https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/55feba4a-ed99-4488-b544-193d8ffc70bb.jpeg

dod4ufn

Security Researcher

Digital sleuth 🔍 | Rust & Solidity Auditor | Safeguarding the blockchain, one bug at a time.

Contact Me

High

2

Solo

12

Total

Medium

1

Solo

11

Total

$11.71K

Total Earnings

#496 All Time

12x

Payouts

gold

1x

1st Places

silver

2x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Hats Finance

Mar '25

reserve-index-dtfs-solana

reserve-index-dtfs-solana

534.53 USDC • 1 total finding • Cantina • johny37

#15

medium

Finding not yet public.

Feb '25

SEDA Protocol

SEDA Protocol

661.52 USDC • 3 total findings • Sherlock • dod4ufn

#10

high

The verifyBatchSignatures function may trigger an index out-of-range panic for consensus nodes, due to missing lower-bound check

high

Attacker can frontrun unstake calls to manipulate withdrawals

high

postBatch doesn’t check for duplicate signatures resulting in being able to overcome the consensus threshold

Jan '25

Liquid Ron

Liquid Ron

0.03 USDC • 2 total findings • Code4rena • DoD4uFN

#10

high

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

1,707.9 USDC • 2 total findings • Code4rena • DoD4uFN

silver

high

Adversary can win proposals with voting power as low as 4%

medium

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

DAOsis

DAOsis

3,300 wROSE • 4 total findings • Hats • johny37

gold

high

Missing Access Control on burnFrom() Function

high

Missing Handling of Excess Ether in buy() Function

medium

No Time Checks During invest()

low

Potential Duplicate Participant Entries in participants Array

daao-contracts

daao-contracts

143.33 USDC • 5 total findings • Cantina • johny37

#27

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '24

RuneMine by Mine Labs’

RuneMine by Mine Labs’

2,129.47 USDC • Sherlock • dod4ufn

#5

Findings not publicly available for private contests.

Oct '24

Dria

Dria

38.22 USDC • 5 total findings • CodeHawks • johny7173

#33

medium

Platform fees withdrawal will sweep oracle agents earned fees

medium

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

medium

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

low

Lack of output validation in `LLMOracleCoordinator::respond` allows empty responses and potential fee exploitation by oracles.

low

`LLMOracleCoordinator::request` lacks a check for non-empty `task.input`, making `assertValidNonce` easier to pass due to reduced uniqueness

Orderly Solana Vault Contract

Orderly Solana Vault Contract

1,997.97 USDC • 2 total findings • Sherlock • dod4ufn

bronze

high

Actor can frontrun lz_receive and steal users’ withdrawal

high

User will be able to use any deposit_token to bridge usdc

Sep '24

WOOFi Swap on Solana

WOOFi Swap on Solana

101.15 USDC • 1 total finding • Sherlock • dod4ufn

#6

medium

Possible DOS of pools leading

Accumulated finance

Accumulated finance

1,100 wROSE • 1 total finding • Hats • johny37

silver

low

Potential Front-Running and DoS Vulnerabilities due to EIP-2612 Usage

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

0.08 USDC • 1 total finding • Sherlock • dod4ufn

#64

medium

Fee on transfer tokens will result in user losses