https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

erosjohn

Security Researcher

Contact Me

High

4

Total

Medium

12

Total

$1.06K

Total Earnings

#1302 All Time

6x

Payouts

regular

1x

Top 10

regular

2x

Top 25

regular

2x

Top 50

All

Sherlock

Code4rena

Mar '24

Revert Lend

Revert Lend

21.85 USDC • 2 total findings • Code4rena • erosjohn

#65

medium

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

medium

V3Vault is not ERC-4626 compliant

Feb '24

Spectra

Spectra

80.57 USDC • 1 total finding • Code4rena • erosjohn

#17

medium

PrincipalToken is not ERC-5095 compliant

AI Arena

AI Arena

2.43 USDC • 5 total findings • Code4rena • erosjohn

#153

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Arcadia

Arcadia

760.52 USDC • 1 total finding • Sherlock • erosjohn

#7

medium

LendingPool.sol#donateToTranche is vulnerable to reward hunting attacks through front-running

Salty.IO

Salty.IO

101.8 USDC • 5 total findings • Code4rena • erosjohn

#69

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

medium

No proposal time limit traps sponsors of unpopular proposals

medium

DOS of proposals by abusing ballot names without important parameters

medium

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

medium

Impossible to change managed wallets with `proposeWallets` after first rejection

Curves

Curves

98.27 USDC • 2 total findings • Code4rena • erosjohn

#52

medium

Single token purchase restriction on curve creation enables sniping

medium

onBalanceChange causes previously unclaimed rewards to be cleared