https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

dreamcoder

Security Researcher

Contact Me

High

8

Total

Medium

8

Total

$2.28K

Total Earnings

#1020 All Time

14x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

6x

Top 25

All

Sherlock

Code4rena

CodeHawks

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

0.20 USDC • 1 total finding • Sherlock • dreamcoder

#73

high

Any user can steal refunded tokens by calling claimRefund.

May '25

LEND

LEND

10.82 USDC • 3 total findings • Sherlock • dreamcoder

#85

high

An attacker can steal another user's claim.

high

The first borrower will be able to take funds regardless collateral.

medium

The liquidator's funds will be locked after calling liquidateBorrow.

Audit 507

Audit 507

13.5 USDC • Code4rena • dreamcoder

#31

Mar '25

Forte: Float128 Solidity Library

Forte: Float128 Solidity Library

4.03 USDC • 1 total finding • Code4rena • dreamcoder

#28

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

Crestal Network

Crestal Network

77.24 USDC • 2 total findings • Sherlock • dreamcoder

#4

high

Public payWithERC20 function will make the attacker steal from users.

medium

Incorrect agency logic will render the whitelist logic ineffective.

Feb '25

Core Contracts

Core Contracts

3.29 usdc • 3 total findings • CodeHawks • dreamcoder

#316

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

medium

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • dreamcoder

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

3.58 USDC • 1 total finding • Code4rena • dreamcoder

#16

medium

Ineffective proposal threshold validation allows setting arbitrary high values

Part 2

Part 2

56.20 usdc • 1 total finding • CodeHawks • dreamcoder

#56

medium

`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error

Ignite

Ignite

121.92 usdc • CodeHawks • dreamcoder

#18

Dec '24

SecondSwap

SecondSwap

0 USDC • 1 total finding • Code4rena • dreamcoder

#67

high

Users can claim more that their actual allotment

Chainlink Payment Abstraction

Chainlink Payment Abstraction

1,987.07 USDC • Code4rena • dreamcoder

bronze

Aug '24

Superposition

Superposition

0.63 USDC • 1 total finding • Code4rena • dreamcoder

#33

medium

_onTransferReceived() does not work as intended

Jul '24

Basin

Basin

2.11 USDC • 1 total finding • Code4rena • dreamcoder

#12

high

Incorrectly assigned `decimal1` parameter upon decoding