https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/9840ef2c-619e-43ed-941c-5820235cbd47.jpg

eLSeR17

Security Researcher

Looking for bugs anywhere :D

Contact Me

High

Total

Medium

Total

$8.00K

Total Earnings

#600 All Time

8x

Payouts

2x

3rd Places

3x

Top 10

4x

Top 25

All

Sherlock

Mar '25

Crestal Network

77.24 USDC • 2 total findings • Sherlock • eLSeR17

high

Payment.payWithERC20() function allows any user to steal ERC20 tokens approved for Blueprint contract

medium

Whitelist used for agent creation can be easily bypassed

Feb '25

Yieldoor

29.53 USDC • 1 total finding • Sherlock • eLSeR17

#21

high

Strategy.collectFees() will not correctly claim the fees of VestingPosition

Rova

0.04 USDC • 1 total finding • Sherlock • eLSeR17

medium

Launch.updateParticipation() incorrectly updates launchTokens allocated for user

Jan '25

Plaza Finance

0.23 USDC • 1 total finding • Sherlock • eLSeR17

#99

medium

Malicious bidder can get blacklisted to prevent other users from bidding

Nov '24

Ethos Network Financial Contracts

55.83 USDC • 1 total finding • Sherlock • eLSeR17

#30

medium

Wrong fee calculation and distribution when creating or increasing a Vouch

Telcoin Update #2

0.04 USDC • Sherlock • eLSeR17

#56

Sep '24

Boost Core Incentive Protocol

7,840.68 USDC • 1 total finding • Sherlock • eLSeR17

high

IncentiveBits.setOrThrow() will revert, leading to a DoS

Jul '24

MagicSea - the native DEX on the IotaEVM

0.48 USDC • 1 total finding • Sherlock • eLSeR17

#63

medium

_requireOnlyApprovedOrOwnerOf() reverts if approved by using ERC721Upgradeable.setApprovalForAll()