https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/be8397d0-1850-4e64-8c79-d393ecce424f.jpg

flacko

Security Researcher

blockchain security research at @sentryxsec | in permanent beta (always learning)

Contact Me

High

Total

Medium

Total

$11.23K

Total Earnings

#567 All Time

15x

Payouts

1x

3rd Places

2x

Top 10

6x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Aug '25

solayer-bridge

120 USDC • 1 total finding • Cantina • flacko

#36

medium

Finding not yet public.

May '25

jigsaw-contracts

817.08 USDC • 1 total finding • Cantina • flacko

#19

high

Finding not yet public.

Apr '25

mezo-monorepo

1,629.15 USDC • 1 total finding • Cantina • flacko

high

Finding not yet public.

Feb '25

size-solidity

4,428.26 USDC • 1 total finding • Cantina • flacko

medium

Finding not yet public.

Pectra

500 USDC • Cantina • flacko

#13

Jan '25

daao-contracts

122.53 USDC • 4 total findings • Cantina • flacko

#32

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

Dec '24

story-protocol

2,830.53 USDC • 1 total finding • Cantina • flacko

#40

medium

Finding not yet public.

Apr '24

Zivoe

311.60 USDC • 2 total findings • Sherlock • flacko

#37

high

Tokens will be stuck in ZivoeRewards contracts because of precision loss when calculating reward rate

medium

Pushing assets to OCL ZVE locker would revert unnecessarily

Mar '24

Axis Finance

150.71 USDC • 2 total findings • Sherlock • flacko

#21

high

Malicious user can overtake a prefunded auction and steal the deposited funds

medium

Marginal price auction can be spammed with minimum bids so honest bidders funds are trapped

Dec '23

The Standard

22.14 USDC • 2 total findings • CodeHawks • flacko

#51

low

Removal of approved token from token manager can lead to unintended liquidation of vaults

low

Incorrectly set `version` for `SmartVaultV3` breaks off-chain integration

Oct '23

NextGen

1.53 USDC • 2 total findings • Code4rena • flacko

#104

high

Attacker can reenter to mint all the collection supply

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Sep '23

DittoETH

102.96 USDC • 1 total finding • CodeHawks • flacko

#33

high

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

Aug '23

Dopex

140.48 USDC • 1 total finding • Code4rena • flacko

#69

medium

reLP() mintokenAAmount the calculations are wrong.

Jul '23

Beedle - Oracle free perpetual lending

0.07 USDC • 2 total findings • CodeHawks • flacko

#224

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

medium

Single-step process for critical ownership transfer is risky

Jun '23

Llama

54.53 USDC • 1 total finding • Code4rena • flacko

#21

medium

It is not possible to execute actions that require ETH (or other protocol token)