Security Researcher
💎 love to play with smart contracts logic 🕵️|💎 Embracing the future of Web 3.0 with zk|
High
Total
Medium
Solo
Total
Total Earnings
#64 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Cantina
CodeHawks
Immunefi
Dec '24
high
Nov '24
medium
Oct '24
high
medium
medium
Sep '24
high
medium
Aug '24
high
Jul '24
high
high
high
medium
medium
medium
medium
medium
medium
low
Jun '24
high
Risk of Overpayment Due to Race Condition Between repay and liquidateWithReplacement Transactions
high
Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect
medium
Fragmentation fee is not taken if user compensates with newly created position
medium
Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment
medium
Users can not to buy/sell minimum credit allowed due to exactAmountIn condition
medium
Multicall does not work as intended
medium
withdraw() users may can't withdraw underlyingBorrowToken properly
May '24
high
Unfair Manipulation of Winning Chances Due to Stolen Yield on `Blast`
medium
`PUSH0` opcode Is Not Supported on Linea yet
medium
Potential ETH Loss Due to transfer Usage in Requestor Contract on `zkSync`
medium
Claimers Cannot Claim Prizes When Last Tier Liquidity is 0, Preventing Winners from Receiving Their Prizes
medium
medium
medium
Apr '24
Jan '24
high
high
medium
medium
medium
medium
medium
medium
medium
medium
Dec '23
high
Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds
medium
Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution
medium
Removing assets in the `TokenManager` leads to major issues
high
A user can steal an already transfered and bridged reSDL lock because of approval
high
Not Update Rewards in `handleIncomingUpdate` Function of `SDLPoolPrimary` Leads to Incorrect Reward Calculations
medium
A user can lose funds in `sdlPoolSecondary` if tries to add more sdl tokens to a lock that has been queued to be completely withdrawn
Nov '23
high
medium
medium
medium
medium
medium
Oct '23
high
try-catch does not store the state when it is reverted
high
`GMXVault` can be blocked by a malicious actor
high
User can revert processWithdraw
high
Incorrect slippage protection on deposits
medium
Setter functions for core GMX contracts
medium
`emergencyClose()` may fail to repay any debt
medium
Strategy Vault stuck at `withdraw_failed` status if the deposit to `GMX` get Cancelled
medium
incorrect handling of compound cancelation lead vault to stuck at `compound_failed` status
medium
incorrect handling for deposit failure leads to stuck at `deposit_failed` status .
medium
depositors face immediate loss in case `equity = 0`
medium
Front-Run Attacks Due Slippage Mishandling Lead to Total Losses For Depositors
Sep '23
high
Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id
high
New orders can overwrite active orders when order id reaches 65000
medium
Possible DOS on deposit(), withdraw() and unstake() for BridgeReth, leading to user loss of funds
medium
Gas Limit Exploitation and Order Book Blockage Due to High-Priced Bids
low
If the dao removes a bridge, user's deposited tokens for that bridge will be lost.
low
Instant arbitrage opportunity through rETH and stETH price discrepancy
low
Event in secondaryLiquidation could be misused to show false liquidations
Jul '23