` can mess up accounting of votes

high

Potential loss of rewards and incorrect account of _totalSupply if the user executes `withdraw()` before being revoked

medium

On combining loans, the new calculated APR rounds down causing the user to pay less interest

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

0.81 USDC • Sherlock • denzi_

#45

Zap Protocol

Zap Protocol

9.97 USDC • 1 total finding • Sherlock • denzi_

#12

high

`Vesting.sol::claim()` does not follow CEI making the function susceptible to Reentrancy Attacks.

Feb '24

AI Arena

AI Arena

5.38 USDC • 6 total findings • Code4rena • denzi_

#134

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element