https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0b1f601a-b18a-40b0-bff2-bdc6becc5d55.jpeg

g

Lead Senior Watson

LSW @ Sherlock, Founding SR @ Blackthorn, 6x 1st places | Rust, Go, Solidity Expert

Contact Me

High

5

Solo

42

Total

Medium

8

Solo

32

Total

$150.66K

Total Earnings

#61 All Time

17x

Payouts

gold

5x

1st Places

silver

1x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

Mar '25

IOTA EVM

IOTA EVM

Collaborative Audit • Sherlock • g

Feb '25

SEDA Protocol

SEDA Protocol

47,011.09 USDC • 19 total findings • Sherlock • g

gold

high

Attacker can front-run Withdraw and steal the withdrawal

high

Memory leak when executing Tally VM

high

A jailed validator with no registered key blocks proving scheme activation

high

Malicious proposer can submit a request with large invalid transactions because of no mempool to bloat the block store

high

Any malicious validator can submit a vote extension with length < 65 bytes to crash validators

high

Tallying a Data Request with a wildcard expression in its consensus filter will store non-deterministic data and cause a chain halt

high

Attackers can flood validators with Commit/Reveal execution messages to delay blocks or DOS the node

high

Anyone can crash validators with a Tally VM program that panics the call_result_write import

high

`call_result_write` import can be exploited for unmetered execution and memory growth

high

WASI imports can be exploited for unmetered execution or unbounded memory growth

high

Anyone can pass any length to some Tally imports to inflate memory, induce OOM, and crash validators

high

A malicious validator can post arbitrary batches with just one signature

high

A request poster can set gas_price to 1 and pay minimal fees for a lot of gas and drain validators' resources

medium

A result can be censored by a request poster that submits a `payback_address` that can not accept ETH transfers

medium

Anyone can post a request with `gasPrice` of 0 to cause SEDA chain to halt

medium

Chain can deadlock due to no consensus because New Validators can not submit vote extensions

medium

Anyone can front-run the creation of a vesting account to block it

medium

Executors/Proxies can game the rewards system by using a pubkey that will be sorted first

medium

The outlier gets the reduced payout when there is consensus on errors

Jan '25

IOTA

IOTA

Collaborative Audit • Sherlock • g

Dec '24

Rain Solana

Rain Solana

Collaborative Audit • Sherlock • g

Oct '24

Orderly Solana Vault Contract

Orderly Solana Vault Contract

20,967.50 USDC • 3 total findings • Sherlock • g

gold

high

Anyone can call `lz_receive()` in SolanaVault to steal the withdrawn funds from the intended recipient

high

User can deposit any token in `SolanaVault` and get USDC in `SolConnector`

medium

Executor will attempt unordered execution of messages because ordered execution option is not set

Sep '24

WOOFi Swap on Solana

WOOFi Swap on Solana

21,503.15 USDC • 4 total findings • Sherlock • g

gold

high

Transfers from the rebate manager's token vault always fail due to lack of bump seed

high

Quote pools are expected to have same base token and quote token but this is not enforced in swaps

medium

Attacker can control rebate managers for supported tokens since there is only 1 rebate manager per quote token

medium

Rebate authority is unable to claim fee due to incorrect constraint not allowing rebate manager admin authority

Flayer

Flayer

1,239.89 USDC • 9 total findings • Sherlock • g

#12

high

Attacker can relist a floor item and cancel the listing to underflow `listingCount` and block collection shutdown execution

high

Voters can not recover their collection tokens after shutdown is canceled

high

Non-existent checkpoint index is used when creating Protected Listings

high

Borrowers can bypass interest payments and pay off principal until 0.06 ether remains

medium

Fee exemptions do not work since incorrect value is packed in `feeOverrides` storage

medium

Admin can not set the pool fee since it is only set in memory

medium

Swaps will revert or unnecessarily cancel due to a mismatched comparison of fTokens with ETH specified amount

medium

AMM beneficiary can not collect fees when beneficiary is a pool

medium

FTokens are burned after `quorumVotes` are recorded making a portion of the shares unclaimable

Aug '24

Axelar Network

Axelar Network

6,041.26 USDC • 2 total findings • Code4rena • gjaldon

bronze

high

Bridge requests to remote chains where interchain tokens are not deployed can result in DoS attacks

medium

Axelar cross chain token transfers balance tracking logic is completely broken for rebasing tokens and the transfers of these type of tokens can be exploited

Jul '24

Kwenta Staking Rewards Upgrade

Kwenta Staking Rewards Upgrade

6,500 USDC • 1 total finding • Sherlock • g

gold

medium

Attacker will prevent distribution of USDC to stakers through frequent reward updates

Jun '24

Andromeda – Validator Staking ADO and Vesting ADO

Andromeda – Validator Staking ADO and Vesting ADO

9,200.28 USDC • 6 total findings • Sherlock • g

gold

high

Minting and batch minting auth can be bypassed by anyone

medium

Limited users are allowed access when not strict but instead fail due to underflow

medium

Expired blacklisting leads to greater access

medium

Permission checks will unnecessarily consume Limited uses

medium

Valid VFS paths with usernames can always fail validation

medium

Calculating tax amount does not include taxes in `WasmMsg::Execute` messages

Apr '24

Renzo

Renzo

257.72 USDC • 3 total findings • Code4rena • gjaldon

#31

high

Incorrect withdraw queue balance in TVL calculation

high

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

high

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Feb '24

Rio Network

Rio Network

7,058.64 USDC • 5 total findings • Sherlock • g

#4

high

Increase in exchange rate between queueing and rebalancing can break withdrawals

high

Undelegating Operator can break withdrawals and lead to insolvency

high

Eigenlayer withdrawals brick future withdrawals due to no update of current epoch

high

Deactivating an operator with a validator cap will always revert

high

Inflated operator utilization when out-of-order exits are reported can block ETH allocations

Jan '24

Blast

Blast

7,890.7 USDC • 3 total findings • Cantina • gjaldon

#37

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Notional Update #5

Notional Update #5

4,190.68 USDC • 3 total findings • Sherlock • eol

bronze

high

`wfCashERC4626`

medium

`wfCashERC4626`

medium

`ExternalLending`

Aug '23

Dopex

Dopex

482.63 USDC • 5 total findings • Code4rena • gjaldon

#41

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

medium

reLP() mintokenAAmount the calculations are wrong.

medium

Can not withdraw RDPX if WETH withdrawn is zero

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

343.12 USDC • Code4rena • gjaldon

#36

Mar '23

Asymmetry contest

Asymmetry contest

94.45 USDC • 1 total finding • Code4rena • gjaldon

#52

high

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

zkSync Era System Contracts contest

zkSync Era System Contracts contest

2,079.11 USDC • Code4rena • gjaldon

#8

Feb '23

Ethos Reserve contest

Ethos Reserve contest

9,417.93 USDC • 2 total findings • Code4rena • gjaldon

#5

high

Rewards will be locked in LQTYStaking Contract

medium

DOS by directly transferring assets to Reaper Vault

Jan '23

Popcorn contest

Popcorn contest

6,380.37 USDC • 8 total findings • Code4rena • gjaldon

silver

high

First vault depositor can steal other's assets

high

Attacker can steal 99% of total balance from any reward token in any Staking contract

high

Attacker can deploys vaults with a malicious Staking contract

high

Staking rewards can be drained

high

Modifier VaultController._verifyCreatorOrOwner does not work as intented

medium

DOS any Staking contract with Arithmetic Overflow

medium

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

medium

Faulty Escrow config will lock up reward tokens in Staking contract