https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

djxploit

Security Researcher

Contact Me

High

7

Total

Medium

18

Total

$7.53K

Total Earnings

#659 All Time

39x

Payouts

regular

1x

Top 10

regular

8x

Top 25

regular

28x

Top 50

All

Sherlock

Code4rena

CodeHawks

Immunefi

Apr '24

DYAD

DYAD

0.02 USDC • 1 total finding • Code4rena • djxploit

#114

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Mar '24

Acala

Acala

908.39 USDC • 2 total findings • Code4rena • djxploit

#8

medium

Claiming rewards while the deduction rate is != 0, allows for repeated withdrawal of redistributed rewards

medium

Incentive accumulation can be sandwiched with additional shares to gain advantage over long-term depositors

Feb '24

Audit Comp | ZeroLend

Audit Comp | ZeroLend

293 USDC • 1 total finding • Immunefi • djxploit

#21

medium

Finding not yet public.

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

800 USDC • 2 total findings • Immunefi • djxploit

#17

low

Finding not yet public.

low

Finding not yet public.

AI Arena

AI Arena

126.41 USDC • 6 total findings • Code4rena • djxploit

#43

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Salty.IO

Salty.IO

126.72 USDC • 4 total findings • Code4rena • djxploit

#61

high

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

formPOL lacks slippage and deadline protection

medium

If there is only one USDS borrower, he can never be liquidated

Curves

Curves

0 USDC • 1 total finding • Code4rena • djxploit

#137

high

Unauthorized Access to setCurves Function

Dec '23

The Standard

The Standard

6.55 USDC • 3 total findings • CodeHawks • djxploit

#71

medium

Missing deadline check allow pending transactions to be maliciously executed

low

`costInEuros` calculation will incur precision loss due to division before multiplication

low

Lack of Minimum Amount Check in `SmartVaultV3::mint`, `SmartVaultV3::burn`, and `SmartVaultV3::swap` Can Result in Loss of Fees

Jun '23

Stader Labs

Stader Labs

102.27 USDC • 1 total finding • Code4rena • djxploit

#29

medium

`pause/unpause` functionnalities not implemented in many pausable contracts

May '23

Footium

Footium

0.01 USDC • 1 total finding • Sherlock • djxploit

#32

medium

Return value of `transfer` function is not checked which leads to false claim and lost prize

Mar '23

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

19.87 USDC • 1 total finding • Code4rena • djxploit

#28

medium

Bio Protocol - `tokenURI` JSON injection

Nov '22

SIZE contest

SIZE contest

203.7 USDC • 1 total finding • Code4rena • djxploit

#18

medium

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack

Debt DAO contest

Debt DAO contest

61.35 USDC • Code4rena • djxploit

#51

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • djxploit

#30

Inverse Finance contest

Inverse Finance contest

1,548.42 USDC • 2 total findings • Code4rena • djxploit

#11

medium

`repay` function can be DOSed

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Holograph contest

Holograph contest

55.67 USDC • Code4rena • djxploit

#37

3xcalibur contest

3xcalibur contest

34.98 USDC • Code4rena • djxploit

#33

Trader Joe v2 contest

Trader Joe v2 contest

0.01 USDC • 1 total finding • Code4rena • djxploit

#33

medium

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit

Sep '22

VTVL contest

VTVL contest

144.65 USDC • 1 total finding • Code4rena • djxploit

#36

medium

Variable balance token causing fund lock and loss

Art Gobblers contest

Art Gobblers contest

123.86 USDC • Code4rena • djxploit

#19

Y2k Finance contest

Y2k Finance contest

52.8 USDC • Code4rena • djxploit

#50

PartyDAO contest

PartyDAO contest

117.7 USDC • Code4rena • djxploit

#47

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.58 USDC • Code4rena • djxploit

#14

Nouns Builder contest

Nouns Builder contest

107.03 USDC • Code4rena • djxploit

#81

Aug '22

Olympus DAO contest

Olympus DAO contest

944.33 USDC • 1 total finding • Code4rena • djxploit

#24

medium

Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss

Nouns DAO contest

Nouns DAO contest

52.1 USDC • Code4rena • djxploit

#38

FIAT DAO veFDT contest

FIAT DAO veFDT contest

44.84 USDC • Code4rena • djxploit

#62

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

67 USDC • Code4rena • djxploit

#56

Rigor Protocol contest

Rigor Protocol contest

62.34 USDC • Code4rena • djxploit

#65

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

88.01 USDC • Code4rena • djxploit

#33

Golom contest

Golom contest

186.66 USDC • Code4rena • djxploit

#57

Fractional v2 contest

Fractional v2 contest

37.47 USDC • Code4rena • djxploit

#100

Juicebox V2 contest

Juicebox V2 contest

127.43 USDC • Code4rena • djxploit

#50

Jun '22

Notional x Index Coop

Notional x Index Coop

47.42 USDC • Code4rena • djxploit

#44

May '22

Backd Tokenomics contest

Backd Tokenomics contest

62.68 USDC • Code4rena • djxploit

#34

Velodrome Finance contest

Velodrome Finance contest

151.79 USDC • Code4rena • djxploit

#38

OpenSea Seaport contest

OpenSea Seaport contest

611.29 USDC • Code4rena • djxploit

#35

Cally contest

Cally contest

86.43 USDC • Code4rena • djxploit

#45

Apr '22

xTRIBE contest

xTRIBE contest

66.32 USDC • Code4rena • djxploit

#39