https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

ggg_ttt_hhh

Security Researcher

Contact Me

High

21

Total

Medium

2

Solo

4

Total

$13.16K

Total Earnings

#479 All Time

6x

Payouts

bronze

1x

3rd Places

regular

5x

Top 10

regular

6x

Top 25

All

Sherlock

Code4rena

Hats Finance

May '25

LEND

LEND

687.23 USDC • 15 total findings • Sherlock • ggg_ttt_hhh

#5

high

A user will receive over-minted lTokens affecting supply accuracy

high

A supplier will receive incorrect LEND rewards due to reward index update after minting

high

Redeeming lTokens will underestimate borrow balances, allowing collateral withdrawal that violates protocol liquidity rules

high

Incorrect chain ID check causes cross-chain borrow data to be skipped, leading to liquidity errors

high

User will bypass borrow limits due to ignoring cross-chain debt

high

Protocol will lose unbounded LEND tokens due to missing reset after reward claim

high

User will over-leverage across chains as protocol accepts already-utilized collateral

high

Outdated borrowIndex will cause inaccurate debt tracking and protocol accounting errors when CrossChainBorrow

high

Cross-chain repayment will incorrectly update same-chain borrow state, causing protocol state inconsistency

high

Protocol will miscalculate seized collateral amount during cross-chain liquidation

high

Protocol will allow invalid liquidation due to incorrect borrow-collateral comparison logic

high

Cross-chain liquidation uses incorrect lToken address, preventing repayment and breaking liquidation flow

high

Seized Collateral Amount Incorrectly Used as Borrow Repayment in Cross-Chain Liquidation Success

high

Liquidator will steal collateral without repaying debt on cross-chain liquidation

medium

Liquidator will prematurely liquidate healthy users due to double-counted interest

Feb '24

Origami

Origami

1,100 DAI • 2 total findings • Hats • ggg_ttt_hhh

#7

medium

There may be a lesser amount of Aave aTokens than what is tracked in the OrigamiAaveV3BorrowAndLend.

medium

In some cases, the redemption process in the Repricing Token may be reverted.

Paladin

Paladin

9,500 PAL • Hats • ggg_ttt_hhh

bronze

Jan '24

Telcoin Platform Audit

Telcoin Platform Audit

371.15 USDC • 2 total findings • Sherlock • ggg_ttt_hhh

#6

high

The distribution of Telcoin among council members was not done correctly.

high

There is a misuse of indices input in the topUp function.

Nov '23

Nouns Builder

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • ggg_ttt_hhh

#5

high

Founders may receive fewer tokens than expected.

high

More rewards are being sent to the rewardsManager.

Oct '23

The Wildcat Protocol

The Wildcat Protocol

425.86 USDC • 4 total findings • Code4rena • ggg_ttt_hhh

#19

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last

high

Borrower can drain all funds of a sanctioned lender

medium

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range