https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/269d0166-e75f-469f-bb4b-6e6a67e38bd2.jpg

farismaulana

Security Researcher

achieving serenity | independent security researcher

Contact Me

High

Total

Medium

Total

$1.66K

Total Earnings

#1066 All Time

11x

Payouts

1x

2nd Places

2x

Top 10

5x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

Crestal Network

0.01 USDC • 1 total finding • Sherlock • farismaulana

#12

high

Anyone who is approving `BlueprintV5` contract to spend ERC20 can get drained because `Payment::payWithERC20`

Symmio, Staking and Vesting

77.25 USDC • 3 total findings • Sherlock • farismaulana

high

Attacker can halt staking reward by frequently calling core function that later would call `SymmStaking::_updateRewardsStates`

medium

User can experience DoS when calling `SymmVesting::addLiquidity` second time after some duration

medium

Attacker can reset remaining reward duration to default duration by calling `SymmStaking::notifyRewardAmount` and providing dust amount as additional reward

Feb '25

Rova

1,178.25 USDC • 1 total finding • Sherlock • farismaulana

medium

`Launch::updateParticipation` incorrectly update the total tokens requested for user by the `currencyAmount`

Jan '25

daao-contracts

64.87 USDC • 5 total findings • Cantina • farismaulana

#51

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Plaza Finance

7.80 USDC • 6 total findings • Sherlock • farismaulana

#78

high

Incorrect fee calculation when protocol call `Pool::claimFees` resulting really small amount of fees

high

`Auction::endAuction` would always fail

medium

USDC Blacklisted address can DoS new bid in `Auction.sol`

medium

Failed auction period still update `sharesPerToken` like it is succeed

medium

`Auction::endAuction` result can be manipulated

medium

Stuck fund if `BalancerRouter::joinBalancerAndPredeposit` amount of `balancerPoolTokenReceived` is higher than the current unfulfilled deposit cap in `PreDeposit`

Dec '24

SecondSwap

75.99 USDC • 3 total findings • Code4rena • farismaulana

#35

high

Users can claim more that their actual allotment

medium

Missing sellable check in completePurchase will cause a user to buy a token marked as unsellable by S2ADMIN if it was listed beforehand

medium

Listing potential can not be purchased with discounted price

Lambo.win

0.3 USDC • 2 total findings • Code4rena • farismaulana

#35

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

medium

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Nov '24

Ethos Network Financial Contracts

157.98 USDC • 2 total findings • Sherlock • farismaulana

#20

high

Inaccurate `marketFunds` update in `ReputationMarket::buyVotes` will makes the market funds not reflected correctly

medium

`EthosVouch::unvouch` allows the accused avoid slashing during the accusation period

Debita Finance V3

69.43 USDC • 2 total findings • Sherlock • farismaulana

#35

medium

Borrower can not `extendLoan` if the `maxDuration` is under 5 days due to underflow

medium

Anyone can call `DLOFactory::deleteOrder` multiple times to delete others lend offer from contracts state

Project

13.64 USDC • 1 total finding • CodeHawks • farismaulana

#20

low

Lack of Validation for `tierConfigs[i].minted` Value in New Tiers During DAO Membership Update

Aug '24

Phi

9.46 USDC • 2 total findings • Code4rena • farismaulana

#46

high

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

medium

Refunds sent to incorrect addresses in certain cases