https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0cee6868-2a31-420e-8aff-6c0656c3f624.png

fibonacci

security researcher

Contact Me

High

10

Total

Medium

16

Total

$10.07K

Total Earnings

#545 All Time

13x

Payouts

silver

1x

2nd Places

regular

7x

Top 10

regular

10x

Top 25

All

Sherlock

Code4rena

Jan '25

Peapods

Peapods

3,038.24 USDC • 2 total findings • Sherlock • fibonacci

#6

high

Pod DoS if the LEAVE_AS_PAIRED_LP_TOKEN option is enabled

medium

Users may lose their rewards when a reward token is paused

Aug '24

Axelar Network

Axelar Network

0 USDC • Code4rena • fibonacci

#9

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

0.48 USDC • 1 total finding • Sherlock • fibonacci

#63

medium

Incorrect validation in `MlumStaking::_requireOnlyOperatorOrOwnerOf`

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

281.76 USDC • 4 total findings • Sherlock • fibonacci

#16

medium

TitleGraph cannot be upgraded

medium

Owner and admin roles in TitlesGraph are not initialized

medium

TitlesGraph's acknowledge/unacknowledge edge functions are vulnerable to signature malleability

medium

TitlesGraph's acknowledge/unacknowledge edge functions DoS

Mar '24

Optimism Fault Proofs

Optimism Fault Proofs

2,203.02 USDC • 1 total finding • Sherlock • fibonacci

#6

medium

DisputeGameFactory DoS due to incorrect extra data

Feb '24

Jala Swap

Jala Swap

255.08 USDC • 1 total finding • Sherlock • fibonacci

#6

medium

JalaPair potential permanent DoS due to overflow

Rio Network

Rio Network

824.77 USDC • 1 total finding • Sherlock • fibonacci

#19

medium

RioLRTIssuer::issueLRT reverts if deposit asset's approve method doesn't return a bool

Jan '24

Olympus On-Chain Governance

Olympus On-Chain Governance

663.81 USDC • 2 total findings • Sherlock • fibonacci

#5

medium

It's not possible to vote because the `GovernorBravoDelegate::castVoteInternal` function always fails

medium

The `_isHighRiskProposal` check can be bypassed by appending additional garbage data to the call

LooksRare YOLO

LooksRare YOLO

17.38 USDC • 1 total finding • Sherlock • fibonacci

#7

high

`YoloV2::depositETHIntoMultipleRounds` allows for zero amount deposits

Telcoin Platform Audit

Telcoin Platform Audit

1,868.93 USDC • 4 total findings • Sherlock • fibonacci

silver

high

`StakingRewardsManager`: incorrect `StakingRewards` contracts top up

high

`CouncilMember`: minting a new token is not possible after burning

high

`CouncilMember`: execution of withdrawal always reverts due to incorrect parameter passed

medium

The `CouncilMember` contract DoS due to the `_retrieve` function revert

Oct '23

NextGen

NextGen

558.22 USDC • 4 total findings • Code4rena • fibonacci

#26

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

high

Multiple mints can brick any form of `salesOption` 3 mintings

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Open Dollar

Open Dollar

62.49 USDC • 1 total finding • Code4rena • fibonacci

#41

medium

Due to extremely short `votingDelay` and `votingPeriod`, governance is practically impossible.

Sep '23

Allo V2

Allo V2

293.68 USDC • 4 total findings • Sherlock • fibonacci

#25

high

RFPSimpleStrategy setPoolActive function has no onlyPoolManager modifier

high

QVSimpleStrategy allocator can use unlimited voice credits

medium

RFPSimpleStrategy milestones can be set multiple times

medium

Recipient registration always fails when RFPSimpleStrategy uses registry anchor