https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/51a82c5a-6e33-4b4e-b89a-12e6644b1576.png

dhank

High

35

Total

Medium

37

Total

$140.66K

Total Earnings

#67 All Time

18x

Payouts

gold

1x

1st Places

silver

2x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Feb '25

Liquidity Management

Liquidity Management

1,963.51 usdc • 5 total findings • CodeHawks • dhank

#4

high

Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

high

Loss of fee refund due to premature state deletion in `PerpetualVault::_handleReturn` function

medium

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

medium

new deposits be incorrectly rejected due to false "maxCapReached" errors.

low

Fees not refunded to users on position closed and funds locked/lost

Jan '25

dahlia-protocol

dahlia-protocol

6,317.44 USDC • 2 total findings • Cantina • dhank

bronze

high

Finding not yet public.

medium

Finding not yet public.

Dec '24

story-protocol

story-protocol

113,763.07 USDC • 17 total findings • Cantina • dhank

silver

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

SecondSwap

SecondSwap

91.46 USDC • 2 total findings • Code4rena • dhank

#29

high

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

medium

Creator of one vesting plan can affect vesting plans created by other users.

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • dhank

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Debita Finance V3

Debita Finance V3

360.48 USDC • 4 total findings • Sherlock • dhank

#15

high

TaxTokenReceipt NFT will get stuck in the Auction contract.

high

sold `NFTs` will get stuck in `buyOrder` contract

medium

Inflated fees results in loss of funds for the borrower while extending loan.

medium

Borrower cannot extend his loan due to the incorrect comparison with feePerDay instead of minFee

Oct '24

Usual V1

Usual V1

4,367.29 USDC • 2 total findings • Sherlock • dhank

gold

high

`removeOriginalAllocation()` fails to update the rewards of the insiders.

high

Incorrect fees deducted from totalDeposits in the withdraw().

Kleidi

Kleidi

11,361.46 USDC • 2 total findings • Code4rena • dhank

silver

medium

Wrong handling of call data check indices, forcing it sometimes to revert

medium

UpdateExpirattionPeriod() cannot be execute when the newExpirationPeriod is less than currentExpirationPeriod.

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

72.17 USDC • Sherlock • dhank

#16

ZeroLend One

ZeroLend One

520.42 USDC • 5 total findings • Sherlock • dhank

#18

high

accrueFee() calculates incorrect fees and totalAssets since the pool is not updated to the latest

high

Pool.sol:: Wrongly Implemented getSupplyBalance() , not returning the correct supplied asseets.

high

actualDebtToLiquidate is incorrectly calculated by assigning the share amount instead of the underlying assets , affecting the liquidator.

high

Pool.sol:liquidate()::Since cache.nextDebtShares is not updated prior wrong interest rate is calculated.

high

Pool.sol:liquidate()::LiquidityTaken is not considering the liquidationProtocolFeeAmount while calling updateInterestRate()

Sentiment V2

Sentiment V2

112.47 USDC • 1 total finding • Sherlock • dhank

#32

medium

Protocol lets the asset to accumulate in the SuperPool contract without depsoting to available deposit pools.

Jul '24

TraitForge

TraitForge

0.01 USDC • 4 total findings • Code4rena • dhank

#88

high

Number of entities in generation can surpass the 10k number

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Munchables

Munchables

433.31 USDC • 8 total findings • Code4rena • dhank

#9

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

132.62 USDC • 6 total findings • Sherlock • dhank

#24

high

BribeReward.sol :: User/Owner of a lsNFt is not able to earn bribe rewards since wrong msg.sender is passed.

high

BribeRewarder:: Users cant claim the pendingRewards from the previously closed Periods.

high

Voting.sol :: User can vote even if the lockPeriod has ended for their staked Position.

medium

BribeRewarder.sol: Owner wont be able to add funds on `fees on Transfer` Tokens.

medium

MlumStaking.sol::position.lockMultiplier is wrongly calculated resulting the user to earn less rewards than deserved.

medium

MlumStaking.sol :: Anyone can add to the stakedPosition resulting the lockTime of the actual owner to be extended to undefined time

Jun '24

Size

Size

985.54 USDC • 4 total findings • Code4rena • dhank

#28

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Borrower is not able to compensate his lenders if he is underwater

medium

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Thorchain

Thorchain

137.57 USDC • 1 total finding • Code4rena • dhank

#18

medium

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS

May '24

Munchables

Munchables

28.82 USDC • 8 total findings • Code4rena • dhank

#11

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Sophon Farming Contracts

Sophon Farming Contracts

16.89 USDC • 1 total finding • Sherlock • dhank

#5

medium

Users will not get their deserved rewards once the farming startBlock has changed.