https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/d7c4d7da-b7a5-440d-8822-d446252723ca.jpg

devtooligan

Security Researcher

blocksec eng @trailofbits buidlr💻 makr🤖 ascii artiste🎨 chief pharmacist @huff_language💊 prev @yield @spearbitDAO

Contact Me

Medium

7

Total

$4.50K

Total Earnings

#780 All Time

6x

Payouts

regular

2x

Top 10

regular

4x

Top 25

regular

6x

Top 50

All

Sherlock

Code4rena

CodeHawks

Dec '24

Tally ARB Staker

Tally ARB Staker

856.59 USDC • Sherlock • devtooligan

#6

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

88.44 USDC • 3 total findings • CodeHawks • devtooligan

#39

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

gas

Critical addresses rely on single-step process

gas

if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();

Sep '22

Art Gobblers contest

Art Gobblers contest

525.56 USDC • 1 total finding • Code4rena • devtooligan

#17

medium

The reveal process could brick if `randProvider` stops working

Aug '22

Sentiment

Sentiment

629.58 USDC • 3 total findings • Sherlock • devtooligan

#15

medium

Account.sweepTokens vulnerable to reentrancy - HIGH

medium

Disallowed collateral can be borrowed or withdrawn against - HIGH

medium

Oracle data feed is insufficiently validated - MEDIUM

Olympus DAO contest

Olympus DAO contest

168.24 USDC • 1 total finding • Code4rena • devtooligan

#47

medium

Heart::beat() could be called several times in one block if no one called it for a some time

Jul '22

Swivel v3 contest

Swivel v3 contest

2,234.68 USDC • 1 total finding • Code4rena • devtooligan

#7

medium

ERC20 Incorrect check on returnedAddress in permit() results in unlimited approval of zero address