https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/c3875045-e8f9-42be-bce4-08b1667b80ac.jpg

frndz0ne

Security Researcher

Web3 enthusiast

Contact Me

High

15

Total

Medium

10

Total

$1.60K

Total Earnings

#1172 All Time

10x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

6x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Jul '25

Cap

Cap

374.74 USDC • 1 total finding • Sherlock • frndz0ne

#15

medium

Insufficient Staker Reward Funding Causes Delayed Liquidations

May '25

jigsaw-contracts

jigsaw-contracts

154.83 USDC • 4 total findings • Cantina • frndz0ne

#39

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

alchemix-v3

alchemix-v3

127.86 USDC • 2 total findings • Cantina • frndz0ne

#52

high

Finding not yet public.

medium

Finding not yet public.

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • frndz0ne

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Feb '25

Core Contracts

Core Contracts

903.26 usdc • 14 total findings • CodeHawks • frndz0ne

#22

high

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

high

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

high

`BaseGauge` users can claim rewards without staking

high

Gauge period cannot be updated

high

Users can borrow more assets than they have deposited as collateral

high

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

high

Treasury Balance Tracking Bypass in FeeCollector

high

Future Stakers Gains More Rewards from Already Accumulated `rewardPerTokenStored` Causing Unfair Reward Distribution

medium

Gauge reward period can be extended indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

medium

When bad debt is accumulated the loss is not distributed amongst all suppliers leading to a huge loss for the last supplier to withdraw

Jan '25

Aave v3.3

Aave v3.3

7.44 USDC • Sherlock • frndz0ne

#113

Dec '24

SecondSwap

SecondSwap

0 USDC • 1 total finding • Code4rena • frndz0ne

#67

high

Users can claim more that their actual allotment

Nov '24

Telcoin Update #2

Telcoin Update #2

2.18 USDC • Sherlock • frndz0ne

#51

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

23.07 USDC • 1 total finding • Sherlock • frndz0ne

#22

high

Authentication issue will cause the inability of drawing a raffle winner and funds to get stuck in the incentive

Aug '24

Winnables Raffles

Winnables Raffles

3.36 USDC • 1 total finding • Sherlock • frndz0ne

#35

high

An attacker can block the creation of a raffle