durov

High

Total

Medium

Total

$871.00

Total Earnings

#1344 All Time

19x

Payouts

1x

3rd Places

5x

Top 10

9x

Top 25

All

Sherlock

Jul '25

DeBank

73.64 USDC • Sherlock • durov

#40

May '25

LEND

20.86 USDC • 6 total findings • Sherlock • durov

#70

high

Attackers can steal LEND from the CoreRouter

high

supply() records wrong amount in totalInvestment

high

Users are underpaid when redeeming

high

An attacker can steal most of the assets through borrowing

high

Unfair liquidations can occur

medium

Lack of minimum position size can lead to bad debt for the protocol

LayerEdge - Staking

167.63 USDC • 1 total finding • Sherlock • durov

high

Tier is changed wrongly in some cases

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

12.32 USDC • Sherlock • durov

#46

Symmio, Staking and Vesting

108.05 USDC • 3 total findings • Sherlock • durov

high

Attacker can exploit precision loss in low decimal reward tokens in SymmStaking

medium

Vesting.sol should use onlyInitializing modifier

medium

Attacker will delay rewards distribution

Feb '25

Rova

0.04 USDC • 1 total finding • Sherlock • durov

medium

Wrong check for min/max token allocation in updateParticipation() and wrong value set to userTokens

Jan '25

Aave v3.3

53.19 USDC • Sherlock • durov

#91

Dec '24

Tally ARB Staker

35.63 USDC • Sherlock • durov

#30

Oku's New Order Types Contract Contest

24.99 OP • 4 total findings • Sherlock • durov

#24

high

Malicious users can steal from the protocol and freeze other users' funds

high

Malicious users can drain the protocol by creating multiple orders in one block

high

Not resetting approval after a call lets malicious users steal from the protocol

medium

currentValue() will revert because of a wrongly implemented stale price check

Autonomint Colored Dollar V1

55.52 OP • 6 total findings • Sherlock • durov

#31

high

Borrowers' debt can be higher than expected because calculateCumulativeRate() has no access control and does not update lastEventTime

high

Malicious users can steal USDT from the treasury

high

Malicious users can DOS the protocol by setting downsideProtected to a large value

high

Abond's transferFrom() function updates wrong user state

high

Malicious users can pay less option fees

medium

Malicious users can block admins from accessing setter functions

Nov '24

Ethos Network Financial Contracts

2.47 USDC • 1 total finding • Sherlock • durov

#32

medium

No slippage protection implemented for selling votes in ReputationMarket.sol

Nouns DAO - Auction Streams

20.06 USDC • Sherlock • durov

#50

Debita Finance V3

15.67 USDC • 2 total findings • Sherlock • durov

#48

high

BuyOrder.sol can not return the receipt to buyer

medium

Lenders could lose fees if a loan gets extended

Oct '24

Ethos Network Social Contracts

45.37 USDC • 1 total finding • Sherlock • durov

medium

Compromised accounts can use the profile freely

AXION

111.80 USDC • 1 total finding • Sherlock • durov

#10

medium

V3AMO.sol::boostPrice() will round up the price in some cases

Sep '24

Boost Core Incentive Protocol

76.88 USDC • 2 total findings • Sherlock • durov

#18

high

Incentives' clawback() function is uncallable

medium

Boosts can leave protocol with no fees

Aug '24

Cork Protocol

3.41 USDC • 1 total finding • Sherlock • durov

#17

medium

LVDepositNotPaused() modifier is incorrectly implemented

Winnables Raffles

37.23 USDC • 3 total findings • Sherlock • durov

#19

high

Any user can cancel a raffle before it starts

high

The protocol doesn't properly check a cross-chain message receiver and chain selector

medium

A malicious admin can exploit the system

Apr '24

TITLES Publishing Protocol

6.61 USDC • 2 total findings • Sherlock • durov

#46

high

Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare

high

Incorrect `mintBatch()` logic lets users bypass paying most of the fees