https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/c0883a75-2d5c-455a-9b17-0cb7b5516f00.jpg

giovannidisiena

Security Researcher

Blockchain Engineer @CyfrinAudits 🌌 @Chainlink Developer Expert ⛓️ Owner @81kltd 🐸 BSc Physics @UniofBath 🔭🪐 Professional crowdsurfer 🏄🏼‍♂️

Contact Me

High

12

Total

Medium

12

Total

$3.80K

Total Earnings

#826 All Time

14x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

9x

Top 50

All

Sherlock

Code4rena

Aug '23

Good Entry

Good Entry

91.19 USDC • 1 total finding • Code4rena • giovannidisiena

#28

medium

User can steal refunded underlying tokens from `initRange` operation inside `RangeManager`

Jul '23

Amphora Protocol

Amphora Protocol

156.36 USDC • 1 total finding • Code4rena • giovannidisiena

#15

high

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

810.51 USDC • 2 total findings • Code4rena • giovannidisiena

#34

high

Removing a BribeFlywheel from a Gauge does not remove the reward asset from the rewards depo, making it impossible to add a new Flywheel with the same reward token

medium

Lack of slippage protection can lead to significant loss of user funds

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 3 total findings • Sherlock • giovannidisiena

#97

high

Incorrect price feed is used for `StableOracleWBTC`

high

Missing `onlyBalancer` modifier on `USSD::mintRebalancer` and `USSD::mintRebalancer` puts the entire system at risk

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '23

Teller

Teller

11.74 USDC • 2 total findings • Sherlock • giovannidisiena

#48

high

Callers can forcefully commit loan borrower's collateral for arbitrary `bidId`s

medium

Liquidations can be blocked for fee-on-transfer collateral tokens

Frankencoin

Frankencoin

1,629.57 USDC • 4 total findings • Code4rena • giovannidisiena

#8

high

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

medium

No slippage control when minting and redeeming FPS

medium

Manipulation of total share amount might cause future depositors to lose their assets

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Caviar Private Pools

Caviar Private Pools

153.53 USDC • 5 total findings • Code4rena • giovannidisiena

#34

high

Risk of silent overflow in reserves update

high

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

medium

Malicious royalty recipient can steal excess eth from buy orders

medium

`changeFeeQuote` will fail for low decimal ERC20 tokens

medium

Flash loan fee is incorrect in Private Pool contract

Mar '23

Asymmetry contest

Asymmetry contest

84.81 USDC • 2 total findings • Code4rena • giovannidisiena

#58

high

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

high

An attacker can manipulate the preDepositvePrice to steal from other users.

Jan '23

Popcorn contest

Popcorn contest

14.28 USDC • 1 total finding • Code4rena • giovannidisiena

#87

high

First vault depositor can steal other's assets

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

101.52 USDC • 1 total finding • Code4rena • giovannidisiena

#45

high

Attacker can gain control of counterfactual wallet

Sep '22

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • giovannidisiena

#21

Aug '22

Mimo August 2022 contest

Mimo August 2022 contest

615.91 USDC • 1 total finding • Code4rena • giovannidisiena

#16

medium

Malicious manipulation of gas reserve can deny access to MIMOProxy

Jul '22

Golom contest

Golom contest

35.17 USDC • Code4rena • giovannidisiena

#86

Fractional v2 contest

Fractional v2 contest

42.59 USDC • 1 total finding • Code4rena • giovannidisiena

#91

medium

Delegate call in `Vault#_execute` can alter Vault's ownership