Security Researcher
High
Total
Medium
Total Earnings
#1020 All Time
Payouts
3rd Places
Top 10
Top 25
All
Sherlock
Code4rena
CodeHawks
Jun '25
0.20 USDC • 1 total finding • Sherlock • dreamcoder
#73
high
Any user can steal refunded tokens by calling claimRefund.
May '25
10.82 USDC • 3 total findings • Sherlock • dreamcoder
#85
An attacker can steal another user's claim.
The first borrower will be able to take funds regardless collateral.
medium
The liquidator's funds will be locked after calling liquidateBorrow.
13.5 USDC • Code4rena • dreamcoder
#31
Mar '25
4.03 USDC • 1 total finding • Code4rena • dreamcoder
#28
Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs
77.24 USDC • 2 total findings • Sherlock • dreamcoder
#4
Public payWithERC20 function will make the attacker steal from users.
Incorrect agency logic will render the whitelist logic ineffective.
Feb '25
3.29 usdc • 3 total findings • CodeHawks • dreamcoder
#316
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter
Flawed Boost Multiplier Calculation Always Yields Maximum Boost
Jan '25
0 USDC • 1 total finding • Code4rena • dreamcoder
#12
Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions
3.58 USDC • 1 total finding • Code4rena • dreamcoder
#16
Ineffective proposal threshold validation allows setting arbitrary high values
56.20 usdc • 1 total finding • CodeHawks • dreamcoder
#56
`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error
121.92 usdc • CodeHawks • dreamcoder
#18
Dec '24
#67
Users can claim more that their actual allotment
1,987.07 USDC • Code4rena • dreamcoder
Aug '24
0.63 USDC • 1 total finding • Code4rena • dreamcoder
#33
_onTransferReceived() does not work as intended
Jul '24
2.11 USDC • 1 total finding • Code4rena • dreamcoder
Incorrectly assigned `decimal1` parameter upon decoding