Security Researcher
Security Researcher @GuardianAudits Multiple top placings in public audit contests Ex-Air Force Pilot 🚁
High
Total
Medium
Total
Total Earnings
#243 All Time
Payouts
2nd Places
3rd Places
Top 10
All
Sherlock
Code4rena
Cantina
Jul '24
Jun '24
Apr '24
Findings not publicly available for private contests.
Feb '24
high
TVL can be manipulated when withdrawals are triggered outside of Rio
high
queueCurrentEpochSettlement() does not advance current epoch leading to broken withdrawal accounting
high
Deposits may be front-run by malicious operator to steal ETH
medium
Attacker can deposit just before rewards are distributed and steal rewards
high
high
high
high
high
medium
medium
medium
medium
medium
medium
high
Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win
medium
NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)
medium
Fighter created by mintFromMergingPool can have arbitrary weight and element
Jan '24
medium
medium
medium
Nov '23
Mar '23