https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/0be63ce4-4ec1-4295-8c30-958cefae92c4.jpg

deth

Security Researcher

Smart Contract Auditor/Researcher I help secure the web3 space.

Contact Me

High

3

Solo

44

Total

Medium

1

Solo

69

Total

$143.14K

Total Earnings

#73 All Time

38x

Payouts

gold

7x

1st Places

silver

3x

2nd Places

bronze

3x

3rd Places

All

Sherlock

Code4rena

CodeHawks

Hats Finance

Jun '26

Qiro Vault June 15th 2026

Qiro Vault June 15th 2026

Collaborative Audit • Sherlock • deth

Blend Money - June 10th 2026

Blend Money - June 10th 2026

Collaborative Audit • Sherlock • deth

May '26

Arche Money May 6th 2026

Arche Money May 6th 2026

Collaborative Audit • Sherlock • deth

Apr '26

Genius Terminal  - Apr 6th 2026

Genius Terminal - Apr 6th 2026

Collaborative Audit • Sherlock • deth

Mar '26

Rain

Rain

525 USDC • Sherlock • EgisSecurity

gold

Findings not publicly available for private contests.

Feb '26

HeyElsa February 2nd

HeyElsa February 2nd

Collaborative Audit • Sherlock • deth

Jan '26

Metrom - Jan 8th

Metrom - Jan 8th

Collaborative Audit • Sherlock • deth

HeyElsa OFTadapter Diff Audit - Jan 6th

HeyElsa OFTadapter Diff Audit - Jan 6th

Collaborative Audit • Sherlock • deth

Dec '25

M^0 Multichain V2 Dec 8th

M^0 Multichain V2 Dec 8th

Collaborative Audit • Sherlock • EgisSecurity

Oct '25

Inverse Finance - Oct 13th

Inverse Finance - Oct 13th

Collaborative Audit • Sherlock • EgisSecurity

TokenPlay - Oct 10th

TokenPlay - Oct 10th

Collaborative Audit • Sherlock • EgisSecurity

Sep '25

Prodigy Finance - Sept 29th

Prodigy Finance - Sept 29th

Collaborative Audit • Sherlock • deth

Summer.fi - governance v2

Summer.fi - governance v2

17,178.37 USDC • 2 total findings • Sherlock • EgisSecurity

silver

medium

`rewardPerToken` can round down 0, losing rewards for users

medium

Satellite chains can't execute `onlyGovernance` functions

Jul '25

Allbridge Core Yield

Allbridge Core Yield

6,199.73 USDC • 2 total findings • Sherlock • EgisSecurity

gold

medium

PortfolioToken::deposit is vulnerable to reverse LP sandwich attacks

medium

First depositor can inflate the real amounts

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

13,140.59 USDC • 10 total findings • Sherlock • EgisSecurity

#8

high

Users can steal funds meant for refunds through `_doMixSwap`

high

Users can steal funds meant for refunds using a `decoded.targetZRC20`

high

Anyone can steal a refund from Solana

medium

Zeta Chain contracts doesn't check source sender, which results in compromised instructions

medium

`GatewayTransferNative::onCall` don't decrease `amount` when platform fee is deducted

medium

Revert transaction from BTC will refund funds to a random address

medium

`AccountEncoder::decompressAccounts` does not decode `isWritable` correctly

medium

GatewayTransferNative::withdraw - The function is public and can be called by anyone

medium

`_existsPairPool` has flawed design, which allows for an attacker to control

medium

`_swapAndSendERC20Tokens` has no slippage protection

Feb '25

Stealth

Stealth

37,000 USDC • Sherlock • EgisSecurity

gold

Findings not publicly available for private contests.

Dec '24

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

95.75 OP • 4 total findings • Sherlock • EgisSecurity

#23

high

borrowing::liquidate - `lastEventTime` isn't updated after `calculateCumulativeRate` is called

high

`GlobalVariables` may be compromised, if there are concurrent in-flight messages

medium

borrowing::depositTokens - `calculateCumulativeRate` is called after borrower has been added

medium

borrowing::_withdraw - `lastEventTime` is updated before calling `calculateCumulativeRate`

Nov '24

MANTRA DEX

MANTRA DEX

898.2 USDC • 6 total findings • Code4rena • Egis_Security

#11

high

Attackers can force the rewards to be stuck in the contract with malicious `x/tokenfactory` denoms

high

Logical error in `validate_fees_are_paid` can cause a DoS or allow users to bypass fees if `denom_creation_fee` includes multiple coins including `pool_creation_fee` and the user attempts to pay all fees using only `pool_creation_fee`

medium

When a user single-side deposit into a pool, slippage protection is invalid

medium

`withdraw_liquidity` lacks slippage protection

medium

Single sided liquidity can't be used to lock LP tokens in the farm manager

medium

Penalty fees can be shared among future farms or expired farms, risks of exploits

MANTRA Chain

MANTRA Chain

1,890.14 USDC • 3 total findings • Code4rena • Egis_Security

#5

high

Unspent gas fees are always refunded to the `FeePayer()` which leads to incorrect refunds if the `FeeGranter()` paid for the fees

high

Potentially sensitive issue - disclosed privately

medium

`xfeemarket` module is not wired up, resulting in non-working CLI commands, message server, genesis export

Concrete

Concrete

76.17 USDC • Code4rena • Egis_Security

#66

Aug '24

ZeroLend One

ZeroLend One

12.11 USDC • 1 total finding • Sherlock • EgisSecurity

#43

medium

Positions, which are using assets with large heartbeat may accrue bad debt

Sentiment V2

Sentiment V2

1,153.21 USDC • 9 total findings • Sherlock • EgisSecurity

#10

high

Exploiter can always bypass `LIQUIDATION_DISCOUNT` and always seize all collateral

medium

Exploiter can force user into unhealthy condition and liquidate him

medium

SuperPoolFactory

medium

Under certain circumstances bad debt will cause first depositor to lose funds

medium

Pool::liquidate()

medium

`SuperPool` has a `togglePause` function, but lack `whenNotPaused` modifier

medium

Liquidators won't have incentive to repay positions under some conditions

medium

`SuperPool#convertToShares` violates ERC4626

medium

Use can grief `SuperPool#reallocate` for USDT because it doesn't use `forceApprove`

Jul '24

Basin

Basin

19,171.68 USDC • 3 total findings • Code4rena • Egis_Security

gold

high

`WellUpgradeable` can be upgraded by anyone

medium

Stable2LUT1::getRatiosFromPriceLiquidity - In extreme cases, `updateReserve` will start breaking

medium

For extreme ratios getRatiosFromPriceSwap will return data for which is impossible to converge into a reserve

CCIP v1.5

CCIP v1.5

12,254.76 USDC • CodeHawks • EgisSecurity

silver

Jun '24

Palmera

Palmera

1,600 USDC • 2 total findings • Hats • EgisSecurity

bronze

high

Malicious users can front-run host users safe management actions and add those safes as root for wrong org

medium

Safe owner/s can prevent being removed from organization by indefinitely increasing their child array

Inverter Network

Inverter Network

7,500 UMA • Hats • deth

bronze

May '24

Sophon Farming Contracts

Sophon Farming Contracts

2,985.94 USDC • 3 total findings • Sherlock • EgisSecurity

gold

high

Many cases `stEth::transferFrom` will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance

high

Loss of funds when deposit flow uses `_ethTOeEth`, because deposit amount is not handled correctly

medium

SophonFarming.sol

Gamma - Locked Staking Contract

Gamma - Locked Staking Contract

133.81 USDC • 1 total finding • Sherlock • EgisSecurity

bronze

medium

Malicious actor can use block stuffing to force staker into another cycle

Sablier

Sablier

11,001.90 USDC • 4 total findings • CodeHawks • EgisSecurity

gold

medium

Insufficient input validation on `SablierV2NFTDescriptor::safeAssetSymbol` allows an attacker to obtain stored XSS

medium

The overflow in the `_calculateStreamedAmount` function can lead to unexpected results.

medium

`SablierV2Lockup.sol` - The caller of withdraw and renounce can skip callbacks, by sending less gas

medium

Use of CREATE method is suspicious of reorg attack

Apr '24

Teller Finance

Teller Finance

3,871.54 USDC • 16 total findings • Sherlock • EgisSecurity

gold

high

`LenderCommitmentGroup_Smart.sol::burnSharesToWithdrawEarnings` steal previous depositors funds

high

TellerV2.sol

high

LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()

high

LenderCommitmentGroup_Smart.sol

high

LenderCommitmentGroup_Smart.sol

high

LenderCommitmentGroup_Smart.sol#getCollateralRequiredForPrincipalAmount()

high

If `repayLoanCallback` address doesn't implement `repayLoanCallback` try/catch won't go into the catch and will revert the tx

high

Unchecked `transferFrom` value may lead to borrower falsy repaying loan

high

`LendderCommitmentGroup::_calculateCollateralTokensAmountEq` may be manipulated

high

LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()

medium

User can easily DoS `FlashRolloverLoan_G5` for USDT loans

medium

__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2

medium

TellerV2.sol#lenderAcceptBid()

medium

`FlashRolloverLoan_G5::_acceptCommitment` with `smartCommitmentAddress` uses wrong signature

medium

LenderCommitmentGroup_Smart.sol#_generateTokenNameAndSymbol()

medium

LenderCommitmentGroup_Smart.sol#__valueOfUnderlying()

DYAD

DYAD

485.93 USDC • 10 total findings • Code4rena • Egis_Security

#20

high

Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

User can get their Kerosene stuck because of an invalid check on withdraw

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

`VaultManagerV2.sol::burnDyad` function is missing an `isDNftOwner` modifier, allowing a user to burn another user's minted DYAD

medium

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

medium

No incentive to liquidate small positions could result in protocol going underwater

medium

Value of kerosene can be manipulated to force liquidate users

medium

Incorrect deployment / missing contract will break functionality

Feb '24

Jala Swap

Jala Swap

618.45 USDC • 2 total findings • Sherlock • deth

#4

medium

JalaRouter02.sol

medium

JalaPair.sol#_update()

Tokemak

Tokemak

180 USDC • 1 total finding • Hats • deth

#12

high

LMPStrategy.sol#getRebalanceVaueStats() - Assumes that LMPVault token decimals are 18, which leads to incorrect accounting

Rio Network

Rio Network

38.85 USDC • 2 total findings • Sherlock • deth

#29

high

RioLRTWithdrawalQueue.sol#settleEpochFromEigenLayer()

medium

Asset.sol#transferETH()

Jan '24

Arcadia

Arcadia

36.24 USDC • 1 total finding • Sherlock • deth

#8

medium

AbstractStakingAM.sol#_getRewardBalances()

Decent

Decent

955.55 USDC • 4 total findings • Code4rena • deth

#8

high

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

high

Users will lose their cross-chain transaction if the destination router do not have enough WETH reserves.

high

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

medium

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Dec '23

Revolution Protocol

Revolution Protocol

113.04 USDC • 4 total findings • Code4rena • deth

#43

medium

The quorumVotes can be bypassed

medium

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

medium

Bidder can use donations to get VerbsToken from auction that already ended.

medium

It may be possible to DoS AuctionHouse by specifying malicious creators

Ethereum Credit Guild

Ethereum Credit Guild

85.84 USDC • 1 total finding • Code4rena • deth

#67

medium

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

Nov '23

Wasabi-Solana

Wasabi-Solana

Collaborative Audit • Sherlock • EgisSecurity

Kelp DAO | rsETH

Kelp DAO | rsETH

983.25 USDC • 3 total findings • Code4rena • deth

#7

high

The price of rsEHT could be manipulated by the first staker

high

Possible arbitrage from Chainlink price discrepancy

medium

Update in strategy will cause wrong issuance of shares

Oct '23

The Wildcat Protocol

The Wildcat Protocol

407.94 USDC • 4 total findings • Code4rena • deth

#21

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrower can drain all funds of a sanctioned lender

medium

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

medium

`collectFees()` updates delinquency wrongly as `_writeState()` is called before assets are transferred

Sep '23

Venus Prime

Venus Prime

166.82 USDC • 1 total finding • Code4rena • deth

#23

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

Centrifuge

Centrifuge

50.43 USDC • 1 total finding • Code4rena • deth

#31

medium

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

Aug '23

Cooler Update

Cooler Update

1,985.85 USDC • 2 total findings • Sherlock • deth

silver

high

Clearinghouse.sol#claimDefaulted()

medium

Cooler.sol#provideNewTermsForRoll()

Sparkn

Sparkn

5.30 USDC • 2 total findings • CodeHawks • 0xdeth

#75

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Centralization Risk for trusted organizers

veRWA

veRWA

9.82 USDC • Code4rena • deth

#52

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

65.83 USDC • 8 total findings • CodeHawks • 0xdeth

#57

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Using forged/fake lending pools to steal any loan opening for auction

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Single-step process for critical ownership transfer is risky

medium

Lender contract can be drained by re-entrancy in `seizeLoan`

medium

Rounding error leads to borrowing loans without paying interest

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

0.00 USDC • 1 total finding • CodeHawks • 0xdeth

#163

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

251.23 USDC • 2 total findings • CodeHawks • 0xdeth

#26

medium

Fee-on-transfer tokens aren't supported

gas

`tokenContract`is always an unsafe input, for fairness, it is recommended to add a whitelist for token

Amphora Protocol

Amphora Protocol

9.43 USDC • Code4rena • deth

#23